Skip to content

chore(SEC-10506): upgrade axios to 0.31.1 #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
phantom-autopilot wants to merge 1 commit into
base: dev
Choose a base branch
from
Draft

chore(SEC-10506): upgrade axios to 0.31.1 #38

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/sec-10506-axios-upgrade.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@phantom/synpress': patch
---

chore: bump transitive axios from 0.27.2 to 0.31.1 to address GHSA-6chq-wfr3-2hj9
3 changes: 2 additions & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,8 @@
"gh-pages": "5.0.0",
"http-cache-semantics": "4.1.1",
"ansi-regex": "5.0.1",
"@testing-library/dom": "8.20.0"
"@testing-library/dom": "8.20.0",
"axios@<0.31.1": "0.31.1"
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "1) Inspect lock/manifests for potentially conflicting axios ranges"
rg -n -C2 --iglob 'package.json' --iglob 'yarn.lock' --iglob 'pnpm-lock.yaml' 'wait-on|axios@npm:\^0\.27|axios@\^0\.27|axios@<0\.31\.1|0\.31\.1'

echo
echo "2) Confirm Yarn's PR resolution-mismatch rule (YN0078)"
curl -fsSL https://yarnpkg.com/advanced/error-codes | rg -n 'YN0078|check-resolutions|RESOLUTION_MISMATCH'

Repository: phantom/synpress

Length of output: 16111

Remove conflicting axios resolution that will fail Yarn 4 PR installs.

The resolution "axios@<0.31.1": "0.31.1" forces axios to v0.31.1, but wait-on@^7.0.1 declares a dependency on axios@^1.6.1. Yarn 4 CI will reject this mismatch with error YN0078 (RESOLUTION_MISMATCH) when --check-resolutions runs on pull requests.

Either:

  1. Update the resolution to use a version matching ^1.6.1 (e.g., 1.7.7), or
  2. Downgrade wait-on to a version that supports axios@<0.31.1
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@package.json` at line 113, The resolutions entry "axios@<0.31.1": "0.31.1"
conflicts with wait-on@^7.0.1 (which requires axios@^1.6.1) and triggers Yarn 4
YN0078; fix by editing package.json to either remove the conflicting
"axios@<0.31.1" resolution or replace it with a compatible resolution such as
changing the key to match the semver used by dependent packages (e.g., set axios
resolution to a 1.x release like "axios@^1.6.1": "1.7.7" or simply "axios":
"1.7.7"), then run yarn install to update the lockfile and commit the updated
package.json and lockfile; alternatively, if you prefer not to upgrade axios,
downgrade the wait-on dependency (wait-on@^7.0.1) to a version that accepts
axios<0.31.1 and update lockfile accordingly.

},
"overrides": {
"lodash@<4.17.20": "4.17.20"
Expand Down
Loading