Bump @nuxtjs/axios from 5.5.2 to 5.5.3 in /webapp

Review changes
Download
Patches
Plain diff

Closed Bump @nuxtjs/axios from 5.5.2 to 5.5.3 in /webapp

pr710head into pr710base

Overview 1
Commits 1
Pipelines 0
Changes 2

Closed Hannes Heine requested to merge pr710head into pr710base 4 years ago

Overview 1
Commits 1
Pipelines 0
Changes 2

Created by: Tirokk

Authored by dependabot-preview[bot] May 31, 2019 Merged May 31, 2019

Bumps @nuxtjs/axios from 5.5.2 to 5.5.3.

Release notes

Sourced from @nuxtjs/axios's releases.

v5.5.3

️ This release force bumps axios dependency to ^0.19.0. Upgrading is highly recommended as of known vulnerability recently discovered in this package (CVE-2019-10742)

️ If you also manually specified axios in your package.json dependencies or devDependencies, it is also advised to change it to ^0.19.0

Changelog

Sourced from @nuxtjs/axios's changelog.

5.5.3 (2019-05-30)

Bug Fixes

bump axios to ^0.19.0 (ee8f999)

Commits

e58983d chore(release): 5.5.3
ee8f999 fix: bump axios to ^0.19.0
c7cbf4e chore(deps): update dependency consola to ^2.7.1 (#252)
f56c4fb chore(deps): bump webpack-bundle-analyzer from 3.1.0 to 3.3.2 (#251)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)
Automerge options (never/patch/minor, and dev/runtime dependencies)
Pull request limits (per update run and/or open at any time)
Out-of-range updates (receive only lockfile updates, if desired)
Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.

Merge request reports

Assignee

0 Reviewers

Request review from

Labels

None

Select labels

Manage project labels

Milestone

None

Time tracking

Participants