Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed formDataToJSON prototype pollution vulnerability; #6167

Merged
merged 35 commits into from
Jan 3, 2024
Merged

Fixed formDataToJSON prototype pollution vulnerability; #6167

merged 35 commits into from
Jan 3, 2024

Conversation

DigitalBrainJS
Copy link
Collaborator

No description provided.

@DigitalBrainJS
chore(ci): Add release-it script;
3f2f496
@DigitalBrainJS
Merge branch 'chore/release-it' into v1.x
1bfc41b
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
acaf0f4 
� Conflicts:
�	package-lock.json
�	package.json
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
8a5de86
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
cff9271
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
67afe20
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
dc7b66d
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
716eb59
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
10216bf
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
3b199f4
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
f3d444f
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
077c381
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
f598657
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
7bf5713
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
81a8bd6
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
f8bb158
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
3f1c768
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
a9b0418
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
1a16f4e
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
5e22e2f
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
b7c77b0
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
2200038
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
df38e0c
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
878548a
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
7a33bcd
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
5cafdeb
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
f0e6b28
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
98371b0
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
bee6e45
@DigitalBrainJS
Merge branch 'v1.x' of https://github.com/axios/axios into v1.x
c97df04
@davesag davesag mentioned this pull request Jun 4, 2024
Merged
This was referenced Jun 4, 2024
Open
Open
This was referenced Jun 4, 2024
Open
Open
Open
Open
@hangrybear666 hangrybear666 mentioned this pull request Jun 5, 2024
Closed
This was referenced Jun 5, 2024
Open
Open
This was referenced Jun 5, 2024
Open
Open
@gauravbhandari2503 gauravbhandari2503 mentioned this pull request Jun 5, 2024
Open
@nejidevelops nejidevelops mentioned this pull request Jun 5, 2024
Open
@OKEAMAH OKEAMAH mentioned this pull request Jun 5, 2024
Open
This was referenced Jun 6, 2024
Open
Open
@wd3bbas wd3bbas mentioned this pull request Jun 7, 2024
Open
@NOUIY NOUIY mentioned this pull request Jun 7, 2024
Open
@nejidevelops nejidevelops mentioned this pull request Jun 7, 2024
Open
@paaschdigital paaschdigital mentioned this pull request Jun 7, 2024
Open
@nejidevelops nejidevelops mentioned this pull request Jun 8, 2024
Open
@WontonSam WontonSam mentioned this pull request Jun 8, 2024
Open
@nejidevelops nejidevelops mentioned this pull request Jun 9, 2024
Open
@Josegutierrez69 Josegutierrez69 mentioned this pull request Jun 9, 2024
Open
stefan0509 pushed a commit to stefan0509/milliorn-recipes-react that referenced this pull request Jul 29, 2024
@dependabot @milliorn
Bump axios from 1.5.1 to 1.6.5 (#388)
538181c 
[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps [axios](https://github.com/axios/axios) from 1.5.1 to 1.6.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.6.5</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>ci:</strong> refactor notify action as a job of publish
action; (<a
href="https://redirect.github.com/axios/axios/issues/6176">#6176</a>)
(<a
href="https://github.com/axios/axios/commit/0736f95ce8776366dc9ca569f49ba505feb6373c">0736f95</a>)</li>
<li><strong>dns:</strong> fixed lookup error handling; (<a
href="https://redirect.github.com/axios/axios/issues/6175">#6175</a>)
(<a
href="https://github.com/axios/axios/commit/f4f2b039dd38eb4829e8583caede4ed6d2dd59be">f4f2b03</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+41/-6
([#6176](axios/axios#6176)
[#6175](axios/axios#6175) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+6/-1 ()">Jay</a></li>
</ul>
<h2>Release v1.6.4</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>security:</strong> fixed formToJSON prototype pollution
vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)
(<a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e">3c0c11c</a>)</li>
<li><strong>security:</strong> fixed security vulnerability in
follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)
(<a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8">75af1cd</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+34/-6 ()">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+34/-3
([#6172](axios/axios#6172)
[#6167](axios/axios#6167) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/gnesher"
title="+10/-10 ([#6163](axios/axios#6163)
)">Guy Nesher</a></li>
</ul>
<h2>Release v1.6.3</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Regular Expression Denial of Service (ReDoS) (<a
href="https://redirect.github.com/axios/axios/issues/6132">#6132</a>)
(<a
href="https://github.com/axios/axios/commit/5e7ad38fb0f819fceb19fb2ee5d5d38f56aa837d">5e7ad38</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+15/-6 ([#6145](axios/axios#6145)
)">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/WillianAgostini" title="+17/-2
([#6132](axios/axios#6132) )">Willian
Agostini</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+3/-0
([#6084](axios/axios#6084) )">Dmitriy
Mozgovoy</a></li>
</ul>
<h2>Release v1.6.2</h2>
<h2>Release notes:</h2>
<h3>Features</h3>
<ul>
<li><strong>withXSRFToken:</strong> added withXSRFToken option as a
workaround to achieve the old <code>withCredentials</code> behavior; (<a
href="https://redirect.github.com/axios/axios/issues/6046">#6046</a>)
(<a
href="https://github.com/axios/axios/commit/cff996779b272a5e94c2b52f5503ccf668bc42dc">cff9967</a>)</li>
</ul>
<h3>PRs</h3>
<ul>
<li>feat(withXSRFToken): added withXSRFToken option as a workaround to
achieve the old `withCredentials` behavior; ( <a
href="https://api.github.com/repos/axios/axios/pulls/6046">#6046</a>
)</li>
</ul>
<pre><code>
📢 This PR added &amp;#x27;withXSRFToken&amp;#x27; option as a
replacement for old withCredentials behaviour.
You should now use withXSRFToken along with withCredential to get the
old behavior.
This functionality is considered as a fix.
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/axios/axios/compare/v1.6.4...v1.6.5">1.6.5</a>
(2024-01-05)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>ci:</strong> refactor notify action as a job of publish
action; (<a
href="https://redirect.github.com/axios/axios/issues/6176">#6176</a>)
(<a
href="https://github.com/axios/axios/commit/0736f95ce8776366dc9ca569f49ba505feb6373c">0736f95</a>)</li>
<li><strong>dns:</strong> fixed lookup error handling; (<a
href="https://redirect.github.com/axios/axios/issues/6175">#6175</a>)
(<a
href="https://github.com/axios/axios/commit/f4f2b039dd38eb4829e8583caede4ed6d2dd59be">f4f2b03</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+41/-6
([#6176](axios/axios#6176)
[#6175](axios/axios#6175) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+6/-1 ()">Jay</a></li>
</ul>
<h2><a
href="https://github.com/axios/axios/compare/v1.6.3...v1.6.4">1.6.4</a>
(2024-01-03)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>security:</strong> fixed formToJSON prototype pollution
vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)
(<a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e">3c0c11c</a>)</li>
<li><strong>security:</strong> fixed security vulnerability in
follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)
(<a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8">75af1cd</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+34/-6 ()">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+34/-3
([#6172](axios/axios#6172)
[#6167](axios/axios#6167) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/gnesher"
title="+10/-10 ([#6163](axios/axios#6163)
)">Guy Nesher</a></li>
</ul>
<h2><a
href="https://github.com/axios/axios/compare/v1.6.2...v1.6.3">1.6.3</a>
(2023-12-26)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Regular Expression Denial of Service (ReDoS) (<a
href="https://redirect.github.com/axios/axios/issues/6132">#6132</a>)
(<a
href="https://github.com/axios/axios/commit/5e7ad38fb0f819fceb19fb2ee5d5d38f56aa837d">5e7ad38</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+15/-6 ([#6145](axios/axios#6145)
)">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/WillianAgostini" title="+17/-2
([#6132](axios/axios#6132) )">Willian
Agostini</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+3/-0
([#6084](axios/axios#6084) )">Dmitriy
Mozgovoy</a></li>
</ul>
<h2><a
href="https://github.com/axios/axios/compare/v1.6.1...v1.6.2">1.6.2</a>
(2023-11-14)</h2>
<h3>Features</h3>
<ul>
<li><strong>withXSRFToken:</strong> added withXSRFToken option as a
workaround to achieve the old <code>withCredentials</code> behavior; (<a
href="https://redirect.github.com/axios/axios/issues/6046">#6046</a>)
(<a
href="https://github.com/axios/axios/commit/cff996779b272a5e94c2b52f5503ccf668bc42dc">cff9967</a>)</li>
</ul>
<h3>PRs</h3>
<ul>
<li>feat(withXSRFToken): added withXSRFToken option as a workaround to
achieve the old `withCredentials` behavior; ( <a
href="https://api.github.com/repos/axios/axios/pulls/6046">#6046</a>
)</li>
</ul>
<pre><code>&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/6d4c421ee157d93b47f3f9082a7044b1da221461"><code>6d4c421</code></a>
chore(release): v1.6.5 (<a
href="https://redirect.github.com/axios/axios/issues/6177">#6177</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/0736f95ce8776366dc9ca569f49ba505feb6373c"><code>0736f95</code></a>
fix(ci): refactor notify action as a job of publish action; (<a
href="https://redirect.github.com/axios/axios/issues/6176">#6176</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/f4f2b039dd38eb4829e8583caede4ed6d2dd59be"><code>f4f2b03</code></a>
fix(dns): fixed lookup error handling; (<a
href="https://redirect.github.com/axios/axios/issues/6175">#6175</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/1f73dcbbe0bb37f9e9908abb46a3c252536655c8"><code>1f73dcb</code></a>
docs: update sponsor links</li>
<li><a
href="https://github.com/axios/axios/commit/8790b8e7847c7f450544e7195c837ffc10fcb160"><code>8790b8e</code></a>
chore(release): v1.6.4 (<a
href="https://redirect.github.com/axios/axios/issues/6173">#6173</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/0ad520de0f087b7e012e432660e44631be7f689e"><code>0ad520d</code></a>
chore(ci): fix notify action; (<a
href="https://redirect.github.com/axios/axios/issues/6172">#6172</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e"><code>3c0c11c</code></a>
fix(security): fixed formToJSON prototype pollution vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8"><code>75af1cd</code></a>
fix(security): fixed security vulnerability in follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/90864b3a3fb52ede567f7dd70b055f1f45c162ef"><code>90864b3</code></a>
docs: update logos</li>
<li><a
href="https://github.com/axios/axios/commit/1542719bc7300f885df202942eff986a3d826372"><code>1542719</code></a>
docs: updated headline sponsors</li>
<li>Additional commits viewable in <a
href="https://github.com/axios/axios/compare/v1.5.1...v1.6.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.5.1&new-version=1.6.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Scott Milliorn <scottmilliorn@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Scott Milliorn <scottmilliorn@gmail.com>
manudeli added a commit to toss/suspensive that referenced this pull request Aug 3, 2024
@manudeli @dependabot
chore(deps): Bump axios from 1.6.3 to 1.6.4 (#549)
0c2e830 
Bumps [axios](https://github.com/axios/axios) from 1.6.3 to 1.6.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.6.4</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>security:</strong> fixed formToJSON prototype pollution
vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)
(<a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e">3c0c11c</a>)</li>
<li><strong>security:</strong> fixed security vulnerability in
follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)
(<a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8">75af1cd</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+34/-6 ()">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+34/-3
([#6172](axios/axios#6172)
[#6167](axios/axios#6167) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/gnesher"
title="+10/-10 ([#6163](axios/axios#6163)
)">Guy Nesher</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/axios/axios/compare/v1.6.3...v1.6.4">1.6.4</a>
(2024-01-03)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>security:</strong> fixed formToJSON prototype pollution
vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)
(<a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e">3c0c11c</a>)</li>
<li><strong>security:</strong> fixed security vulnerability in
follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)
(<a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8">75af1cd</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+34/-6 ()">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+34/-3
([#6172](axios/axios#6172)
[#6167](axios/axios#6167) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/gnesher"
title="+10/-10 ([#6163](axios/axios#6163)
)">Guy Nesher</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/8790b8e7847c7f450544e7195c837ffc10fcb160"><code>8790b8e</code></a>
chore(release): v1.6.4 (<a
href="https://redirect.github.com/axios/axios/issues/6173">#6173</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/0ad520de0f087b7e012e432660e44631be7f689e"><code>0ad520d</code></a>
chore(ci): fix notify action; (<a
href="https://redirect.github.com/axios/axios/issues/6172">#6172</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e"><code>3c0c11c</code></a>
fix(security): fixed formToJSON prototype pollution vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8"><code>75af1cd</code></a>
fix(security): fixed security vulnerability in follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/90864b3a3fb52ede567f7dd70b055f1f45c162ef"><code>90864b3</code></a>
docs: update logos</li>
<li><a
href="https://github.com/axios/axios/commit/1542719bc7300f885df202942eff986a3d826372"><code>1542719</code></a>
docs: updated headline sponsors</li>
<li>See full diff in <a
href="https://github.com/axios/axios/compare/v1.6.3...v1.6.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.6.3&new-version=1.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
manudeli added a commit to toss/suspensive that referenced this pull request Aug 3, 2024
@manudeli
chore(deps): Bump axios from 1.6.3 to 1.6.4 (#549)
4199c4a 
Bumps [axios](https://github.com/axios/axios) from 1.6.3 to 1.6.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.6.4</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>security:</strong> fixed formToJSON prototype pollution
vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)
(<a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e">3c0c11c</a>)</li>
<li><strong>security:</strong> fixed security vulnerability in
follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)
(<a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8">75af1cd</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+34/-6 ()">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+34/-3
([#6172](axios/axios#6172)
[#6167](axios/axios#6167) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/gnesher"
title="+10/-10 ([#6163](axios/axios#6163)
)">Guy Nesher</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/axios/axios/compare/v1.6.3...v1.6.4">1.6.4</a>
(2024-01-03)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>security:</strong> fixed formToJSON prototype pollution
vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)
(<a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e">3c0c11c</a>)</li>
<li><strong>security:</strong> fixed security vulnerability in
follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)
(<a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8">75af1cd</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+34/-6 ()">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+34/-3
([#6172](axios/axios#6172)
[#6167](axios/axios#6167) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/gnesher"
title="+10/-10 ([#6163](axios/axios#6163)
)">Guy Nesher</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/8790b8e7847c7f450544e7195c837ffc10fcb160"><code>8790b8e</code></a>
chore(release): v1.6.4 (<a
href="https://redirect.github.com/axios/axios/issues/6173">#6173</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/0ad520de0f087b7e012e432660e44631be7f689e"><code>0ad520d</code></a>
chore(ci): fix notify action; (<a
href="https://redirect.github.com/axios/axios/issues/6172">#6172</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e"><code>3c0c11c</code></a>
fix(security): fixed formToJSON prototype pollution vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8"><code>75af1cd</code></a>
fix(security): fixed security vulnerability in follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/90864b3a3fb52ede567f7dd70b055f1f45c162ef"><code>90864b3</code></a>
docs: update logos</li>
<li><a
href="https://github.com/axios/axios/commit/1542719bc7300f885df202942eff986a3d826372"><code>1542719</code></a>
docs: updated headline sponsors</li>
<li>See full diff in <a
href="https://github.com/axios/axios/compare/v1.6.3...v1.6.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.6.3&new-version=1.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
manudeli added a commit to toss/suspensive that referenced this pull request Aug 3, 2024
@manudeli @dependabot
chore(deps): Bump axios from 1.6.3 to 1.6.4 (#549)
06506c2 
Bumps [axios](https://github.com/axios/axios) from 1.6.3 to 1.6.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.6.4</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>security:</strong> fixed formToJSON prototype pollution
vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)
(<a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e">3c0c11c</a>)</li>
<li><strong>security:</strong> fixed security vulnerability in
follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)
(<a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8">75af1cd</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+34/-6 ()">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+34/-3
([#6172](axios/axios#6172)
[#6167](axios/axios#6167) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/gnesher"
title="+10/-10 ([#6163](axios/axios#6163)
)">Guy Nesher</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/axios/axios/compare/v1.6.3...v1.6.4">1.6.4</a>
(2024-01-03)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>security:</strong> fixed formToJSON prototype pollution
vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)
(<a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e">3c0c11c</a>)</li>
<li><strong>security:</strong> fixed security vulnerability in
follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)
(<a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8">75af1cd</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+34/-6 ()">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+34/-3
([#6172](axios/axios#6172)
[#6167](axios/axios#6167) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/gnesher"
title="+10/-10 ([#6163](axios/axios#6163)
)">Guy Nesher</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/8790b8e7847c7f450544e7195c837ffc10fcb160"><code>8790b8e</code></a>
chore(release): v1.6.4 (<a
href="https://redirect.github.com/axios/axios/issues/6173">#6173</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/0ad520de0f087b7e012e432660e44631be7f689e"><code>0ad520d</code></a>
chore(ci): fix notify action; (<a
href="https://redirect.github.com/axios/axios/issues/6172">#6172</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e"><code>3c0c11c</code></a>
fix(security): fixed formToJSON prototype pollution vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8"><code>75af1cd</code></a>
fix(security): fixed security vulnerability in follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/90864b3a3fb52ede567f7dd70b055f1f45c162ef"><code>90864b3</code></a>
docs: update logos</li>
<li><a
href="https://github.com/axios/axios/commit/1542719bc7300f885df202942eff986a3d826372"><code>1542719</code></a>
docs: updated headline sponsors</li>
<li>See full diff in <a
href="https://github.com/axios/axios/compare/v1.6.3...v1.6.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.6.3&new-version=1.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
manudeli added a commit to toss/suspensive that referenced this pull request Aug 3, 2024
@manudeli
chore(deps): Bump axios from 1.6.3 to 1.6.4 (#549)
791f5d2 
Bumps [axios](https://github.com/axios/axios) from 1.6.3 to 1.6.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/releases">axios's
releases</a>.</em></p>
<blockquote>
<h2>Release v1.6.4</h2>
<h2>Release notes:</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>security:</strong> fixed formToJSON prototype pollution
vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)
(<a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e">3c0c11c</a>)</li>
<li><strong>security:</strong> fixed security vulnerability in
follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)
(<a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8">75af1cd</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+34/-6 ()">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+34/-3
([#6172](axios/axios#6172)
[#6167](axios/axios#6167) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/gnesher"
title="+10/-10 ([#6163](axios/axios#6163)
)">Guy Nesher</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/axios/axios/compare/v1.6.3...v1.6.4">1.6.4</a>
(2024-01-03)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>security:</strong> fixed formToJSON prototype pollution
vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)
(<a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e">3c0c11c</a>)</li>
<li><strong>security:</strong> fixed security vulnerability in
follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)
(<a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8">75af1cd</a>)</li>
</ul>
<h3>Contributors to this release</h3>
<ul>
<li><!-- raw HTML omitted --> <a href="https://github.com/jasonsaayman"
title="+34/-6 ()">Jay</a></li>
<li><!-- raw HTML omitted --> <a
href="https://github.com/DigitalBrainJS" title="+34/-3
([#6172](axios/axios#6172)
[#6167](axios/axios#6167) )">Dmitriy
Mozgovoy</a></li>
<li><!-- raw HTML omitted --> <a href="https://github.com/gnesher"
title="+10/-10 ([#6163](axios/axios#6163)
)">Guy Nesher</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/axios/axios/commit/8790b8e7847c7f450544e7195c837ffc10fcb160"><code>8790b8e</code></a>
chore(release): v1.6.4 (<a
href="https://redirect.github.com/axios/axios/issues/6173">#6173</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/0ad520de0f087b7e012e432660e44631be7f689e"><code>0ad520d</code></a>
chore(ci): fix notify action; (<a
href="https://redirect.github.com/axios/axios/issues/6172">#6172</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/3c0c11cade045c4412c242b5727308cff9897a0e"><code>3c0c11c</code></a>
fix(security): fixed formToJSON prototype pollution vulnerability; (<a
href="https://redirect.github.com/axios/axios/issues/6167">#6167</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/75af1cdff5b3a6ca3766d3d3afbc3115bb0811b8"><code>75af1cd</code></a>
fix(security): fixed security vulnerability in follow-redirects (<a
href="https://redirect.github.com/axios/axios/issues/6163">#6163</a>)</li>
<li><a
href="https://github.com/axios/axios/commit/90864b3a3fb52ede567f7dd70b055f1f45c162ef"><code>90864b3</code></a>
docs: update logos</li>
<li><a
href="https://github.com/axios/axios/commit/1542719bc7300f885df202942eff986a3d826372"><code>1542719</code></a>
docs: updated headline sponsors</li>
<li>See full diff in <a
href="https://github.com/axios/axios/compare/v1.6.3...v1.6.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=axios&package-manager=npm_and_yarn&previous-version=1.6.3&new-version=1.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dubzzz dubzzz dubzzz left review comments

Assignees
No one assigned
Labels
v1.6.4
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DigitalBrainJS @aegilops @dubzzz