Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade axios from 0.21.1 to 0.21.3 #285

Merged
merged 1 commit into from
Oct 14, 2021
Merged

[Snyk] Security upgrade axios from 0.21.1 to 0.21.3 #285

merged 1 commit into from
Oct 14, 2021

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Sep 5, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: axios The new version differs by 41 commits.
  • e367be5 [Releasing] 0.21.3
  • 83ae383 Correctly add response interceptors to interceptor chain (#4013)
  • c0c8761 [Updating] changelog to include links to issues and contributors
  • 619bb46 [Releasing] v0.21.2
  • 82c9455 Create SECURITY.md (#3981)
  • 5b45711 Security fix for ReDoS (#3980)
  • 5bc9ea2 Update ECOSYSTEM.md (#3817)
  • e72813a Fixing README.md (#3818)
  • e10a027 Fix README typo under Request Config (#3825)
  • e091491 Update README.md (#3936)
  • b42fbad Removed un-needed bracket
  • 520c8dc Updating CI status badge (#3953)
  • 4fbeecb Adding CI on Github Actions. (#3938)
  • e9965bf Fixing the sauce labs tests (#3813)
  • dbc634c Remove charset in tests (#3807)
  • 3958e9f Add explanation of cancel token (#3803)
  • 69949a6 Adding custom return type support to interceptor (#3783)
  • 49509f6 Create FUNDING.yml (#3796)
  • 199c8aa Adding parseInt to config.timeout (#3781)
  • 94fc4ea Adding isAxiosError typeguard documentation (#3767)
  • 0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
  • a18a0ec Updating `lib/core/README.md` about Dispatching requests (#3772)
  • 59fa614 [Updated] follow-redirects to the latest version (#3771)
  • 7821ed2 Feat/json improvements (#3763)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@alexanderleegs alexanderleegs force-pushed the snyk-fix-087abcde884cec74d66aca4d40707f60 branch from 0357a9d to e2257a2 Compare October 14, 2021 05:06
@alexanderleegs alexanderleegs merged commit 8763f40 into develop Oct 14, 2021
@alexanderleegs alexanderleegs mentioned this pull request Oct 14, 2021
Merged
lamkeewei added a commit that referenced this pull request Nov 8, 2021
@lamkeewei
Merge branch 'develop' into feat/identity/database-models
c5de8b3 
* develop: (25 commits)
  fix: package.json & package-lock.json to reduce vulnerabilities (#285)
  fix: package.json & package-lock.json to reduce vulnerabilities (#311)
  Refactor/collection refactor (#281)
  build(deps-dev): bump jest from 26.6.3 to 27.0.6 (#222)
  build(deps): bump tmpl from 1.0.4 to 1.0.5 (#304)
  build(deps): bump axios from 0.21.1 to 0.21.4 (#295)
  Fix: change git tree object format (#305)
  Fix: handle 409 errors when editing files (#303)
  hotfix: properly handle subcollection file update
  Fix: prevent truncating of page body (#299)
  Feat: add ability to edit description in settings (#280)
  ci: remove .ebextensions from zip
  ci: update backend staging eb env
  ci: update production eb env name (#298)
  ci: include .platform dir in deployment
  chore: specify node version
  chore: use EB platform hooks instead of ebextensions
  chore: add health check endpoint
  chore: use new cicd user creds
  fix: update ebextension to fix EB deploy
  ...
lamkeewei added a commit that referenced this pull request Nov 8, 2021
@lamkeewei
Merge branch 'feat/identity/database-models' into feat/identity/site-…
0cfc7b3 
…token-middleware

* feat/identity/database-models: (25 commits)
  fix: package.json & package-lock.json to reduce vulnerabilities (#285)
  fix: package.json & package-lock.json to reduce vulnerabilities (#311)
  Refactor/collection refactor (#281)
  build(deps-dev): bump jest from 26.6.3 to 27.0.6 (#222)
  build(deps): bump tmpl from 1.0.4 to 1.0.5 (#304)
  build(deps): bump axios from 0.21.1 to 0.21.4 (#295)
  Fix: change git tree object format (#305)
  Fix: handle 409 errors when editing files (#303)
  hotfix: properly handle subcollection file update
  Fix: prevent truncating of page body (#299)
  Feat: add ability to edit description in settings (#280)
  ci: remove .ebextensions from zip
  ci: update backend staging eb env
  ci: update production eb env name (#298)
  ci: include .platform dir in deployment
  chore: specify node version
  chore: use EB platform hooks instead of ebextensions
  chore: add health check endpoint
  chore: use new cicd user creds
  fix: update ebextension to fix EB deploy
  ...
lamkeewei added a commit that referenced this pull request Nov 8, 2021
@lamkeewei
Merge branch 'feat/identity/site-token-middleware' into feat/identity…
44f40ee 
…/email-login

* feat/identity/site-token-middleware: (25 commits)
  fix: package.json & package-lock.json to reduce vulnerabilities (#285)
  fix: package.json & package-lock.json to reduce vulnerabilities (#311)
  Refactor/collection refactor (#281)
  build(deps-dev): bump jest from 26.6.3 to 27.0.6 (#222)
  build(deps): bump tmpl from 1.0.4 to 1.0.5 (#304)
  build(deps): bump axios from 0.21.1 to 0.21.4 (#295)
  Fix: change git tree object format (#305)
  Fix: handle 409 errors when editing files (#303)
  hotfix: properly handle subcollection file update
  Fix: prevent truncating of page body (#299)
  Feat: add ability to edit description in settings (#280)
  ci: remove .ebextensions from zip
  ci: update backend staging eb env
  ci: update production eb env name (#298)
  ci: include .platform dir in deployment
  chore: specify node version
  chore: use EB platform hooks instead of ebextensions
  chore: add health check endpoint
  chore: use new cicd user creds
  fix: update ebextension to fix EB deploy
  ...
@alexanderleegs alexanderleegs deleted the snyk-fix-087abcde884cec74d66aca4d40707f60 branch December 1, 2021 09:22
@alexanderleegs alexanderleegs restored the snyk-fix-087abcde884cec74d66aca4d40707f60 branch December 1, 2021 09:22
@alexanderleegs alexanderleegs deleted the snyk-fix-087abcde884cec74d66aca4d40707f60 branch December 1, 2021 09:22
harishv7 pushed a commit that referenced this pull request Feb 17, 2023
@snyk-bot
fix: package.json & package-lock.json to reduce vulnerabilities (#285)
3ca8b0b 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-1579269
@QiluXie QiluXie mentioned this pull request Jul 21, 2023
Merged
@isomeradmin isomeradmin mentioned this pull request Oct 25, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexanderleegs alexanderleegs alexanderleegs approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@snyk-bot @alexanderleegs