Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency axios to v1.7.4 [SECURITY] #5016

Merged
merged 1 commit into from
Oct 7, 2024
Merged

Update dependency axios to v1.7.4 [SECURITY] #5016

merged 1 commit into from
Oct 7, 2024

Conversation

openverse-bot
Copy link
Collaborator

@openverse-bot openverse-bot commented Oct 7, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
axios (source) dependencies patch 1.7.2 -> 1.7.4

GitHub Vulnerability Alerts

CVE-2024-39338

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Release Notes

axios/axios (axios)

v1.7.4

Compare Source

Bug Fixes
Contributors to this release

v1.7.3

Compare Source

Bug Fixes
Contributors to this release

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@openverse-bot openverse-bot requested a review from a team as a code owner October 7, 2024 13:40
@openverse-bot openverse-bot added dependencies Pull requests that update a dependency file 💻 aspect: code Concerns the software code in the repository 🟨 tech: javascript Involves JavaScript 🟩 priority: low Low priority and doesn't need to be rushed 🧰 goal: internal improvement Improvement that benefits maintainers, not users 🧱 stack: frontend Related to the Nuxt frontend labels Oct 7, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 7, 2024
edited
Loading

Latest k6 run output1

$     ✗ status was 200
      ↳  99% — ✓ 7999 / ✗ 1

     checks.........................: 99.98% ✓ 7999      ✗ 1   
     data_received..................: 1.8 GB 8.4 MB/s
     data_sent......................: 1.0 MB 4.9 kB/s
     http_req_blocked...............: avg=13.19µs  min=1.95µs  med=3.77µs   max=12.46ms p(90)=5.24µs   p(95)=5.67µs  
     http_req_connecting............: avg=6.7µs    min=0s      med=0s       max=12.43ms p(90)=0s       p(95)=0s      
     http_req_duration..............: avg=559.8ms  min=51.96ms med=504.69ms max=2.36s   p(90)=1.04s    p(95)=1.15s   
       { expected_response:true }...: avg=559.8ms  min=51.96ms med=504.69ms max=2.36s   p(90)=1.04s    p(95)=1.15s   
   ✓ http_req_failed................: 0.01%  ✓ 1         ✗ 7999
     http_req_receiving.............: avg=166.7µs  min=39.39µs med=113.13µs max=19.26ms p(90)=183.48µs p(95)=234.54µs
     http_req_sending...............: avg=23.96µs  min=6.72µs  med=19.08µs  max=13ms    p(90)=25.74µs  p(95)=32.69µs 
     http_req_tls_handshaking.......: avg=0s       min=0s      med=0s       max=0s      p(90)=0s       p(95)=0s      
     http_req_waiting...............: avg=559.61ms min=51.8ms  med=504.55ms max=2.36s   p(90)=1.04s    p(95)=1.15s   
     http_reqs......................: 8000   36.981327/s
     iteration_duration.............: avg=3.74s    min=1.13s   med=3.18s    max=11.61s  p(90)=8.03s    p(95)=8.62s   
     iterations.....................: 1200   5.547199/s
     vus............................: 5      min=5       max=30
     vus_max........................: 30     min=30      max=30

Footnotes

  1. This comment will automatically update with new output each time k6 runs for this PR

@openverse-bot openverse-bot force-pushed the gha-renovatenpm-axios-vulnerability branch 2 times, most recently from fa8ad73 to d8190b4 Compare October 7, 2024 18:39
@openverse-bot openverse-bot force-pushed the gha-renovatenpm-axios-vulnerability branch from d8190b4 to a5df96a Compare October 7, 2024 19:06
@obulat obulat merged commit 611ed17 into main Oct 7, 2024
50 checks passed
@obulat obulat deleted the gha-renovatenpm-axios-vulnerability branch October 7, 2024 19:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@obulat obulat obulat approved these changes

@dhruvkb dhruvkb Awaiting requested review from dhruvkb dhruvkb is a code owner automatically assigned from WordPress/openverse-frontend

Assignees
No one assigned
Labels
💻 aspect: code Concerns the software code in the repository dependencies Pull requests that update a dependency file 🧰 goal: internal improvement Improvement that benefits maintainers, not users 🟩 priority: low Low priority and doesn't need to be rushed 🧱 stack: frontend Related to the Nuxt frontend 🟨 tech: javascript Involves JavaScript
Projects
Openverse PRs
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@openverse-bot @obulat