chore(deps): bump axios from 1.13.1 to 1.13.5#3834
chore(deps): bump axios from 1.13.1 to 1.13.5#3834dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
dependabot
bot
added
dependencies
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
2 similar comments
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/axios-1.13.5
branch
from
d8b67ee to
9c35891
Compare
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
1 similar comment
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| "@octokit/request": "^5.6.3", | ||
| "@octokit/rest": "^22.0.0", | ||
| "axios": "^1.13.1", | ||
| "axios": "^0.30.3", |
There was a problem hiding this comment.
Axios version downgraded to legacy
High Severity
This change sets the repo’s direct axios dependency to ^0.30.3 (legacy 0.x) in multiple packages, even though the PR intent and lockfile also reference axios@1.13.5. This effectively downgrades the runtime axios API/behavior used by the code and can introduce breaking differences versus the previously used 1.x line.
Additional Locations (2)
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
1 similar comment
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/axios-1.13.5
branch
from
9c35891 to
8a7c950
Compare
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
2 similar comments
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/axios-1.13.5
branch
from
8a7c950 to
f19591a
Compare
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
3 similar comments
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
Bumps [axios](https://github.com/axios/axios) from 1.13.1 to 1.13.5. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.1...v1.13.5) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/axios-1.13.5
branch
from
f19591a to
fc3cf42
Compare
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
2 similar comments
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
Bumps axios from 1.13.1 to 1.13.5.
Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
29f7542chore(release): prepare release 1.13.5 (#7379)431c3a3ci: fix run condition (#7373)9ff3a78ci: update ymls (#7372)265b712docs: fix deprecated Buffer constructor and formatting issues in README (#7371)475e75afeat: add input validation to isAbsoluteURL (#7326)28c7215fix: Denial of Service via proto Key in mergeConfig (#7369)04cf019docs: clarify object check comment (#7323)696fa75fix: status is missing in AxiosError on and after v1.13.3 (#7368)569f028fix: added a option to choose between legacy and the new request/response int...44b7c9fchore(deps-dev): bump karma-sourcemap-loader (#7360)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Medium Risk
Touches a widely used HTTP client across many runtime packages; behavior differences between
axiosmajor/minor lines could subtly affect request handling and error semantics.Overview
Updates
axiosacross the backend and multiple worker/lib packages, effectively standardizing onaxios@0.30.3and updatingpnpm-lock.yamlto match.The lockfile also shifts several transitive HTTP-related deps (notably
follow-redirects/form-data) and changes theclearbitneedlesource from a tarball URL to a git URL.Written by Cursor Bugbot for commit fc3cf42. This will update automatically on new commits. Configure here.