[Snyk] Security upgrade axios from 0.21.4 to 1.13.5#16
[Snyk] Security upgrade axios from 0.21.4 to 1.13.5#16TimCrooker wants to merge 1 commit intomasterfrom
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-15252993
There was a problem hiding this comment.
Pull request overview
This PR is a Snyk-generated security upgrade that aims to fix a high-severity Prototype Pollution vulnerability (SNYK-JS-AXIOS-15252993) in the axios package. The upgrade attempts to move from axios 0.21.x to version 1.13.5, which represents a major version upgrade from the 0.x to 1.x branch.
Changes:
- Update axios dependency from ^0.21.1 to ^1.13.5 in the axios plugin package.json
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| }, | ||
| "dependencies": { | ||
| "axios": "^0.21.1" | ||
| "axios": "^1.13.5" |
There was a problem hiding this comment.
There is a discrepancy between the PR description and the actual code change. The PR description states this is upgrading from version 0.21.4, but the diff shows the current version in the code is ^0.21.1. While this doesn't affect the functionality of the upgrade itself, it indicates a mismatch between what Snyk detected and what's actually in the codebase, which could be confusing for reviewers.
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
plugins/axios/package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-AXIOS-15252993
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution