Closed renovate[bot] closed 5 months ago
List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.
Totals | |
---|---|
Change from base Build 8308116646: | 0.0% |
Covered Lines: | 251 |
Relevant Lines: | 281 |
Deploy path: /home/runner/work/blog/blog/public
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...
Netlify Build
────────────────────────────────────────────────────────────────
❯ Version
@netlify/build 29.36.1
❯ Flags
auth: TTs786GkKycSkoas9uwxVwTtamK0txQzpvHwXleU3OQ
deployId: 65f488670df21d04c8ec2ff8
dir: ./public
functions: ./functions/src
open: false
prod: false
prodIfUnlocked: false
site: 3751ef40-b145-4249-9657-39d3fb04ae81
skipFunctionsCache: false
❯ Current directory
/home/runner/work/blog/blog
❯ Config file
/home/runner/work/blog/blog/netlify.toml
❯ Context
dev
Build logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f488670df21d04c8ec2ff8 Function logs: https://app.netlify.com/sites/pensive-lamport-5822d2/functions?scope=deploy:65f488670df21d04c8ec2ff8 Website draft URL: https://65f488670df21d04c8ec2ff8--pensive-lamport-5822d2.netlify.app
If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod
Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...
Netlify Build
────────────────────────────────────────────────────────────────
❯ Version
@netlify/build 29.36.1
❯ Flags
auth: EPJJ6iiVJKf1WzATp10YTzbujNbkSqWDiVl-3kCXA-Y
deployId: 65f488ac5630940632721bb9
dir: ./storybook-static
open: false
prod: false
prodIfUnlocked: false
site: 905285ac-8339-48d2-86d8-8d639370a095
skipFunctionsCache: false
❯ Current directory
/home/runner/work/blog/blog
❯ Config file
/home/runner/work/blog/blog/netlify.toml
❯ Context
dev
Build logs: https://app.netlify.com/sites/blog-storybook/deploys/65f488ac5630940632721bb9 Function logs: https://app.netlify.com/sites/blog-storybook/functions?scope=deploy:65f488ac5630940632721bb9 Website draft URL: https://65f488ac5630940632721bb9--blog-storybook.netlify.app
If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod
performance: 93 accessibility: 100 best-practices: 100 seo: 92 pwa: 100
performance: 74 accessibility: 100 best-practices: 96 seo: 93 pwa: 100
List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.
List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.
List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.
List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.
Deploy path: /home/runner/work/blog/blog/public
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...
Netlify Build
────────────────────────────────────────────────────────────────
❯ Version
@netlify/build 29.36.1
❯ Flags
auth: TTs786GkKycSkoas9uwxVwTtamK0txQzpvHwXleU3OQ
deployId: 65f554142115b9866019fa92
dir: ./public
functions: ./functions/src
open: false
prod: false
prodIfUnlocked: false
site: 3751ef40-b145-4249-9657-39d3fb04ae81
skipFunctionsCache: false
❯ Current directory
/home/runner/work/blog/blog
❯ Config file
/home/runner/work/blog/blog/netlify.toml
❯ Context
dev
Build logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f554142115b9866019fa92 Function logs: https://app.netlify.com/sites/pensive-lamport-5822d2/functions?scope=deploy:65f554142115b9866019fa92 Website draft URL: https://65f554142115b9866019fa92--pensive-lamport-5822d2.netlify.app
If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod
Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...
Netlify Build
────────────────────────────────────────────────────────────────
❯ Version
@netlify/build 29.36.1
❯ Flags
auth: EPJJ6iiVJKf1WzATp10YTzbujNbkSqWDiVl-3kCXA-Y
deployId: 65f55452e03854878abf42a8
dir: ./storybook-static
open: false
prod: false
prodIfUnlocked: false
site: 905285ac-8339-48d2-86d8-8d639370a095
skipFunctionsCache: false
❯ Current directory
/home/runner/work/blog/blog
❯ Config file
/home/runner/work/blog/blog/netlify.toml
❯ Context
dev
Build logs: https://app.netlify.com/sites/blog-storybook/deploys/65f55452e03854878abf42a8 Function logs: https://app.netlify.com/sites/blog-storybook/functions?scope=deploy:65f55452e03854878abf42a8 Website draft URL: https://65f55452e03854878abf42a8--blog-storybook.netlify.app
If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod
performance: 98 accessibility: 100 best-practices: 100 seo: 92 pwa: 100
performance: 69 accessibility: 100 best-practices: 96 seo: 93 pwa: 100
List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.
Deploy path: /home/runner/work/blog/blog/public
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...
Netlify Build
────────────────────────────────────────────────────────────────
❯ Version
@netlify/build 29.36.1
❯ Flags
auth: TTs786GkKycSkoas9uwxVwTtamK0txQzpvHwXleU3OQ
deployId: 65f5933a0252f1ae573de6b5
dir: ./public
functions: ./functions/src
open: false
prod: false
prodIfUnlocked: false
site: 3751ef40-b145-4249-9657-39d3fb04ae81
skipFunctionsCache: false
❯ Current directory
/home/runner/work/blog/blog
❯ Config file
/home/runner/work/blog/blog/netlify.toml
❯ Context
dev
Build logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f5933a0252f1ae573de6b5 Function logs: https://app.netlify.com/sites/pensive-lamport-5822d2/functions?scope=deploy:65f5933a0252f1ae573de6b5 Website draft URL: https://65f5933a0252f1ae573de6b5--pensive-lamport-5822d2.netlify.app
If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod
Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...
Netlify Build
────────────────────────────────────────────────────────────────
❯ Version
@netlify/build 29.36.1
❯ Flags
auth: EPJJ6iiVJKf1WzATp10YTzbujNbkSqWDiVl-3kCXA-Y
deployId: 65f59381846e7cadcba420f9
dir: ./storybook-static
open: false
prod: false
prodIfUnlocked: false
site: 905285ac-8339-48d2-86d8-8d639370a095
skipFunctionsCache: false
❯ Current directory
/home/runner/work/blog/blog
❯ Config file
/home/runner/work/blog/blog/netlify.toml
❯ Context
dev
Build logs: https://app.netlify.com/sites/blog-storybook/deploys/65f59381846e7cadcba420f9 Function logs: https://app.netlify.com/sites/blog-storybook/functions?scope=deploy:65f59381846e7cadcba420f9 Website draft URL: https://65f59381846e7cadcba420f9--blog-storybook.netlify.app
If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod
performance: 85 accessibility: 100 best-practices: 100 seo: 92 pwa: 100
performance: 76 accessibility: 100 best-practices: 96 seo: 93 pwa: 100
List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.
Deploy path: /home/runner/work/blog/blog/public
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...
Netlify Build
────────────────────────────────────────────────────────────────
❯ Version
@netlify/build 29.36.1
❯ Flags
auth: TTs786GkKycSkoas9uwxVwTtamK0txQzpvHwXleU3OQ
deployId: 65f5a206fbe72cb7c152f3dd
dir: ./public
functions: ./functions/src
open: false
prod: false
prodIfUnlocked: false
site: 3751ef40-b145-4249-9657-39d3fb04ae81
skipFunctionsCache: false
❯ Current directory
/home/runner/work/blog/blog
❯ Config file
/home/runner/work/blog/blog/netlify.toml
❯ Context
dev
Build logs: https://app.netlify.com/sites/pensive-lamport-5822d2/deploys/65f5a206fbe72cb7c152f3dd Function logs: https://app.netlify.com/sites/pensive-lamport-5822d2/functions?scope=deploy:65f5a206fbe72cb7c152f3dd Website draft URL: https://65f5a206fbe72cb7c152f3dd--pensive-lamport-5822d2.netlify.app
If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod
Deploy path: /home/runner/work/blog/blog/storybook-static
Functions path: /home/runner/work/blog/blog/functions/src
Configuration path: /home/runner/work/blog/blog/netlify.toml
Deploying to draft URL...
Netlify Build
────────────────────────────────────────────────────────────────
❯ Version
@netlify/build 29.36.1
❯ Flags
auth: EPJJ6iiVJKf1WzATp10YTzbujNbkSqWDiVl-3kCXA-Y
deployId: 65f5a21e563094b9b9721cef
dir: ./storybook-static
open: false
prod: false
prodIfUnlocked: false
site: 905285ac-8339-48d2-86d8-8d639370a095
skipFunctionsCache: false
❯ Current directory
/home/runner/work/blog/blog
❯ Config file
/home/runner/work/blog/blog/netlify.toml
❯ Context
dev
Build logs: https://app.netlify.com/sites/blog-storybook/deploys/65f5a21e563094b9b9721cef Function logs: https://app.netlify.com/sites/blog-storybook/functions?scope=deploy:65f5a21e563094b9b9721cef Website draft URL: https://65f5a21e563094b9b9721cef--blog-storybook.netlify.app
If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag. netlify deploy --prod
performance: 98 accessibility: 100 best-practices: 100 seo: 92 pwa: 100
performance: 76 accessibility: 100 best-practices: 96 seo: 93 pwa: 100
This PR contains the following updates:
1.15.5
->1.15.6
GitHub Vulnerability Alerts
CVE-2024-28849
When using axios, its dependency library follow-redirects only clears authorization header during cross-domain redirect, but allows the proxy-authentication header which contains credentials too.
Steps To Reproduce & PoC
axios Test Code
const axios = require('axios');
axios.get('http://127.0.0.1:10081/',{ headers: { 'AuThorization': 'Rear Test', 'ProXy-AuthoriZation': 'Rear Test', 'coOkie': 't=1' } }).then(function (response) { console.log(response); }) When I meet the cross-domain redirect, the sensitive headers like authorization and cookie are cleared, but proxy-authentication header is kept.
Request sent by axios
image-20240314130755052.png Request sent by follow-redirects after redirectimage-20240314130809838.png
Impact
This vulnerability may lead to credentials leak.
Recommendations
Remove proxy-authentication header during cross-domain redirect Recommended Patch
follow-redirects/index.js:464
removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers); change to
removeMatchingHeaders(/^(?:authorization|proxy-authorization|cookie)$/i, this._options.headers); Ref
https://fetch.spec.whatwg.org/#authentication-entries https://hackerone.com/reports/2390009
Release Notes
follow-redirects/follow-redirects (follow-redirects)
### [`v1.15.6`](https://togithub.com/follow-redirects/follow-redirects/compare/v1.15.5...v1.15.6) [Compare Source](https://togithub.com/follow-redirects/follow-redirects/compare/v1.15.5...v1.15.6)Configuration
📅 Schedule: Branch creation - "" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.