Closed renovate[bot] closed 2 years ago
SUBJECT: axios 0.8.1 - 0.27.2 Severity: moderate Axios Cross-Site Request Forgery Vulnerability
Greetings, I will copy and paste below my terminal's message after installing this package directly from the npm page:
C:['my-path']> npm i @nuxtjs/auth-next
added 41 packages, and audited 1000 packages in 8s
182 packages are looking for funding
run npm fund
for details
3 moderate severity vulnerabilities
To address issues that do not require attention, run: npm audit fix
Some issues need review, and may require choosing a different dependency.
Run npm audit
for details.
npm audit
npm audit report
axios 0.8.1 - 0.27.2
Severity: moderate
Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
fix available via npm audit fix --force
Will install undefined@undefined, which is a breaking change
node_modules/@nuxtjs/auth-next/node_modules/axios
node_modules/@nuxtjs/axios/node_modules/axios
@nuxtjs/auth-next
Depends on vulnerable versions of @nuxtjs/axios
Depends on vulnerable versions of axios
node_modules/@nuxtjs/auth-next
@nuxtjs/axios
Depends on vulnerable versions of axios
node_modules/@nuxtjs/axios
3 moderate severity vulnerabilities
Sorry. Didn't see this first: https://github.com/nuxt-community/auth-module/issues/893#issue-756320103
This PR contains the following updates:
^7.16.12
->^7.17.8
^7.15.1
->^7.17.0
^7.19.4
->^7.20.0
^27.4.0
->^27.4.1
^16.11.22
->^16.11.26
^5.4.4
->^5.4.5
^0.25.0
->^0.26.1
^27.4.6
->^27.5.1
^1.19.1
->^1.19.2
^0.4.1
->^0.4.2
^8.8.0
->^8.12.0
^8.3.0
->^8.5.0
^4.17.2
->^4.17.3
^6.1.0
->^6.1.1
^27.4.7
->^27.5.1
^1.12.15
->^1.13.0
^1.18.1
->^1.20.1
^2.5.1
->^2.6.1
^27.1.3
->^27.1.4
^4.5.5
->^4.6.3
Release Notes
axios/axios
### [`v0.26.1`](https://togithub.com/axios/axios/releases/v0.26.1) [Compare Source](https://togithub.com/axios/axios/compare/v0.26.0...v0.26.1) ##### 0.26.1 (March 9, 2022) Fixes and Functionality: - Refactored project file structure to avoid circular imports ([#4220](https://togithub.com/axios/axios/pull/4220)) ### [`v0.26.0`](https://togithub.com/axios/axios/blob/HEAD/CHANGELOG.md#0260-February-13-2022) [Compare Source](https://togithub.com/axios/axios/compare/v0.25.0...v0.26.0) Fixes and Functionality: - Fixed The timeoutErrorMessage property in config not work with Node.js ([#3581](https://togithub.com/axios/axios/pull/3581)) - Added errors to be displayed when the query parsing process itself fails ([#3961](https://togithub.com/axios/axios/pull/3961)) - Fix/remove url required ([#4426](https://togithub.com/axios/axios/pull/4426)) - Update follow-redirects dependency due to Vurnerbility ([#4462](https://togithub.com/axios/axios/pull/4462)) - Bump karma from 6.3.11 to 6.3.14 ([#4461](https://togithub.com/axios/axios/pull/4461)) - Bump follow-redirects from 1.14.7 to 1.14.8 ([#4473](https://togithub.com/axios/axios/pull/4473))eslint/eslint
### [`v8.12.0`](https://togithub.com/eslint/eslint/releases/v8.12.0) [Compare Source](https://togithub.com/eslint/eslint/compare/v8.11.0...v8.12.0) #### Features - [`685a67a`](https://togithub.com/eslint/eslint/commit/685a67a62bdea19ca9ce12008a034b8d31162422) feat: fix logic for top-level `this` in no-invalid-this and no-eval ([#15712](https://togithub.com/eslint/eslint/issues/15712)) (Milos Djermanovic) #### Chores - [`18f5e05`](https://togithub.com/eslint/eslint/commit/18f5e05bce10503186989d81ca484abb185a2c9d) chore: padding-line-between-statements remove useless `additionalItems` ([#15706](https://togithub.com/eslint/eslint/issues/15706)) (Martin Sadovy)Microsoft/playwright
### [`v1.20.1`](https://togithub.com/Microsoft/playwright/releases/v1.20.1) [Compare Source](https://togithub.com/Microsoft/playwright/compare/v1.20.0...v1.20.1) #### Highlights This patch includes the following bug fixes: [https://github.com/microsoft/playwright/issues/12711](https://togithub.com/microsoft/playwright/issues/12711) - \[REGRESSION] Page.screenshot hangs on some sites[https://github.com/microsoft/playwright/issues/12807](https://togithub.com/microsoft/playwright/issues/12807)7 - \[BUG] Cookies get assigned before fulfilling a respons[https://github.com/microsoft/playwright/issues/12814](https://togithub.com/microsoft/playwright/issues/12814)14 - \[Question] how to use expect.any in playwrig[https://github.com/microsoft/playwright/issues/12821](https://togithub.com/microsoft/playwright/issues/12821)821 - \[BUG] Chromium: Cannot click, element intercepts pointer eve[https://github.com/microsoft/playwright/issues/12836](https://togithub.com/microsoft/playwright/issues/12836)2836 - \[REGRESSION]: Tests not detected as ES module in v[https://github.com/microsoft/playwright/issues/12862](https://togithub.com/microsoft/playwright/issues/12862)12862 - \[Feature] Allow to use toMatchSnapshot for file formats other than txt (e.g.[https://github.com/microsoft/playwright/issues/12887](https://togithub.com/microsoft/playwright/issues/12887)/12887 - \[BUG] Locator.count() with \_vue selector wit[https://github.com/microsoft/playwright/issues/12940](https://togithub.com/microsoft/playwright/issues/12940)es/12940 - \[BUG] npm audit - High Severity vulnerability in json5 package forcing to install Playwrigh[https://github.com/microsoft/playwright/issues/12974](https://togithub.com/microsoft/playwright/issues/12974)ues/12974 - \[BUG] Regression - chromium browser closes during test or debugging session on macos #### Browser Versions - Chromium 101.0.4921.0 - Mozilla Firefox 97.0.1 - WebKit 15.4 This version was also tested against the following stable channels: - Google Chrome 99 - Microsoft Edge 99prettier/prettier
### [`v2.6.1`](https://togithub.com/prettier/prettier/blob/HEAD/CHANGELOG.md#261) [Compare Source](https://togithub.com/prettier/prettier/compare/2.6.0...2.6.1) [diff](https://togithub.com/prettier/prettier/compare/2.6.0...2.6.1) ##### Ignore `loglevel` when printing information ([#12477](https://togithub.com/prettier/prettier/pull/12477) by [@fisker](https://togithub.com/fisker)) ```bash ```kulshekhar/ts-jest
### [`v27.1.4`](https://togithub.com/kulshekhar/ts-jest/blob/HEAD/CHANGELOG.md#2714-httpsgithubcomkulshekharts-jestcomparev2713v2714-2022-03-24) [Compare Source](https://togithub.com/kulshekhar/ts-jest/compare/v27.1.3...v27.1.4) ##### Bug Fixes - **compiler:** revert [#3194](https://togithub.com/kulshekhar/ts-jest/issues/3194) ([#3362](https://togithub.com/kulshekhar/ts-jest/issues/3362)) ([2b7dffe](https://togithub.com/kulshekhar/ts-jest/commit/2b7dffeac940f779922c43cefba3f741a3911b49)), closes [#3272](https://togithub.com/kulshekhar/ts-jest/issues/3272) - remove `esbuild` from peer dependency ([#3360](https://togithub.com/kulshekhar/ts-jest/issues/3360)) ([8c8c1ca](https://togithub.com/kulshekhar/ts-jest/commit/8c8c1ca615b1edeedc9f4282557c28e82acee543)), closes [#3346](https://togithub.com/kulshekhar/ts-jest/issues/3346) - support Babel config file with `.cjs` extension ([#3361](https://togithub.com/kulshekhar/ts-jest/issues/3361)) ([5e5ac4a](https://togithub.com/kulshekhar/ts-jest/commit/5e5ac4ac286bdcce157d0bdc31f3a57202fdbdfe)), closes [#3335](https://togithub.com/kulshekhar/ts-jest/issues/3335)Microsoft/TypeScript
### [`v4.6.3`](https://togithub.com/Microsoft/TypeScript/releases/v4.6.3) [Compare Source](https://togithub.com/Microsoft/TypeScript/compare/v4.6.2...v4.6.3) This release includes fixes for - [an incremental parsing bug caused by faulty error recovery logic](https://togithub.com/microsoft/TypeScript/issues/47895) - [improved results from the TypeScript API's `preProcessFile` function](https://togithub.com/microsoft/TypeScript/pull/47657) For the complete list of fixed issues, check out the - [fixed issues query for Typescript 4.6.0 (Beta)](https://togithub.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.6.0%22+). - [fixed issues query for Typescript 4.6.1 (RC)](https://togithub.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.6.1%22+). - [fixed issues query for Typescript 4.6.2 (Stable)](https://togithub.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.6.2%22+). - [fixed issues query for Typescript 4.6.3 (Stable)](https://togithub.com/microsoft/TypeScript/issues?q=milestone%3A%22TypeScript+4.6.3%22+). Downloads are available on: - [npm](https://www.npmjs.com/package/typescript)Configuration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by WhiteSource Renovate. View repository job log here.