Skip to content

fix: bump axios and add shared .npmrc config [DX-422] #2570

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 26, 2025
Merged

fix: bump axios and add shared .npmrc config [DX-422] #2570

merged 2 commits into from
Sep 26, 2025

Conversation

@whitelisab
Copy link
Contributor

@whitelisab whitelisab commented Sep 26, 2025

Summary

Addresses two issues:

  • Explicitly bump axios version to stable version to address security vulnerabilities
  • Add a shared .npmrc config to add npm as the registry for @contentful scoped packages

Description

The package-lock.json file was already updated to 12.2.2 for axios, this now explicitly sets it in the package.json file. Also adding the .npmrc to ensure that packages are installed from the correct registry.

Motivation and Context

Addresses: #2567

Todos

  • Implemented feature
  • Feature with pending implementation

Screenshots (if appropriate):

@whitelisab whitelisab requested a review from a team as a code owner September 26, 2025 16:59
elylucasctfl
elylucasctfl reviewed Sep 26, 2025
View reviewed changes
.gitignore
*.dockerignore

# NPM config
.npmrc
Copy link
Contributor

@elylucasctfl elylucasctfl Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm, this could be trouble if someone puts one of their npmrc files that has credentials in them. Im not sure what else to do though so more of just a thought.

Copy link
Contributor Author

@whitelisab whitelisab Sep 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's a good thought. We do have a shared .npmrc in several of our other public repos (like contentful-migration), so I'm ok making the change here and I think something to just be mindful of.

@whitelisab whitelisab merged commit 3f2fc25 into master Sep 26, 2025
7 checks passed
@whitelisab whitelisab deleted the fix/dx-422-dx-423 branch September 26, 2025 17:20
@contentful-automation
Copy link
Contributor

contentful-automation bot commented Sep 26, 2025

🎉 This PR is included in version 11.8.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@elylucasctfl elylucasctfl elylucasctfl approved these changes

Assignees

No one assigned

Labels

released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@whitelisab @elylucasctfl