Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Snyk] Security upgrade axios from 0.25.0 to 1.6.0 (#2640)
<p>This PR was automatically created by Snyk using the credentials of a
real user.</p><br /><h3>Snyk has created this PR to fix one or more
vulnerable packages in the `npm` dependencies of this project.</h3>
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies
to a fixed version:
- packages/botonic-plugin-hubtype-babel/package.json
- packages/botonic-plugin-hubtype-babel/package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit
Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **748/1000** <br/> **Why?** Proof of Concept exploit,
Recently disclosed, Has a fix available, CVSS 7.1 | Cross-site Request
Forgery (CSRF)
<br/>[SNYK-JS-AXIOS-6032459](https://snyk.io/vuln/SNYK-JS-AXIOS-6032459)
| Yes | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
<details>
<summary><b>Commit messages</b></summary>
</br>
<details>
<summary>Package name: <b>axios</b></summary>
The new version differs by 250 commits.</br>
<ul>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/f7adacdbaa569281253c8cfc623ad3f4dc909c60">f7adacd</a>
chore(release): v1.6.0 (#6031)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/9917e67cbb6c157382863bad8c741de58e3f3c2b">9917e67</a>
chore(ci): fix release-it arg; (#6032)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0">96ee232</a>
fix(CSRF): fixed CSRF vulnerability CVE-2023-45857 (#6028)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/7d45ab2e2ad6e59f5475e39afd4b286b1f393fc0">7d45ab2</a>
chore(tests): fixed tests to pass in node v19 and v20 with
`keep-alive` enabled; (#6021)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/5aaff532a6b820bb9ab6a8cd0f77131b47e2adb8">5aaff53</a>
fix(dns): fixed lookup function decorator to work properly in node v20;
(#6011)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/a48a63ad823fc20e5a6a705f05f09842ca49f48c">a48a63a</a>
chore(docs): added AxiosHeaders docs; (#5932)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/a1c8ad008b3c13d53e135bbd0862587fb9d3fc09">a1c8ad0</a>
fix(types): fix AxiosHeaders types; (#5931)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/2ac731d60545ba5c4202c25fd2e732ddd8297d82">2ac731d</a>
chore(docs): update readme.md (#5889)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/88fb52b5fad7aabab0532e7ad086c5f1b0178905">88fb52b</a>
chore(release): v1.5.1 (#5920)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/e4107797a7a1376f6209fbecfbbce73d3faa7859">e410779</a>
fix(adapters): improved adapters loading logic to have clear error
messages; (#5919)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/bc9af51b1886d1b3529617702f2a21a6c0ed5d92">bc9af51</a>
fix(formdata): fixed automatic addition of the `Content-Type`
header for FormData in non-browser environments; (#5917)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/4c89f25196525e90a6e75eda9cb31ae0a2e18acd">4c89f25</a>
fix(headers): allow `content-encoding` header to handle
case-insensitive values (#5890) (#5892)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/ae003913a39f3bdf9bbbd8f71a1ed681fd044d8b">ae00391</a>
docs(paramsSerializer config within request config): update
documentation for paramsSerializer</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/a989ccdc1a672171e9b45d3f02edc260109a607c">a989ccd</a>
Change isNaN to Number.isNaN</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/b5b776037300ad1e0f800e95e33552030e641887">b5b7760</a>
docs: fix CommonJS usage note</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/9e6205630e1c9cf863adf141c0edb9e6d8d4b149">9e62056</a>
fix(types): removed duplicated code</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/6365751ba6725cc283f7364b9ee6ca9917e9737c">6365751</a>
chore(release): v1.5.0 (#5838)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/1601f4a27a81ab47fea228f1e244b2c4e3ce28bf">1601f4a</a>
feat(export): export adapters without `unsafe` prefix
(#5839)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/dff74ae374b75ad1b99cb1050fe4a4c52cf4b9f5">dff74ae</a>
docs: linting documentation notes (#5791)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/ca73eb878df0ae2dace81fe3a7f1fb5986231bf1">ca73eb8</a>
feat: export getAdapter function (#5324)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/9a414bb6c81796a95c6c7fe668637825458e8b6d">9a414bb</a>
fix(adapter): make adapter loading error more clear by using
platform-specific adapters explicitly (#5837)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/b3e327dcc9277bdce34c7ef57beedf644b00d628">b3e327d</a>
fix(dns): fixed `cacheable-lookup` integration; (#5836)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/8fda2766b1e6bcb72c3fabc146223083ef13ce17">8fda276</a>
fix(headers): fixed common Content-Type header merging; (#5832)</li>
<li><a
href="https://snyk.io/redirect/github/axios/axios/commit/d8b4ca0ea5f2f05efa4edfe1e7684593f9f68273">d8b4ca0</a>
fix(headers): added support for setting header names that overlap with
class methods; (#5831)</li>
</ul>
<a
href="https://snyk.io/redirect/github/axios/axios/compare/63dfce85ab8d598a934e7e32b68f94cb73a2eb4e...f7adacdbaa569281253c8cfc623ad3f4dc909c60">See
the full diff</a>
</details>
</details>
Check the changes in this PR to ensure they won't cause issues with your
project.
------------
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open fix PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI3YTBiOWY1YS0xODRlLTQxMmQtODk2My1iOWFhNGM3MDE2YTAiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjdhMGI5ZjVhLTE4NGUtNDEyZC04OTYzLWI5YWE0YzcwMTZhMCJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/manuelfidalgo/project/769ce794-fdf1-4a0f-b65f-8048a4452873?utm_source=github&utm_medium=referral&page=fix-pr)
🛠 [Adjust project
settings](https://app.snyk.io/org/manuelfidalgo/project/769ce794-fdf1-4a0f-b65f-8048a4452873?utm_source=github&utm_medium=referral&page=fix-pr/settings)
📚 [Read more about Snyk's upgrade and patch
logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: #
(snyk:metadata:{"prId":"7a0b9f5a-184e-412d-8963-b9aa4c7016a0","prPublicId":"7a0b9f5a-184e-412d-8963-b9aa4c7016a0","dependencies":[{"name":"axios","from":"0.25.0","to":"1.6.0"}],"packageManager":"npm","projectPublicId":"769ce794-fdf1-4a0f-b65f-8048a4452873","projectUrl":"https://app.snyk.io/org/manuelfidalgo/project/769ce794-fdf1-4a0f-b65f-8048a4452873?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-AXIOS-6032459"],"upgrade":["SNYK-JS-AXIOS-6032459"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[748],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
🦉 [Cross-site Request Forgery
(CSRF)](https://learn.snyk.io/lesson/csrf-attack/?loc=fix-pr)
Co-authored-by: snyk-bot <snyk-bot@snyk.io>- Loading branch information
