erezrokah / aws-testing-library
100%
master: 100%

LAST BUILD BRANCH: renovate/major-commitlint-monorepo
DEFAULT BRANCH: master
Repo Added
Files 34
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

LAST BUILD ON BRANCH main
branch: main
CHANGE BRANCH
x

coverage: 99.726%. First build
21922211716

push

github

web-flow 
chore(deps): update dependency axios to v1.13.5 [security] (#953)

This PR contains the following updates:

| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [axios](https://axios-http.com)
([source](https://redirect.github.com/axios/axios)) | [`1.13.2` →
`1.13.5`](https://renovatebot.com/diffs/npm/axios/1.13.2/1.13.5) |
![age](https://developer.mend.io/api/mc/badges/age/npm/axios/1.13.5?slim=true)
|
![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/axios/1.13.2/1.13.5?slim=true)
|

### GitHub Vulnerability Alerts

####
[CVE-2026-25639](https://redirect.github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433)

# Denial of Service via **proto** Key in mergeConfig

### Summary

The `mergeConfig` function in axios crashes with a TypeError when
processing configuration objects containing `__proto__` as an own
property. An attacker can trigger this by providing a malicious
configuration object created via `JSON.parse()`, causing complete denial
of service.

### Details

The vulnerability exists in `lib/core/mergeConfig.js` at lines 98-101:

```javascript
utils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {
  const merge = mergeMap[prop] || mergeDeepProperties;
  const configValue = merge(config1[prop], config2[prop], prop);
  (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
});
```

When `prop` is `'__proto__'`:

1. `JSON.parse('{"__proto__": {...}}')` creates an object with
`__proto__` as an own enumerable property
2. `Object.keys()` includes `'__proto__'` in the iteration
3. `mergeMap['__proto__']` performs prototype chain lookup, returning
`Object.prototype` (truthy object)
4. The expression `mergeMap[prop] || mergeDeepProperties` evaluates to
`Object.prototype`
5. `Object.prototype(...)` throws `TypeError: merge is not a function`

The ... (continued)

122 of 124 branches covered (98.39%)

Branch coverage included in aggregate %.

606 of 606 relevant lines covered (100.0%)

27.92 hits per line

Relevant lines Covered
606 RELEVANT LINES 606 COVERED LINES
27.92 HITS PER LINE
Source Files on main

Recent builds

Builds Branch Commit Type Ran Committer Via Coverage
21922211716 main chore(deps): update dependency axios to v1.13.5 [security] (#953) This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |... push web-flow github
99.73
19020841700 main chore(deps): update dependency axios to v1.13.1 (#948) This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [axios](https://axios-http.com) ([source](https://redirect.github.com/axios/axios)) | [`1.... push web-flow github
99.73
18826204633 main chore(deps): update dependency typescript to v5.9.3 (#947) This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [typescript](https://www.typescriptlang.org/) ([source](https://redirect.github.com/mi... push web-flow github
99.73
18826162099 main chore(deps): update dependency prettier to v3.6.2 (#946) This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [prettier](https://prettier.io) ([source](https://redirect.github.com/prettier/prettier)... push web-flow github
99.73
18639504887 main chore(deps): update dependency ts-jest to v29.4.5 (#945) This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [ts-jest](https://kulshekhar.github.io/ts-jest) ([source](https://redirect.github.com/ku... push web-flow github
99.73
18639467116 main chore(deps): update dependency @types/node to v18.19.130 (#944) This PR contains the following updates: | Package | Change | Age | Confidence | |---|---|---|---| | [@types/node](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/ma... push web-flow github
99.73
18267275409 main chore(deps): update dependency eslint-config-prettier to v8.10.2 (#943) > [!NOTE] > Mend has cancelled [the proposed renaming](https://redirect.github.com/renovatebot/renovate/discussions/37842) of the Renovate GitHub app being renamed to `mend[b... push web-flow github
99.73
18267202286 main chore(deps): update dependency axios to v0.30.2 [security] (#941) > [!NOTE] > Mend has cancelled [the proposed renaming](https://redirect.github.com/renovatebot/renovate/discussions/37842) of the Renovate GitHub app being renamed to `mend[bot]`. ... push web-flow github
99.73
18267153529 main chore(deps): update dependency @types/node to v18.19.129 (#942) > [!NOTE] > Mend has cancelled [the proposed renaming](https://redirect.github.com/renovatebot/renovate/discussions/37842) of the Renovate GitHub app being renamed to `mend[bot]`. > ... push web-flow github
99.73
15813281076 main chore(deps): update dependency @types/node to v18.19.112 (#939) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@types/node](https://redirect.github.com/Definitely... push web-flow github
99.73
See All Builds (2530)