Closed dependabot[bot] closed 7 months ago
It looks like you are reviewing a Dependabot upgrade PR! 🛠️ That’s great! Keeping our packages up to date to fix security issues in our stack is super important. Team Application Security wants to help make this process as easy and low friction as possible while still moving at pace.
We aim to merge Dependabot PRs within the below timeframes. The objectives are based on the severity of the security vulnerability we are mitigating with the upgrade:
Severity | Target Merge (days) |
---|---|
CRITICAL | 7 days |
HIGH | 14 days |
MEDIUM | 30 days |
LOW | 90 days |
🎯 Target merge date for this PR: 24/11/2023 🎯
FAQ
CRITICAL
alerts.
dependabot-refactor-required
label to this PR and ping #ask-security for further advice.
@colmdoyle any idea when this might get looked at? It's showing up in our customers vulnerability scans and our own reporting.
@colmdoyle thanks for the attention on this! When should we expect the npm release containing this PR?
Fixes intercom/intercom#310578. Bumps axios from 0.24.0 to 1.6.0.
Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
f7adacd
chore(release): v1.6.0 (#6031)9917e67
chore(ci): fix release-it arg; (#6032)96ee232
fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)7d45ab2
chore(tests): fixed tests to pass in node v19 and v20 withkeep-alive
enabl...5aaff53
fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)a48a63a
chore(docs): added AxiosHeaders docs; (#5932)a1c8ad0
fix(types): fix AxiosHeaders types; (#5931)2ac731d
chore(docs): update readme.md (#5889)88fb52b
chore(release): v1.5.1 (#5920)e410779
fix(adapters): improved adapters loading logic to have clear error messages; ...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show