steem-wise-core icon indicating copy to clipboard operation
steem-wise-core copied to clipboard
verified publisher icon wise-team

fix(deps): update dependency axios to v0.18.1 [security]

Open renovate[bot] opened this issue 6 years ago • 0 comments

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
axios 0.18.0 -> 0.18.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2019-10742

Versions of axios prior to 0.18.1 are vulnerable to Denial of Service. If a request exceeds the maxContentLength property, the package prints an error but does not stop the request. This may cause high CPU usage and lead to Denial of Service.

Recommendation

Upgrade to 0.18.1 or later.

Release Notes

axios/axios

v0.18.1

Compare Source

Security Fix:

  • Destroy stream on exceeding maxContentLength (fixes #​1098) (#​1485) - Gadzhi Gadzhiev

Renovate configuration

:date: Schedule: "" (UTC).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

:no_bell: Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by WhiteSource Renovate. View repository job log here.

renovate[bot] avatar Jun 01 '19 09:06 renovate[bot]