[Snyk] Security upgrade axios from 1.13.2 to 1.13.5#1067
[Snyk] Security upgrade axios from 1.13.2 to 1.13.5#1067akilarootcode wants to merge 1 commit intomainfrom
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-15252993
|
|
|
There was a problem hiding this comment.
Pull request overview
This PR attempts to upgrade the axios dependency to fix a high-severity Prototype Pollution vulnerability (SNYK-JS-AXIOS-15252993). However, there are critical issues with the proposed changes that prevent this PR from being viable.
Changes:
- Attempts to upgrade axios from ^1.9.0 to ^1.13.5 in frontend/package.json
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "@tanstack/react-query": "^5.74.4", | ||
| "@tanstack/react-query-devtools": "^5.74.6", | ||
| "axios": "^1.9.0", | ||
| "axios": "^1.13.5", |
There was a problem hiding this comment.
The PR title and description claim this upgrades axios from version 1.13.2 to 1.13.5, but the actual code change shows the current version is ^1.9.0, not 1.13.2. This discrepancy suggests the PR metadata may be incorrect or the wrong change is being applied to this repository.
3 participants
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
frontend/package.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-AXIOS-15252993
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution