[Security] Bump follow-redirects from 1.15.1 to 1.15.4 in /frontend
Bumps follow-redirects from 1.15.1 to 1.15.4. This update includes a security fix.
Vulnerabilities fixed
Follow Redirects improperly handles URLs in the url.parse() function Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.
Patched versions: 1.15.4 Affected versions: < 1.15.4
Commits
-
6585820
Release version 1.15.4 of the npm package. -
7a6567e
Disallow bracketed hostnames. -
05629af
Prefer native URL instead of deprecated url.parse. -
1cba8e8
Prefer native URL instead of legacy url.resolve. -
72bc2a4
Simplify _processResponse error handling. -
3d42aec
Add bracket tests. -
bcbb096
Do not directly set Error properties. -
192dbe7
Release version 1.15.3 of the npm package. -
bd8c81e
Fix resource leak on destroy. -
9c728c3
Split linting and testing. - Additional commits viewable in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebase
will rebase this MR -
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts