search

ivangabriele / postgrester

Isomorphic PostgREST API Client for Javascript and Typescript.
Apache License 2.0
50 stars 7 forks source link

fix(deps): update dependency axios to v0.21.2 [security] - autoclosed #168

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 3 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 0.21.0 -> 0.21.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2020-28168

Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

CVE-2021-3749

axios is vulnerable to Inefficient Regular Expression Complexity

Release Notes

axios/axios ### [`v0.21.2`](https://togithub.com/axios/axios/blob/master/CHANGELOG.md#​0212-September-4-2021) [Compare Source](https://togithub.com/axios/axios/compare/v0.21.1...v0.21.2) Fixes and Functionality: - Updating axios requests to be delayed by pre-emptive promise creation ([#​2702](https://togithub.com/axios/axios/pull/2702)) - Adding "synchronous" and "runWhen" options to interceptors api ([#​2702](https://togithub.com/axios/axios/pull/2702)) - Updating of transformResponse ([#​3377](https://togithub.com/axios/axios/pull/3377)) - Adding ability to omit User-Agent header ([#​3703](https://togithub.com/axios/axios/pull/3703)) - Adding multiple JSON improvements ([#​3688](https://togithub.com/axios/axios/pull/3688), [#​3763](https://togithub.com/axios/axios/pull/3763)) - Fixing quadratic runtime and extra memory usage when setting a maxContentLength ([#​3738](https://togithub.com/axios/axios/pull/3738)) - Adding parseInt to config.timeout ([#​3781](https://togithub.com/axios/axios/pull/3781)) - Adding custom return type support to interceptor ([#​3783](https://togithub.com/axios/axios/pull/3783)) - Adding security fix for ReDoS vulnerability ([#​3980](https://togithub.com/axios/axios/pull/3980)) Internal and Tests: - Updating build dev dependancies ([#​3401](https://togithub.com/axios/axios/pull/3401)) - Fixing builds running on Travis CI ([#​3538](https://togithub.com/axios/axios/pull/3538)) - Updating follow rediect version ([#​3694](https://togithub.com/axios/axios/pull/3694), [#​3771](https://togithub.com/axios/axios/pull/3771)) - Updating karma sauce launcher to fix failing sauce tests ([#​3712](https://togithub.com/axios/axios/pull/3712), [#​3717](https://togithub.com/axios/axios/pull/3717)) - Updating content-type header for application/json to not contain charset field, according do RFC 8259 ([#​2154](https://togithub.com/axios/axios/pull/2154)) - Fixing tests by bumping karma-sauce-launcher version ([#​3813](https://togithub.com/axios/axios/pull/3813)) - Changing testing process from Travis CI to GitHub Actions ([#​3938](https://togithub.com/axios/axios/pull/3938)) Documentation: - Updating documentation around the use of `AUTH_TOKEN` with multiple domain endpoints ([#​3539](https://togithub.com/axios/axios/pull/3539)) - Remove duplication of item in changelog ([#​3523](https://togithub.com/axios/axios/pull/3523)) - Fixing gramatical errors ([#​2642](https://togithub.com/axios/axios/pull/2642)) - Fixing spelling error ([#​3567](https://togithub.com/axios/axios/pull/3567)) - Moving gitpod metion ([#​2637](https://togithub.com/axios/axios/pull/2637)) - Adding new axios documentation website link ([#​3681](https://togithub.com/axios/axios/pull/3681), [#​3707](https://togithub.com/axios/axios/pull/3707)) - Updating documentation around dispatching requests ([#​3772](https://togithub.com/axios/axios/pull/3772)) - Adding documentation for the type guard isAxiosError ([#​3767](https://togithub.com/axios/axios/pull/3767)) - Adding explanation of cancel token ([#​3803](https://togithub.com/axios/axios/pull/3803)) - Updating CI status badge ([#​3953](https://togithub.com/axios/axios/pull/3953)) - Fixing errors with JSON documentation ([#​3936](https://togithub.com/axios/axios/pull/3936)) - Fixing README typo under Request Config ([#​3825](https://togithub.com/axios/axios/pull/3825)) - Adding axios-multi-api to the ecosystem file ([#​3817](https://togithub.com/axios/axios/pull/3817)) - Adding SECURITY.md to properly disclose security vulnerabilities ([#​3981](https://togithub.com/axios/axios/pull/3981)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - [Jay](mailto:jasonsaayman@gmail.com) - [Sasha Korotkov](https://togithub.com/SashaKoro) - [Daniel Lopretto](https://togithub.com/timemachine3030) - [Mike Bishop](https://togithub.com/MikeBishop) - [Dmitriy Mozgovoy](https://togithub.com/DigitalBrainJS) - [Mark](https://togithub.com/bimbiltu) - [Philipe Gouveia Paixão](https://togithub.com/piiih) - [hippo](https://togithub.com/hippo2cat) - [ready-research](https://togithub.com/ready-research) - [Xianming Zhong](https://togithub.com/chinesedfan) - [Christopher Chrapka](https://togithub.com/OJezu) - [Brian Anglin](https://togithub.com/anglinb) - [Kohta Ito](https://togithub.com/koh110) - [Ali Clark](https://togithub.com/aliclark) - [caikan](https://togithub.com/caikan) - [Elina Gorshkova](https://togithub.com/elinagorshkova) - [Ryota Ikezawa](https://togithub.com/paveg) - [Nisar Hassan Naqvi](https://togithub.com/nisarhassan12) - [Jake](https://togithub.com/codemaster138) - [TagawaHirotaka](https://togithub.com/wafuwafu13) - [Johannes Jarbratt](https://togithub.com/johachi) - [Mo Sattler](https://togithub.com/MoSattler) - [Sam Carlton](https://togithub.com/ThatGuySam) - [Matt Czapliński](https://togithub.com/MattCCC) - [Ziding Zhang](https://togithub.com/zidingz) ### [`v0.21.1`](https://togithub.com/axios/axios/blob/master/CHANGELOG.md#​0211-December-21-2020) [Compare Source](https://togithub.com/axios/axios/compare/v0.21.0...v0.21.1) Fixes and Functionality: - Hotfix: Prevent SSRF ([#​3410](https://togithub.com/axios/axios/pull/3410)) - Protocol not parsed when setting proxy config from env vars ([#​3070](https://togithub.com/axios/axios/pull/3070)) - Updating axios in types to be lower case ([#​2797](https://togithub.com/axios/axios/pull/2797)) - Adding a type guard for `AxiosError` ([#​2949](https://togithub.com/axios/axios/pull/2949)) Internal and Tests: - Remove the skipping of the `socket` http test ([#​3364](https://togithub.com/axios/axios/pull/3364)) - Use different socket for Win32 test ([#​3375](https://togithub.com/axios/axios/pull/3375)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - Daniel Lopretto - Jason Kwok - Jay - Jonathan Foster - Remco Haszing - Xianming Zhong

Configuration

📅 Schedule: "" in timezone Europe/Paris.

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by WhiteSource Renovate. View repository job log here.