longhorn-ui
longhorn-ui copied to clipboard
Published
20 hours ago •
longhorn
longhorn
fix(deps): update dependency axios to v1.7.4 [security] (master)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| axios (source) | 1.6.0 -> 1.7.4 |
GitHub Vulnerability Alerts
CVE-2024-39338
axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Release Notes
axios/axios (axios)
v1.7.4
Bug Fixes
- sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
- sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)
Contributors to this release
v1.7.3
Bug Fixes
- adapter: fix progress event emitting; (#6518) (e3c76fc)
- fetch: fix withCredentials request config (#6505) (85d4d0e)
- xhr: return original config on errors from XHR adapter (#6515) (8966ee7)
Contributors to this release
v1.7.2
Bug Fixes
Contributors to this release
v1.7.1
Bug Fixes
- fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#6410) (733f15f)
Contributors to this release
v1.7.0
Features
Bug Fixes
Contributors to this release
v1.6.8
Bug Fixes
- AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)
- import: use named export for EventEmitter; (7320430)
- vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)
Contributors to this release
v1.6.7
Bug Fixes
Contributors to this release
v1.6.6
Bug Fixes
- fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)
- wrap errors to improve async stack trace (#5987) (123f354)
Contributors to this release
v1.6.5
Bug Fixes
- ci: refactor notify action as a job of publish action; (#6176) (0736f95)
- dns: fixed lookup error handling; (#6175) (f4f2b03)
Contributors to this release
v1.6.4
Bug Fixes
- security: fixed formToJSON prototype pollution vulnerability; (#6167) (3c0c11c)
- security: fixed security vulnerability in follow-redirects (#6163) (75af1cd)
Contributors to this release
v1.6.3
Bug Fixes
Contributors to this release
v1.6.2
Features
-
withXSRFToken: added withXSRFToken option as a workaround to achieve the old
withCredentialsbehavior; (#6046) (cff9967)
PRs
- feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #6046 )
📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour.
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.
Contributors to this release
v1.6.1
Bug Fixes
- formdata: fixed content-type header normalization for non-standard browser environments; (#6056) (dd465ab)
- platform: fixed emulated browser detection in node.js environment; (#6055) (3dc8369)
Contributors to this release
Configuration
📅 Schedule: Branch creation - "" in timezone Asia/Taipei, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}