erezrokah / aws-testing-library / 21922211716
100%
master: 100%

LAST BUILD BRANCH: renovate/major-commitlint-monorepo
DEFAULT BRANCH: master
Ran
Jobs 6
Files 34
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 99.726%. First build
21922211716

push

github

web-flow 
chore(deps): update dependency axios to v1.13.5 [security] (#953)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [axios](https://axios-http.com)
([source](https://redirect.github.com/axios/axios)) | [`1.13.2` →
`1.13.5`](https://renovatebot.com/diffs/npm/axios/1.13.2/1.13.5) |
![age](https://developer.mend.io/api/mc/badges/age/npm/axios/1.13.5?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/axios/1.13.2/1.13.5?slim=true)
|

### GitHub Vulnerability Alerts

####
[CVE-2026-25639](https://redirect.github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433)

# Denial of Service via **proto** Key in mergeConfig

### Summary

The `mergeConfig` function in axios crashes with a TypeError when
processing configuration objects containing `__proto__` as an own
property. An attacker can trigger this by providing a malicious
configuration object created via `JSON.parse()`, causing complete denial
of service.

### Details

The vulnerability exists in `lib/core/mergeConfig.js` at lines 98-101:

```javascript
utils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {
  const merge = mergeMap[prop] || mergeDeepProperties;
  const configValue = merge(config1[prop], config2[prop], prop);
  (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
});
```

When `prop` is `'__proto__'`:

1. `JSON.parse('{"__proto__": {...}}')` creates an object with
`__proto__` as an own enumerable property
2. `Object.keys()` includes `'__proto__'` in the iteration
3. `mergeMap['__proto__']` performs prototype chain lookup, returning
`Object.prototype` (truthy object)
4. The expression `mergeMap[prop] || mergeDeepProperties` evaluates to
`Object.prototype`
5. `Object.prototype(...)` throws `TypeError: merge is not a function`

The ... (continued)

122 of 124 branches covered (98.39%)

Branch coverage included in aggregate %.

606 of 606 relevant lines covered (100.0%)

27.92 hits per line

Jobs
ID Job ID Ran Files Coverage
1 run-macos-latest-node-lts/* - 21922211716.1 34
99.73
 GitHub Action Run
2 run-macos-latest-node-16.10.0 - 21922211716.2 34
99.73
 GitHub Action Run
3 run-ubuntu-latest-node-lts/* - 21922211716.3 34
99.73
 GitHub Action Run
4 run-ubuntu-latest-node-16.10.0 - 21922211716.4 34
99.73
 GitHub Action Run
5 run-windows-latest-node-16.10.0 - 21922211716.5 34
99.73
 GitHub Action Run
6 run-windows-latest-node-lts/* - 21922211716.6 34
99.73
 GitHub Action Run
Source Files on build 21922211716