Skip to content

Pin axios to 1.13.5 to avoid compromised version#1528

Merged
priyanshu92 merged 3 commits intomainfrom
users/priyanshuag/pin-axios-safe-version
Mar 31, 2026
Merged

Pin axios to 1.13.5 to avoid compromised version#1528
priyanshu92 merged 3 commits intomainfrom
users/priyanshuag/pin-axios-safe-version

Conversation

@priyanshu92
Copy link
Copy Markdown
Contributor

@priyanshu92 priyanshu92 commented Mar 31, 2026

  • Remove caret from axios override to pin exactly to 1.13.5
  • Prevents npm from resolving to axios@1.14.1 which was found to contain a Remote Access Trojan via hijacked npm credentials
  • axios is a transitive dep via @fluidframework/server-services-client

@claude
Pin axios to 1.13.5 to avoid compromised version
1076a10 
- Remove caret from axios override to pin exactly to 1.13.5
- Prevents npm from resolving to axios@1.14.1 which was found to
  contain a Remote Access Trojan via hijacked npm credentials
- axios is a transitive dep via @fluidframework/server-services-client

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@priyanshu92 priyanshu92 requested review from a team as code owners March 31, 2026 06:59
@priyanshu92 priyanshu92 enabled auto-merge (squash) March 31, 2026 06:59
Priyanshu Agrawal and others added 2 commits March 31, 2026 12:30
@priyanshu92 priyanshu92 disabled auto-merge March 31, 2026 07:07
@priyanshu92 priyanshu92 merged commit dd7729a into main Mar 31, 2026
8 checks passed
@priyanshu92 priyanshu92 deleted the users/priyanshuag/pin-axios-safe-version branch March 31, 2026 07:16
@amitjoshi438 amitjoshi438 mentioned this pull request Apr 9, 2026
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amitjoshi438 amitjoshi438 amitjoshi438 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@priyanshu92 @amitjoshi438