fix(deps): update dependency axios to v1.7.4 [security] #1413

renovate · 2024-08-13T21:47:38Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
axios (source)	`1.7.2` -> `1.7.4`

GitHub Vulnerability Alerts

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Release Notes

axios/axios (axios)

`v1.7.4`

Compare Source

Bug Fixes

sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

`v1.7.3`

Compare Source

Bug Fixes

adapter: fix progress event emitting; (#6518) (e3c76fc)
fetch: fix withCredentials request config (#6505) (85d4d0e)
xhr: return original config on errors from XHR adapter (#6515) (8966ee7)

Contributors to this release

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - "after 10pm every weekday,before 5am every weekday,every weekend" (UTC).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

sonarqubecloud · 2024-08-19T10:12:52Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

renovate bot added the dependencies label Aug 13, 2024

fix(deps): update dependency axios to v1.7.4 [security]

57ea346

renovate bot force-pushed the renovate/npm-axios-vulnerability branch from c057868 to 57ea346 Compare August 19, 2024 10:12

spaenleh approved these changes Aug 19, 2024

View reviewed changes

spaenleh added this pull request to the merge queue Aug 19, 2024

Merged via the queue into main with commit e06c8b9 Aug 19, 2024
4 checks passed

github-actions bot added the un-released label Aug 19, 2024

graasper mentioned this pull request Aug 19, 2024

chore(main): release 2.36.0 #1405

Merged

renovate bot deleted the renovate/npm-axios-vulnerability branch August 19, 2024 12:07

github-actions bot added v2.36.0 and removed un-released labels Aug 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency axios to v1.7.4 [security] #1413

fix(deps): update dependency axios to v1.7.4 [security] #1413

renovate bot commented Aug 13, 2024

sonarqubecloud bot commented Aug 19, 2024

fix(deps): update dependency axios to v1.7.4 [security] #1413

fix(deps): update dependency axios to v1.7.4 [security] #1413

Conversation

renovate bot commented Aug 13, 2024

GitHub Vulnerability Alerts

CVE-2024-39338

Release Notes

v1.7.4

Bug Fixes

Contributors to this release

v1.7.3

Bug Fixes

Contributors to this release

Configuration

sonarqubecloud bot commented Aug 19, 2024

Quality Gate passed

`v1.7.4`

`v1.7.3`