search

bcgov / quickstart-openshift-backends

Pluggable backends for Go, Java and Python. Can be consumed by bcgov/quickstart-openshift.
Apache License 2.0
3 stars 1 forks source link

chore(deps): [Snyk] Upgrade axios from 1.6.4 to 1.6.8 #140

Closed bcgov-devops closed 7 months ago

bcgov-devops commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade axios from 1.6.4 to 1.6.8.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **4 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2024-03-15. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-6444610](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610) | **159/1000**
**Why?** Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 41, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: axios from axios GitHub release notes
Commit messages
Package name: axios
  • ab3f0f9 chore(release): v1.6.8 (#6303)
  • 2656612 fix(AxiosHeaders): fix AxiosHeaders conversion to an object during config merging (#6243)
  • 7320430 fix(import): use named export for EventEmitter;
  • 8786e0f fix(vulnerability): update follow-redirects to 1.15.6 (#6300)
  • d844227 chore: update and bump deps (#6238)
  • caa0625 docs: update README responseEncoding types (#6194)
  • 41c4584 docs: Update README.md to point to current axios version in CDN links (#6196)
  • bf6974f chore(ci): add npm tag action; (#6231)
  • a52e4d9 chore(release): v1.6.7 (#6204)
  • 2b69888 chore: remove unnecessary check (#6186)
  • 1a08f90 fix: capture async stack only for rejections with native error objects; (#6203)
  • 104aa3f chore(release): v1.6.6 (#6199)
  • a1938ff fix: fixed missed dispatchBeforeRedirect argument (#5778)
  • 123f354 fix: wrap errors to improve async stack trace (#5987)
  • 6d4c421 chore(release): v1.6.5 (#6177)
  • 0736f95 fix(ci): refactor notify action as a job of publish action; (#6176)
  • f4f2b03 fix(dns): fixed lookup error handling; (#6175)
  • 1f73dcb docs: update sponsor links
Compare
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/bcgov/project/c925e0fd-67b0-409c-975b-edbad7aaf1de?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/bcgov/project/c925e0fd-67b0-409c-975b-edbad7aaf1de/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/bcgov/project/c925e0fd-67b0-409c-975b-edbad7aaf1de/settings/integration?pkg=axios&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) --- Thanks for the PR! Deployments, as required, will be available below: - [Java](https://quickstart-openshift-backends-140-backendJava.apps.silver.devops.gov.bc.ca) - [Py](https://quickstart-openshift-backends-140-backendPy.apps.silver.devops.gov.bc.ca) - [Go](https://quickstart-openshift-backends-140-backendGo.apps.silver.devops.gov.bc.ca) Please create PRs in draft mode. Mark as ready to enable: - [Analysis Workflow](https://github.com/bcgov/quickstart-openshift-backends/actions/workflows/analysis.yml) After merge, new images are deployed in: - [Merge Workflow](https://github.com/bcgov/quickstart-openshift-backends/actions/workflows/merge.yml)