[Snyk] Fix for 8 vulnerabilities by cuongdevjs · Pull Request #25 · cuongdevjs/vue-typescript-admin ·

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Pollution SNYK-JS-LODASH-608086	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: axios

The new version differs by 166 commits.

e367be5 [Releasing] 0.21.3
83ae383 Correctly add response interceptors to interceptor chain (#4013)
c0c8761 [Updating] changelog to include links to issues and contributors
619bb46 [Releasing] v0.21.2
82c9455 Create SECURITY.md (#3981)
5b45711 Security fix for ReDoS (#3980)
5bc9ea2 Update ECOSYSTEM.md (#3817)
e72813a Fixing README.md (#3818)
e10a027 Fix README typo under Request Config (#3825)
e091491 Update README.md (#3936)
b42fbad Removed un-needed bracket
520c8dc Updating CI status badge (#3953)
4fbeecb Adding CI on Actions. (#3938)
e9965bf Fixing the sauce labs tests (#3813)
dbc634c Remove charset in tests (#3807)
3958e9f Add explanation of cancel token (#3803)
69949a6 Adding custom return type support to interceptor (#3783)
49509f6 Create FUNDING.yml (#3796)
199c8aa Adding parseInt to config.timeout (#3781)
94fc4ea Adding isAxiosError typeguard documentation (#3767)
0ece97c Fixing quadratic runtime when setting a maxContentLength (#3738)
a18a0ec Updating `lib/core/README.md` about Dising requests (#3772)
59fa614 [Updated] follow-redirects to the latest version (#3771)
7821ed2 Feat/json improvements (#3763)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Pollution
🦉 Pollution
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn

fix: package.json & package-lock.json to reduce vulnerabilities

55a8596

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://snyk.io/vuln/SNYK-JS-AXIOS-1579269
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-608086

Sign up for free to join this conversation on . Already have an account? Sign in to comment