chore: bump axios to 1.15.0 to resolve dependabot alerts#565
chore: bump axios to 1.15.0 to resolve dependabot alerts#565jonathannorris merged 1 commit intomainfrom
Conversation
Deploying with
|
| Status | Name | Latest Commit | Updated (UTC) |
|---|---|---|---|
| ✅ Deployment successful! View logs |
devcycle-mcp-server | 69ca6ec | Apr 13 2026, 02:32 PM |
There was a problem hiding this comment.
Pull request overview
This PR updates the project’s HTTP client dependency to address Dependabot security alerts by bumping axios to a patched release and aligning the Yarn lockfile.
Changes:
- Bump
axiosfrom1.13.6to1.15.0inpackage.json. - Update Yarn
resolutionsto forceaxiosto1.15.0where applicable. - Regenerate
yarn.lockentries foraxiosand its updated transitive dependencyproxy-from-env.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Updates the direct axios dependency and adjusts resolutions to force 1.15.0. |
| yarn.lock | Updates the lockfile to axios@1.15.0 and proxy-from-env@2.1.0 with new checksums. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "resolutions": { | ||
| "axios@npm:^1.13.6": "1.13.6", | ||
| "axios@npm:^1.6.0": "1.13.6", | ||
| "axios@npm:^1.13.6": "1.15.0", |
There was a problem hiding this comment.
The resolutions entry "axios@npm:^1.13.6": "1.15.0" no longer appears to match any dependency descriptor in the current yarn.lock (there are no axios: "npm:^1.13.6" entries). Consider removing this unused selector or updating it to the range(s) that actually exist (e.g. keep only the ^1.6.0 selector) to avoid confusion about which installs are being forced.
| "axios@npm:^1.13.6": "1.15.0", |
Summary
axiosfrom1.13.6to1.15.0and updates resolutions to match1.15.0is confirmed clean — it's the release that addressed the1.14.xsupply chain issue we previously avoided