zwave-js-ui icon indicating copy to clipboard operation
zwave-js-ui copied to clipboard

Published 20 hours ago verified publisher icon zwave-js

chore(deps): security upgrade axios from 1.6.2 to 1.6.3

Open chrisns opened this issue 1 year ago • 3 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Note for zero-installs users

If you are using the Yarn feature zero-installs that was introduced in Yarn V2, note that this PR does not update the .yarn/cache/ directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run yarn to update the contents of the ./yarn/cache directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged.

⚠️ Warning 
Failed to update the yarn.lock, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-6124857		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

chrisns avatar Dec 27 '23 14:12 chrisns

i didn't actually make this pr I suspect changing the lock wasn't required since the lock refers to a more recent version? ¯_(ツ)_/¯

chrisns avatar Jan 06 '24 15:01 chrisns

i didn't actually make this pr

Is it automated?

robertsLando avatar Jan 08 '24 08:01 robertsLando

@robertsLando

This PR was automatically created by Snyk using the credentials of a real user.

chrisns avatar Jan 08 '24 08:01 chrisns

This pull-request is stale because it has been open 90 days with no activity. Remove the stale label or comment or this will be closed in 5 days. To ignore this pull-request entirely you can add the no-stale label

github-actions[bot] avatar Apr 08 '24 00:04 github-actions[bot]

This pull-request is now closed due to inactivity, you can of course reopen or reference this pull-request if you see fit.

github-actions[bot] avatar Apr 14 '24 00:04 github-actions[bot]