search

bcgov / nr-rfc-alertauthoring

a tool to help create structured data for River Forecast Centre alert feeds
Apache License 2.0
1 stars 0 forks source link

fix(deps): update dependency axios to v1.7.4 [security] #132

Closed renovate[bot] closed 3 months ago

renovate[bot] commented 3 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 1.6.2 -> 1.7.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Release Notes

axios/axios (axios) ### [`v1.7.4`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#174-2024-08-13) [Compare Source](https://togithub.com/axios/axios/compare/v1.7.3...v1.7.4) ##### Bug Fixes - **sec:** CVE-2024-39338 ([#​6539](https://togithub.com/axios/axios/issues/6539)) ([#​6543](https://togithub.com/axios/axios/issues/6543)) ([6b6b605](https://togithub.com/axios/axios/commit/6b6b605eaf73852fb2dae033f1e786155959de3a)) - **sec:** disregard protocol-relative URL to remediate SSRF ([#​6539](https://togithub.com/axios/axios/issues/6539)) ([07a661a](https://togithub.com/axios/axios/commit/07a661a2a6b9092c4aa640dcc7f724ec5e65bdda)) ##### Contributors to this release - avatar [Lev Pachmanov](https://togithub.com/levpachmanov "+47/-11 (#​6543 )") - avatar [Đỗ Trọng Hải](https://togithub.com/hainenber "+49/-4 (#​6539 )") ### [`v1.7.3`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#173-2024-08-01) [Compare Source](https://togithub.com/axios/axios/compare/v1.7.2...v1.7.3) ##### Bug Fixes - **adapter:** fix progress event emitting; ([#​6518](https://togithub.com/axios/axios/issues/6518)) ([e3c76fc](https://togithub.com/axios/axios/commit/e3c76fc9bdd03aa4d98afaf211df943e2031453f)) - **fetch:** fix withCredentials request config ([#​6505](https://togithub.com/axios/axios/issues/6505)) ([85d4d0e](https://togithub.com/axios/axios/commit/85d4d0ea0aae91082f04e303dec46510d1b4e787)) - **xhr:** return original config on errors from XHR adapter ([#​6515](https://togithub.com/axios/axios/issues/6515)) ([8966ee7](https://togithub.com/axios/axios/commit/8966ee7ea62ecbd6cfb39a905939bcdab5cf6388)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+211/-159 (#​6518 #​6519 )") - avatar [Valerii Sidorenko](https://togithub.com/ValeraS "+3/-3 (#​6515 )") - avatar [prianYu](https://togithub.com/prianyu "+2/-2 (#​6505 )") ### [`v1.7.2`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#172-2024-05-21) [Compare Source](https://togithub.com/axios/axios/compare/v1.7.1...v1.7.2) ##### Bug Fixes - **fetch:** enhance fetch API detection; ([#​6413](https://togithub.com/axios/axios/issues/6413)) ([4f79aef](https://togithub.com/axios/axios/commit/4f79aef81b7c4644328365bfc33acf0a9ef595bc)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+3/-3 (#​6413 )") ### [`v1.7.1`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#171-2024-05-20) [Compare Source](https://togithub.com/axios/axios/compare/v1.7.0...v1.7.1) ##### Bug Fixes - **fetch:** fixed ReferenceError issue when TextEncoder is not available in the environment; ([#​6410](https://togithub.com/axios/axios/issues/6410)) ([733f15f](https://togithub.com/axios/axios/commit/733f15fe5bd2d67e1fadaee82e7913b70d45dc5e)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+14/-9 (#​6410 )") ### [`v1.7.0`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#170-2024-05-19) [Compare Source](https://togithub.com/axios/axios/compare/v1.6.8...v1.7.0) ##### Features - **adapter:** add fetch adapter; ([#​6371](https://togithub.com/axios/axios/issues/6371)) ([a3ff99b](https://togithub.com/axios/axios/commit/a3ff99b59d8ec2ab5dd049e68c043617a4072e42)) ##### Bug Fixes - **core/axios:** handle un-writable error stack ([#​6362](https://togithub.com/axios/axios/issues/6362)) ([81e0455](https://togithub.com/axios/axios/commit/81e0455b7b57fbaf2be16a73ebe0e6591cc6d8f9)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+1015/-127 (#​6371 )") - avatar [Jay](https://togithub.com/jasonsaayman "+30/-14 ()") - avatar [Alexandre ABRIOUX](https://togithub.com/alexandre-abrioux "+56/-6 (#​6362 )") ### [`v1.6.8`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#168-2024-03-15) [Compare Source](https://togithub.com/axios/axios/compare/v1.6.7...v1.6.8) ##### Bug Fixes - **AxiosHeaders:** fix AxiosHeaders conversion to an object during config merging ([#​6243](https://togithub.com/axios/axios/issues/6243)) ([2656612](https://togithub.com/axios/axios/commit/2656612bc10fe2757e9832b708ed773ab340b5cb)) - **import:** use named export for EventEmitter; ([7320430](https://togithub.com/axios/axios/commit/7320430aef2e1ba2b89488a0eaf42681165498b1)) - **vulnerability:** update follow-redirects to 1.15.6 ([#​6300](https://togithub.com/axios/axios/issues/6300)) ([8786e0f](https://togithub.com/axios/axios/commit/8786e0ff55a8c68d4ca989801ad26df924042e27)) ##### Contributors to this release - avatar [Jay](https://togithub.com/jasonsaayman "+4572/-3446 (#​6238 )") - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+30/-0 (#​6231 )") - avatar [Mitchell](https://togithub.com/Creaous "+9/-9 (#​6300 )") - avatar [Emmanuel](https://togithub.com/mannoeu "+2/-2 (#​6196 )") - avatar [Lucas Keller](https://togithub.com/ljkeller "+3/-0 (#​6194 )") - avatar [Aditya Mogili](https://togithub.com/ADITYA-176 "+1/-1 ()") - avatar [Miroslav Petrov](https://togithub.com/petrovmiroslav "+1/-1 (#​6243 )") ### [`v1.6.7`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#167-2024-01-25) [Compare Source](https://togithub.com/axios/axios/compare/v1.6.6...v1.6.7) ##### Bug Fixes - capture async stack only for rejections with native error objects; ([#​6203](https://togithub.com/axios/axios/issues/6203)) ([1a08f90](https://togithub.com/axios/axios/commit/1a08f90f402336e4d00e9ee82f211c6adb1640b0)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+30/-26 (#​6203 )") - avatar [zhoulixiang](https://togithub.com/zh-lx "+0/-3 (#​6186 )") ### [`v1.6.6`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#166-2024-01-24) [Compare Source](https://togithub.com/axios/axios/compare/v1.6.5...v1.6.6) ##### Bug Fixes - fixed missed dispatchBeforeRedirect argument ([#​5778](https://togithub.com/axios/axios/issues/5778)) ([a1938ff](https://togithub.com/axios/axios/commit/a1938ff073fcb0f89011f001dfbc1fa1dc995e39)) - wrap errors to improve async stack trace ([#​5987](https://togithub.com/axios/axios/issues/5987)) ([123f354](https://togithub.com/axios/axios/commit/123f354b920f154a209ea99f76b7b2ef3d9ebbab)) ##### Contributors to this release - avatar [Ilya Priven](https://togithub.com/ikonst "+91/-8 (#​5987 )") - avatar [Zao Soula](https://togithub.com/zaosoula "+6/-6 (#​5778 )") ### [`v1.6.5`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#165-2024-01-05) [Compare Source](https://togithub.com/axios/axios/compare/v1.6.4...v1.6.5) ##### Bug Fixes - **ci:** refactor notify action as a job of publish action; ([#​6176](https://togithub.com/axios/axios/issues/6176)) ([0736f95](https://togithub.com/axios/axios/commit/0736f95ce8776366dc9ca569f49ba505feb6373c)) - **dns:** fixed lookup error handling; ([#​6175](https://togithub.com/axios/axios/issues/6175)) ([f4f2b03](https://togithub.com/axios/axios/commit/f4f2b039dd38eb4829e8583caede4ed6d2dd59be)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+41/-6 (#​6176 #​6175 )") - avatar [Jay](https://togithub.com/jasonsaayman "+6/-1 ()") ### [`v1.6.4`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#164-2024-01-03) [Compare Source](https://togithub.com/axios/axios/compare/v1.6.3...v1.6.4) ##### Bug Fixes - **security:** fixed formToJSON prototype pollution vulnerability; ([#​6167](https://togithub.com/axios/axios/issues/6167)) ([3c0c11c](https://togithub.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e)) - **security:** fixed security vulnerability in follow-redirects ([#​6163](https://togithub.com/axios/axios/issues/6163)) ([75af1cd](https://togithub.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8)) ##### Contributors to this release - avatar [Jay](https://togithub.com/jasonsaayman "+34/-6 ()") - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+34/-3 (#​6172 #​6167 )") - avatar [Guy Nesher](https://togithub.com/gnesher "+10/-10 (#​6163 )") ### [`v1.6.3`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#163-2023-12-26) [Compare Source](https://togithub.com/axios/axios/compare/v1.6.2...v1.6.3) ##### Bug Fixes - Regular Expression Denial of Service (ReDoS) ([#​6132](https://togithub.com/axios/axios/issues/6132)) ([5e7ad38](https://togithub.com/axios/axios/commit/5e7ad38fb0f819fceb19fb2ee5d5d38f56aa837d)) ##### Contributors to this release - avatar [Jay](https://togithub.com/jasonsaayman "+15/-6 (#​6145 )") - avatar [Willian Agostini](https://togithub.com/WillianAgostini "+17/-2 (#​6132 )") - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+3/-0 (#​6084 )")

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.

Thanks for the PR!

Deployments, as required, will be available below:

Please create PRs in draft mode. Mark as ready to enable:

After merge, new images are deployed in: