search

ecyrbe / zodios

typescript http client and server with zod validation
https://www.zodios.org/
MIT License
1.59k stars 44 forks source link

chore(deps): update dependency axios to v1.6.0 [security] #560

Closed renovate[bot] closed 5 months ago

renovate[bot] commented 7 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 1.5.1 -> 1.6.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

Release Notes

axios/axios (axios) ### [`v1.6.0`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#160-2023-10-26) [Compare Source](https://togithub.com/axios/axios/compare/v1.5.1...v1.6.0) ##### Bug Fixes - **CSRF:** fixed CSRF vulnerability CVE-2023-45857 ([#​6028](https://togithub.com/axios/axios/issues/6028)) ([96ee232](https://togithub.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0)) - **dns:** fixed lookup function decorator to work properly in node v20; ([#​6011](https://togithub.com/axios/axios/issues/6011)) ([5aaff53](https://togithub.com/axios/axios/commit/5aaff532a6b820bb9ab6a8cd0f77131b47e2adb8)) - **types:** fix AxiosHeaders types; ([#​5931](https://togithub.com/axios/axios/issues/5931)) ([a1c8ad0](https://togithub.com/axios/axios/commit/a1c8ad008b3c13d53e135bbd0862587fb9d3fc09)) ##### PRs - CVE 2023 45857 ( [#​6028](https://api.github.com/repos/axios/axios/pulls/6028) ) ``` ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 ``` ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+449/-114 (#​6032 #​6021 #​6011 #​5932 #​5931 )") - avatar [Valentin Panov](https://togithub.com/valentin-panov "+4/-4 (#​6028 )") - avatar [Rinku Chaudhari](https://togithub.com/therealrinku "+1/-1 (#​5889 )") #### [1.5.1](https://togithub.com/axios/axios/compare/v1.5.0...v1.5.1) (2023-09-26) ##### Bug Fixes - **adapters:** improved adapters loading logic to have clear error messages; ([#​5919](https://togithub.com/axios/axios/issues/5919)) ([e410779](https://togithub.com/axios/axios/commit/e4107797a7a1376f6209fbecfbbce73d3faa7859)) - **formdata:** fixed automatic addition of the `Content-Type` header for FormData in non-browser environments; ([#​5917](https://togithub.com/axios/axios/issues/5917)) ([bc9af51](https://togithub.com/axios/axios/commit/bc9af51b1886d1b3529617702f2a21a6c0ed5d92)) - **headers:** allow `content-encoding` header to handle case-insensitive values ([#​5890](https://togithub.com/axios/axios/issues/5890)) ([#​5892](https://togithub.com/axios/axios/issues/5892)) ([4c89f25](https://togithub.com/axios/axios/commit/4c89f25196525e90a6e75eda9cb31ae0a2e18acd)) - **types:** removed duplicated code ([9e62056](https://togithub.com/axios/axios/commit/9e6205630e1c9cf863adf141c0edb9e6d8d4b149)) ##### Contributors to this release - avatar [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS "+89/-18 (#​5919 #​5917 )") - avatar [David Dallas](https://togithub.com/DavidJDallas "+11/-5 ()") - avatar [Sean Sattler](https://togithub.com/fb-sean "+2/-8 ()") - avatar [Mustafa Ateş Uzun](https://togithub.com/0o001 "+4/-4 ()") - avatar [Przemyslaw Motacki](https://togithub.com/sfc-gh-pmotacki "+2/-1 (#​5892 )") - avatar [Michael Di Prisco](https://togithub.com/Cadienvan "+1/-1 ()") ##### PRs - CVE 2023 45857 ( [#​6028](https://api.github.com/repos/axios/axios/pulls/6028) ) ``` ⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459 ```

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

stale[bot] commented 5 months ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

renovate[bot] commented 5 months ago

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (1.6.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.