Closed depfu[bot] closed 2 months ago
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/axios@1.7.5 | network | 0 |
2.12 MB | jasonsaayman |
npm/follow-redirects@1.15.6 | network | 0 |
29.4 kB | rubenverborgh |
🚮 Removed packages: npm/axios@0.27.2), npm/follow-redirects@1.15.2)
Closed in favor of #3245.
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ axios (0.27.2 → 1.7.5) · Repo · Changelog
Security Advisories 🚨
🚨 Server-Side Request Forgery in axios
🚨 Axios Cross-Site Request Forgery Vulnerability
🚨 Axios Cross-Site Request Forgery Vulnerability
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands