chore: [sc-12641] patch-vulnerability

[italo-addsearch]

Story details: https://app.shortcut.com/addsearch/story/12641

Summary by CodeRabbit

• Chores
  • Bumped application version to 1.1.3.
  • Updated HTTP client dependency to a newer release, improving stability and compatibility.
  • No changes to public APIs or user-facing features.

[coderabbitai]

Walkthrough

Bumps the package version to 1.1.3 and updates the axios dependency range from ^1.7.2 to ^1.12.0 in package.json. No changes to exports or public APIs.

Changes

Cohort / File(s)	Summary
Version and dependency updates `package.json`	Increment version 1.1.2 → 1.1.3; update dependency `axios` ^1.7.2 → ^1.12.0

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Increase version 1.1.2 #90 — Prior version bump in package.json (1.1.1→1.1.2), preceding this increment.

Suggested reviewers

• kanarupan-addsearch

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title clearly identifies the PR as a chore to remediate specific security issues by listing the CVE IDs and includes the tracking story ID, which matches the PR objective to update dependencies; this accurately communicates the main purpose. The phrase "several frontend projects" is slightly broader than the single package.json change in this changeset, but the intent to apply CVE fixes is still clear.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch sc-12641/patch-vulnerability

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5976768 and 70f7037.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (2 hunks)

🔇 Additional comments (2)

package.json (2)

3-3: Patch version bump looks good; add release hygiene.

Please add/update CHANGELOG and plan a tagged release (v1.1.3) that references the CVEs in the PR title. Ensure the dist artifacts are rebuilt before publishing.

---

49-49: Axios ^1.12.0 — repo scan OK; run tests & audit before merge

• Findings: axios is used in src/api.ts (axios.create) and src/indexingapi.ts (axios({...})); tests use axios-mock-adapter in test/apifetch.test.ts; package-lock.json pins axios -> 1.12.2.
• No occurrences of CancelToken, transformRequest, transformResponse, or custom adapter wiring were found in JS/TS files.
• Web check: no breaking API changes between 1.7.x and 1.12.x; axios-mock-adapter ^1.21 is compatible with axios 1.x.
• Action required: run the full test suite and npm/yarn audit locally or in CI; ensure other lockfiles (yarn.lock/pnpm-lock.yaml) are updated if used. Merge only after CI passes and audit is clean.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud