Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Release Notes
axios/axios (axios)
### [`v0.21.1`](https://togithub.com/axios/axios/releases/tag/v0.21.1)
[Compare Source](https://togithub.com/axios/axios/compare/v0.21.0...v0.21.1)
##### Fixes and Functionality:
- Hotfix: Prevent SSRF ([#3410](https://togithub.com/axios/axios/issues/3410))
- Protocol not parsed when setting proxy config from env vars ([#3070](https://togithub.com/axios/axios/issues/3070))
- Updating axios in types to be lower case ([#2797](https://togithub.com/axios/axios/issues/2797))
- Adding a type guard for `AxiosError` ([#2949](https://togithub.com/axios/axios/issues/2949))
##### Internal and Tests:
- Remove the skipping of the `socket` http test ([#3364](https://togithub.com/axios/axios/issues/3364))
- Use different socket for Win32 test ([#3375](https://togithub.com/axios/axios/issues/3375))
Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub:
- Daniel Lopretto
- Jason Kwok
- Jay
- Jonathan Foster
- Remco Haszing
- Xianming Zhong
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
0.21.0->0.21.1GitHub Vulnerability Alerts
CVE-2020-28168
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Release Notes
axios/axios (axios)
### [`v0.21.1`](https://togithub.com/axios/axios/releases/tag/v0.21.1) [Compare Source](https://togithub.com/axios/axios/compare/v0.21.0...v0.21.1) ##### Fixes and Functionality: - Hotfix: Prevent SSRF ([#3410](https://togithub.com/axios/axios/issues/3410)) - Protocol not parsed when setting proxy config from env vars ([#3070](https://togithub.com/axios/axios/issues/3070)) - Updating axios in types to be lower case ([#2797](https://togithub.com/axios/axios/issues/2797)) - Adding a type guard for `AxiosError` ([#2949](https://togithub.com/axios/axios/issues/2949)) ##### Internal and Tests: - Remove the skipping of the `socket` http test ([#3364](https://togithub.com/axios/axios/issues/3364)) - Use different socket for Win32 test ([#3375](https://togithub.com/axios/axios/issues/3375)) Huge thanks to everyone who contributed to this release via code (authors listed below) or via reviews and triaging on GitHub: - Daniel LoprettoConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.