search

tubone24 / blog

tubone's Blog made by Gatsby.js and Netlify
https://blog.tubone-project24.xyz/
Other
6 stars 2 forks source link

[Snyk] Security upgrade axios from 0.27.2 to 1.6.4 #1411

Closed tubone24 closed 7 months ago

tubone24 commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - yarn.lock #### Note for [zero-installs](https://yarnpkg.com/features/zero-installs) users If you are using the Yarn feature [zero-installs](https://yarnpkg.com/features/zero-installs) that was introduced in Yarn V2, note that this PR does not update the `.yarn/cache/` directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run `yarn` to update the contents of the `./yarn/cache` directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged. #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Issue | Breaking Change | Exploit Maturity :-------------------------:|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | Prototype Pollution
[SNYK-JS-AXIOS-6144788](https://snyk.io/vuln/SNYK-JS-AXIOS-6144788) | Yes | No Known Exploit Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/tubone24/project/f01f63e7-832e-45ca-a080-eb4d0da4b8e6?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/tubone24/project/f01f63e7-832e-45ca-a080-eb4d0da4b8e6?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"964874e0-1c92-4c3c-937f-e0a79b265a75","prPublicId":"964874e0-1c92-4c3c-937f-e0a79b265a75","dependencies":[{"name":"axios","from":"0.27.2","to":"1.6.4"}],"packageManager":"yarn","projectPublicId":"f01f63e7-832e-45ca-a080-eb4d0da4b8e6","projectUrl":"https://app.snyk.io/org/tubone24/project/f01f63e7-832e-45ca-a080-eb4d0da4b8e6?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-AXIOS-6144788"],"upgrade":["SNYK-JS-AXIOS-6144788"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title"],"priorityScoreList":[null],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Prototype Pollution](https://learn.snyk.io/lesson/prototype-pollution/?loc=fix-pr)
github-actions[bot] commented 7 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - @babel/eslint-parser - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
coveralls commented 7 months ago

Pull Request Test Coverage Report for Build 7428940758

Totals Coverage Status
Change from base Build 7428846513: 0.0%
Covered Lines: 250
Relevant Lines: 280
💛 - Coveralls
github-actions[bot] commented 7 months ago

Deploy Preview

Deploy path: /home/runner/work/blog/blog/public Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/6598bee1f50dbf419803c2f3 Website Draft URL: https://6598bee1f50dbf419803c2f3--pensive-lamport-5822d2.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Bundle Analyzer URL

https://6598bee1f50dbf419803c2f3--pensive-lamport-5822d2.netlify.app/webpack-bundle-analyser

github-actions[bot] commented 7 months ago

Memlab leaks report

``` page-load [7.3MB] (baseline) [s1] > action-on-page [8MB] (target) [s2] > revert [9.1MB] (final) [s3] ------2 clusters------ --Similar leaks in this run: 1572-- --Retained size of leaked objects: 161.7KB-- [] (synthetic) @1 [10.2MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6227 [62KB] --setTimeout (property)---> [] (closure) @117973 [72 bytes] --context (internal)---> [] (object) @117977 [20 bytes] --previous (internal)---> [] (object) @58729 [35KB] --n (variable)---> [t] (closure) @112699 [1.3KB] --context (internal)---> [] (object) @215217 [42.6KB] --n (variable)---> [Object] (object) @235177 [42.5KB] --449 (element)---> [Object] (object) @235619 [24 bytes] --exports (property)---> [r] (closure) @270505 [2.6KB] --hasData (property)---> [] (closure) @224723 [76 bytes] --context (internal)---> [] (object) @224719 [1.4KB] --e (variable)---> [Object] (object) @270695 [1KB] --2 (element)---> [Object] (object) @363143 [76 bytes] --aaAutocomplete (property)---> [f] (object) @330589 [348 bytes] --$node (property)---> [q] (object) @374617 [188 bytes] --0 (element)---> [Detached HTMLSpanElement] (native) @319993 [616 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @319437 [5.7KB] --8 (element)---> [Detached HTMLDivElement] (native) @319627 [384 bytes] --10 (element)---> [Detached InternalNode] (native) @39968 [240 bytes] --1 (element)---> [Detached InternalNode] (native) @36782 [184 bytes] --3 (element)---> [Detached InternalNode] (native) @33510 [88 bytes] --1 (element)---> [Detached InternalNode] (native) @33512 [88 bytes] --1 (element)---> [Detached Attr] (native) @34840 [88 bytes] --Similar leaks in this run: 479-- --Retained size of leaked objects: 44.6KB-- [] (synthetic) @1 [10.2MB] --6 (shortcut)---> [Window / https://blog.tubone-project24.xyz] (object) @6227 [62KB] --___replace (property)---> [] (closure) @275743 [76 bytes] --context (internal)---> [] (object) @213325 [724 bytes] --a (variable)---> [Module] (object) @70935 [6.1KB] --get version (property)---> [version] (closure) @213275 [76 bytes] --context (internal)---> [] (object) @127853 [6.3KB] --Qn (variable)---> [y] (object) @387195 [368 bytes] --props (property)---> [Object] (object) @419165 [28 bytes] --children (property)---> [Object] (object) @419171 [296 bytes] --props (property)---> [Object] (object) @421879 [56 bytes] --children (property)---> [Object] (object) @421941 [1.2KB] --__ (property)---> [Object] (object) @434791 [1.1KB] --__ (property)---> [Object] (object) @434801 [940 bytes] --__ (property)---> [Object] (object) @434815 [736 bytes] --__d (property)---> [Detached HTMLDivElement] (native) @319891 [440 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @319889 [384 bytes] --5 (element)---> [Detached HTMLDivElement] (native) @319887 [384 bytes] --6 (element)---> [Detached HTMLDivElement] (native) @320137 [14.8KB] --8 (element)---> [Detached HTMLElement] (native) @320109 [21.1KB] --5 (element)---> [Detached HTMLDivElement] (native) @320113 [18.3KB] --5 (element)---> [Detached Text] (native) @319945 [160 bytes] --6 (element)---> [Detached HTMLHeadingElement] (native) @319943 [456 bytes] --9 (element)---> [Detached Text] (native) @319939 [160 bytes] --7 (element)---> [Detached HTMLImageElement] (native) @319937 [704 bytes] --8 (element)---> [Detached Text] (native) @319935 [160 bytes] --7 (element)---> [Detached HTMLSpanElement] (native) @319933 [840 bytes] --9 (element)---> [Detached Text] (native) @319927 [160 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @319925 [1KB] --9 (element)---> [Detached Text] (native) @320013 [160 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @320015 [456 bytes] --9 (element)---> [Detached Text] (native) @320019 [160 bytes] --7 (element)---> [Detached HTMLParagraphElement] (native) @320023 [456 bytes] --9 (element)---> [Detached Text] (native) @319917 [160 bytes] --7 (element)---> [Detached HTMLBRElement] (native) @319911 [364 bytes] --7 (element)---> [Detached Text] (native) @319909 [160 bytes] --7 (element)---> [Detached HTMLDivElement] (native) @319907 [4.6KB] --6 (element)---> [Detached Text] (native) @320065 [160 bytes] --6 (element)---> [Detached HTMLUListElement] (native) @319893 [2.9KB] --5 (element)---> [Detached Text] (native) @319895 [160 bytes] --6 (element)---> [Detached HTMLLIElement] (native) @320083 [1KB] --10 (element)---> [Detached InternalNode] (native) @31082 [152 bytes] --1 (element)---> [Detached InternalNode] (native) @29528 [96 bytes] --2 (element)---> [Detached NamedNodeMap] (native) @29532 [40 bytes] ```
github-actions[bot] commented 7 months ago

Storybook Preview

Deploy path: /home/runner/work/blog/blog/storybook-static Functions path: /home/runner/work/blog/blog/functions/src Configuration path: /home/runner/work/blog/blog/netlify.toml Deploying to draft URL...

Logs: https://app.netlify.com/sites/blog-storybook/deploys/6598bf2bb11170833648d026 Website Draft URL: https://6598bf2bb11170833648d026--blog-storybook.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod

github-actions[bot] commented 7 months ago

Lighthouse Score

Desktop

performance: 55.00000000000001 accessibility: 100 best-practices: 100 seo: 92 pwa: 100

Mobile

performance: 75 accessibility: 100 best-practices: 95 seo: 93 pwa: 100