Skip to content

chore(deps): bump axios to ^1.16.0#892

Merged
B4nan merged 1 commit intomasterfrom
chore/dependabot-lockfile-updates
May 6, 2026
Merged

chore(deps): bump axios to ^1.16.0#892
B4nan merged 1 commit intomasterfrom
chore/dependabot-lockfile-updates

Conversation

@B4nan
Copy link
Copy Markdown
Member

@B4nan B4nan commented May 6, 2026

Summary

Bumps the direct axios dep range from ^1.6.7 to ^1.16.0 and updates pnpm-lock.yaml accordingly. axios resolves to 1.16.0, closing all axios Dependabot alerts (#221-#232).

Not addressed here — need more attention

  • postcss — one transitive entry stuck at 8.5.9 (pulled by some @csstools/postcss-* plugin). Needs a pnpm.overrides entry to force ≥ 8.5.10.
  • basic-ftp (alert Create Sjenica1 #217, high) — transitive at 5.2.2; patched 5.3.0. Doesn't bump via pnpm update; needs an override.
  • serialize-javascript — at 6.0.2; patched 7.x is a major bump. Needs an override.
  • elliptic (alert feat: Adding x-apify-workflow-key header #212, dev, low) — no patched version available upstream.

🤖 Generated with Claude Code

@B4nan @claude
chore(deps): bump axios to ^1.16.0 in lockfile
3ff6d32 
Resolves multiple Dependabot alerts for axios via lockfile-only update;
direct-dep range bumped from ^1.6.7 to ^1.16.0 to pick up the patch.

Remaining alerts (basic-ftp, postcss 8.5.9 transitive, elliptic, and
serialize-javascript major bump) are not addressed here.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@B4nan B4nan added the adhoc Ad-hoc unplanned task added during the sprint. label May 6, 2026
@github-actions github-actions Bot added this to the 140th sprint - Tooling team milestone May 6, 2026
@github-actions github-actions Bot added the t-tooling Issues with this label are in the ownership of the tooling team. label May 6, 2026
@B4nan B4nan requested a review from janbuchar May 6, 2026 09:18
@B4nan B4nan enabled auto-merge (squash) May 6, 2026 09:18
janbuchar
janbuchar approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@janbuchar janbuchar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

quite the bump, but LGTM

@B4nan B4nan merged commit 262ff0f into master May 6, 2026
7 checks passed
@B4nan B4nan deleted the chore/dependabot-lockfile-updates branch May 6, 2026 09:24
@B4nan
Copy link
Copy Markdown
Member Author

B4nan commented May 6, 2026

the actual bump is just v1.15 -> v1.16

https://github.com/apify/apify-client-js/pull/892/changes#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL31

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janbuchar janbuchar janbuchar approved these changes

Assignees

@B4nan B4nan

Labels

adhoc Ad-hoc unplanned task added during the sprint. t-tooling Issues with this label are in the ownership of the tooling team.

Projects

None yet

Milestone

140th sprint - Tooling team

Development

Successfully merging this pull request may close these issues.

3 participants

@B4nan @janbuchar @apify-service-account