[Security] Bump axios from 1.7.3 to 1.7.4 in /webapp
Bumps axios from 1.7.3 to 1.7.4. This update includes a security fix.
Vulnerabilities fixed
Server-Side Request Forgery in axios axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.
Patched versions: 1.7.4 Affected versions: >= 1.3.2, <= 1.7.3
Release notes
Sourced from axios's releases.
Release v1.7.4
Release notes:
Bug Fixes
- sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
- sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)
Contributors to this release
Changelog
Sourced from axios's changelog.
1.7.4 (2024-08-13)
Bug Fixes
- sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
- sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)
Contributors to this release
Commits
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot recreatewill recreate this MR rewriting all the manual changes and resolving conflicts