Server icon indicating copy to clipboard operation
Server copied to clipboard

Published 20 hours ago verified publisher icon MediaButler

[Snyk] Fix for 1 vulnerabilities

Open vertig0ne opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 748/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.1		 Cross-site Request Forgery (CSRF)
SNYK-JS-AXIOS-6032459		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: axios The new version differs by 250 commits.
  • f7adacd chore(release): v1.6.0 (#6031)
  • 9917e67 chore(ci): fix release-it arg; (#6032)
  • 96ee232 fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)
  • 7d45ab2 chore(tests): fixed tests to pass in node v19 and v20 with `keep-alive` enabled; (#6021)
  • 5aaff53 fix(dns): fixed lookup function decorator to work properly in node v20; (#6011)
  • a48a63a chore(docs): added AxiosHeaders docs; (#5932)
  • a1c8ad0 fix(types): fix AxiosHeaders types; (#5931)
  • 2ac731d chore(docs): update readme.md (#5889)
  • 88fb52b chore(release): v1.5.1 (#5920)
  • e410779 fix(adapters): improved adapters loading logic to have clear error messages; (#5919)
  • bc9af51 fix(formdata): fixed automatic addition of the `Content-Type` header for FormData in non-browser environments; (#5917)
  • 4c89f25 fix(headers): allow `content-encoding` header to handle case-insensitive values (#5890) (#5892)
  • ae00391 docs(paramsSerializer config within request config): update documentation for paramsSerializer
  • a989ccd Change isNaN to Number.isNaN
  • b5b7760 docs: fix CommonJS usage note
  • 9e62056 fix(types): removed duplicated code
  • 6365751 chore(release): v1.5.0 (#5838)
  • 1601f4a feat(export): export adapters without `unsafe` prefix (#5839)
  • dff74ae docs: linting documentation notes (#5791)
  • ca73eb8 feat: export getAdapter function (#5324)
  • 9a414bb fix(adapter): make adapter loading error more clear by using platform-specific adapters explicitly (#5837)
  • b3e327d fix(dns): fixed `cacheable-lookup` integration; (#5836)
  • 8fda276 fix(headers): fixed common Content-Type header merging; (#5832)
  • d8b4ca0 fix(headers): added support for setting header names that overlap with class methods; (#5831)

See the full diff

Package name: axios-cache-adapter The new version differs by 102 commits.
  • b49888c chore(package): Bump to 2.5.0
  • fa294ee chore(package): Remove es6.object.to-string built-in exclusion and re-build
  • 9046168 List Axios as a peer dependency so it is not bundled twice by co… (#114)
  • 93e2d83 Replace expensive lodash calls with native functions (cont. #115) (#132)
  • 7d5efd9 chore(package): bump version to 2.4.1
  • 2a462d8 chore(typings): Add simple TypeDefinition for RedisStore (#111)
  • 0b6f7bb chore(readme): Update info about browser vs node
  • 5fe855a chore(package): Bump version to 2.4.0
  • 390d968 chore(dist): Rebuild
  • e62e3aa fix(package): Lock axios version to 0.18.1 (#109)
  • 56a871e Implement RedisStore (#98)
  • 22e7ba0 move `cache-control-esm` to `dependencies` (#108)
  • e0c6ed7 fix(travis): Fix Ubuntu 16 builds by adding libgconf-2-4 to addons
  • 6d176fd Update README.md (#106)
  • 64ac601 chore(bower): Update version (#102)
  • 547ffa2 chore(package): Update version (#101)
  • 62498a3 Update axios-cache-adapter.d.ts (#100)
  • 70fc386 chore(package): Update version to 2.3.2
  • 0a14086 chore(typings): add .d.ts file in the npm package (#93)
  • 9addeac chore(package): Update version to 2.3.1 and rebuild dist
  • 4d16b7f fix(build): Use forked version of cache-control and change webpack config (#91)
  • 923dccf Add Typescript Support (#87)
  • af9808c Add class transform to babel config (#80)
  • a3c0953 fix config.expires setup in case maxAge equal 0 (#83)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Request Forgery (CSRF)

vertig0ne avatar Oct 27 '23 14:10 vertig0ne