valdisiljuconoks / localization-provider-core

Database driven localization provider for .NET applications (with administrative management UI)
Apache License 2.0
120 stars 22 forks source link

[Snyk] Upgrade axios from 1.6.2 to 1.6.8 #153

Open valdisiljuconoks opened 6 months ago

valdisiljuconoks commented 6 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade axios from 1.6.2 to 1.6.8.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2024-03-15. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Prototype Pollution
[SNYK-JS-AXIOS-6144788](https://snyk.io/vuln/SNYK-JS-AXIOS-6144788) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | No Known Exploit | Improper Input Validation
[SNYK-JS-FOLLOWREDIRECTS-6141137](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-AXIOS-6124857](https://snyk.io/vuln/SNYK-JS-AXIOS-6124857) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Proof of Concept | Information Exposure
[SNYK-JS-FOLLOWREDIRECTS-6444610](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610) | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: axios from axios GitHub release notes
Commit messages
Package name: axios
  • ab3f0f9 chore(release): v1.6.8 (#6303)
  • 2656612 fix(AxiosHeaders): fix AxiosHeaders conversion to an object during config merging (#6243)
  • 7320430 fix(import): use named export for EventEmitter;
  • 8786e0f fix(vulnerability): update follow-redirects to 1.15.6 (#6300)
  • d844227 chore: update and bump deps (#6238)
  • caa0625 docs: update README responseEncoding types (#6194)
  • 41c4584 docs: Update README.md to point to current axios version in CDN links (#6196)
  • bf6974f chore(ci): add npm tag action; (#6231)
  • a52e4d9 chore(release): v1.6.7 (#6204)
  • 2b69888 chore: remove unnecessary check (#6186)
  • 1a08f90 fix: capture async stack only for rejections with native error objects; (#6203)
  • 104aa3f chore(release): v1.6.6 (#6199)
  • a1938ff fix: fixed missed dispatchBeforeRedirect argument (#5778)
  • 123f354 fix: wrap errors to improve async stack trace (#5987)
  • 6d4c421 chore(release): v1.6.5 (#6177)
  • 0736f95 fix(ci): refactor notify action as a job of publish action; (#6176)
  • f4f2b03 fix(dns): fixed lookup error handling; (#6175)
  • 1f73dcb docs: update sponsor links
  • 8790b8e chore(release): v1.6.4 (#6173)
  • 0ad520d chore(ci): fix notify action; (#6172)
  • 3c0c11c fix(security): fixed formToJSON prototype pollution vulnerability; (#6167)
  • 75af1cd fix(security): fixed security vulnerability in follow-redirects (#6163)
  • 90864b3 docs: update logos
  • 1542719 docs: updated headline sponsors
Compare

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/valdisiljuconoks/project/049014dc-8087-46d8-9e97-01d6b16d094a?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/valdisiljuconoks/project/049014dc-8087-46d8-9e97-01d6b16d094a/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/valdisiljuconoks/project/049014dc-8087-46d8-9e97-01d6b16d094a/settings/integration?pkg=axios&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
sonarcloud[bot] commented 6 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud