chnirt / nestjs-graphql-best-practice

NestJS (Express + TypeORM + GraphQL + MongoDB) codebase containing real world examples (CRUD, auth, advanced patterns, etc).
https://github.com/chnirt/nestjs-graphql-best-practice
MIT License
1.29k stars 249 forks source link

[Snyk] Security upgrade axios from 0.19.2 to 0.20.0 #398

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: axios The new version differs by 58 commits.
  • 0d87655 Releasing 0.20.0
  • cd27741 Updating changelog for 0.20.0 release
  • ffea034 Releasing 0.20.0-0
  • fe147fb Updating changlog for 0.20.0 beta release
  • 16aa2ce Fixing response with utf-8 BOM can not parse to json (#2419)
  • c4300a8 Adding support for URLSearchParams in node (#1900)
  • bed6783 add table of content (preview) (#3050)
  • c70fab9 Fix stale bot config (#3049)
  • 5b08fc4 Add days and change name to work (#3035)
  • 1768c23 Update close-issues.yml (#3031)
  • 3dbf6a1 Add GitHub actions to close stale issues/prs (#3029)
  • a9010e4 Add GitHub actions to close invalid issues (#3022)
  • 36f0ad2 Replace 'blacklist' with 'blocklist' (#3006)
  • 0d69a79 Refactor mergeConfig without utils.deepMerge (#2844)
  • 4879416 Allow unsetting headers by passing null (#382) (#1845)
  • 4b3947a Add test with Node.js 12 (#2860)
  • 0077205 Adding console log on sandbox server startup (#2210)
  • ee46dff docs(): Detailed config options environment. (#2088)
  • 17a6886 Include axios-data-unpacker in ECOSYSTEM.md (#2080)
  • 3f2ef03 Allow opening examples in Gitpod (#1958)
  • f3cc053 Fixing overwrite Blob/File type as Content-Type in browser. (#1773)
  • f2b478f Revert "Fixing default transformRequest with buffer pools (#1511)" (#2982)
  • d35b5b5 Remove axios.all() and axios.spread() from Readme.md (#2727)
  • 6d36dbe Update README.md (#2887)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic