Skip to content

chore(deps): update dependency axios to v1.7.4 [security]#12

Open
renovate[bot] wants to merge 1 commit intodevfrom
renovate/npm-axios-vulnerability
Open

chore(deps): update dependency axios to v1.7.4 [security]#12
renovate[bot] wants to merge 1 commit intodevfrom
renovate/npm-axios-vulnerability

Conversation

@renovate
Copy link

@renovate renovate bot commented Jun 5, 2024
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios (source) 1.3.21.7.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-45857

An issue discovered in Axios 0.8.1 through 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Release Notes

axios/axios (axios)

v1.7.4

Compare Source

Bug Fixes
Features
Reverts
BREAKING CHANGES

  • code relying on the above will now combine the URLs instead of prefer request URL

  • feat: add config option for allowing absolute URLs

  • fix: add default value for allowAbsoluteUrls in buildFullPath

  • fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

1.7.9 (2024-12-04)

Reverts
Contributors to this release

1.7.8 (2024-11-25)

Bug Fixes
Contributors to this release

1.7.7 (2024-08-31)

Bug Fixes
  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#​6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#​5731) (364993f)
Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes
Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes
  • adapter: fix undefined reference to hasBrowserEnv (#​6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#​6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#​6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#​6533) (550d885)
Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes
Contributors to this release

1.7.3 (2024-08-01)

Bug Fixes
Contributors to this release

1.7.2 (2024-05-21)

Bug Fixes
Contributors to this release

1.7.1 (2024-05-20)

Bug Fixes
  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#​6410) (733f15f)
Contributors to this release

v1.7.3

Compare Source

Bug Fixes
Features
Reverts
BREAKING CHANGES

  • code relying on the above will now combine the URLs instead of prefer request URL

  • feat: add config option for allowing absolute URLs

  • fix: add default value for allowAbsoluteUrls in buildFullPath

  • fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

1.7.9 (2024-12-04)

Reverts
Contributors to this release

1.7.8 (2024-11-25)

Bug Fixes
Contributors to this release

1.7.7 (2024-08-31)

Bug Fixes
  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#​6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#​5731) (364993f)
Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes
Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes
  • adapter: fix undefined reference to hasBrowserEnv (#​6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#​6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#​6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#​6533) (550d885)
Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes
Contributors to this release

1.7.3 (2024-08-01)

Bug Fixes
Contributors to this release

1.7.2 (2024-05-21)

Bug Fixes
Contributors to this release

1.7.1 (2024-05-20)

Bug Fixes
  • fetch: fixed ReferenceError issue when TextEncoder is not available in the environment; (#​6410) (733f15f)
Contributors to this release

v1.7.2

Compare Source

Bug Fixes
Features
Reverts
BREAKING CHANGES

  • code relying on the above will now combine the URLs instead of prefer request URL

  • feat: add config option for allowing absolute URLs

  • fix: add default value for allowAbsoluteUrls in buildFullPath

  • fix: typo in flow control when setting allowAbsoluteUrls

Contributors to this release

1.7.9 (2024-12-04)

Reverts
Contributors to this release

1.7.8 (2024-11-25)

Bug Fixes
Contributors to this release

1.7.7 (2024-08-31)

Bug Fixes
  • fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#​6584) (d198085)
  • http: fixed support for IPv6 literal strings in url (#​5731) (364993f)
Contributors to this release

1.7.6 (2024-08-30)

Bug Fixes
Contributors to this release

1.7.5 (2024-08-23)

Bug Fixes
  • adapter: fix undefined reference to hasBrowserEnv (#​6572) (7004707)
  • core: add the missed implementation of AxiosError#status property; (#​6573) (6700a8a)
  • core: fix ReferenceError: navigator is not defined for custom environments; (#​6567) (fed1a4b)
  • fetch: fix credentials handling in Cloudflare workers (#​6533) (550d885)
Contributors to this release

1.7.4 (2024-08-13)

Bug Fixes

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@cr-gpt
Copy link

cr-gpt bot commented Jun 5, 2024

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 5c54231 to 73550a9 Compare August 15, 2024 05:40
@renovate renovate bot changed the title chore(deps): update dependency axios to v1.6.0 [security] chore(deps): update dependency axios to v1.7.4 [security] Aug 15, 2024
@cr-gpt
Copy link

cr-gpt bot commented Aug 15, 2024

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 73550a9 to cf3a763 Compare November 1, 2024 05:17
@cr-gpt
Copy link

cr-gpt bot commented Nov 1, 2024

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from cf3a763 to 277edd8 Compare February 15, 2025 03:25
@cr-gpt
Copy link

cr-gpt bot commented Feb 15, 2025

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 277edd8 to e37ef5a Compare February 23, 2025 15:13
@cr-gpt
Copy link

cr-gpt bot commented Feb 23, 2025

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from e37ef5a to ca5b39f Compare June 6, 2025 11:49
@cr-gpt
Copy link

cr-gpt bot commented Jun 6, 2025

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from ca5b39f to 7e857a3 Compare July 27, 2025 07:55
@cr-gpt
Copy link

cr-gpt bot commented Jul 27, 2025

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 7e857a3 to 40b0e05 Compare August 4, 2025 20:05
@cr-gpt
Copy link

cr-gpt bot commented Aug 4, 2025

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 40b0e05 to b2560f6 Compare September 14, 2025 11:56
@renovate renovate bot changed the title chore(deps): update dependency axios to v1.7.4 [security] chore(deps): update dependency axios to v1.12.0 [security] Sep 14, 2025
@cr-gpt
Copy link

cr-gpt bot commented Sep 14, 2025

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from b2560f6 to df6c9fe Compare September 24, 2025 23:27
@cr-gpt
Copy link

cr-gpt bot commented Sep 24, 2025

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from df6c9fe to 928eb5c Compare September 30, 2025 03:37
@cr-gpt
Copy link

cr-gpt bot commented Sep 30, 2025

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 928eb5c to 0951d7f Compare October 1, 2025 23:10
@cr-gpt
Copy link

cr-gpt bot commented Oct 1, 2025

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 0951d7f to 8a441ba Compare October 16, 2025 03:51
@renovate renovate bot changed the title chore(deps): update dependency axios to v1.12.0 [security] chore(deps): update dependency axios to v1.7.4 [security] Oct 16, 2025
@cr-gpt
Copy link

cr-gpt bot commented Oct 16, 2025

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 8a441ba to 00c0fbe Compare November 19, 2025 16:07
@cr-gpt
Copy link

cr-gpt bot commented Nov 19, 2025

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

@socket-security
Copy link

socket-security bot commented Nov 19, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedaxios@​1.3.2 ⏵ 1.7.499 +170 +1010097100

View full report

@renovate renovate bot force-pushed the renovate/npm-axios-vulnerability branch from 00c0fbe to 7a8adfb Compare February 10, 2026 23:31
@cr-gpt
Copy link

cr-gpt bot commented Feb 10, 2026

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants