Skip to content

chore: pin axios to 1.13.6#561

Merged
jonathannorris merged 2 commits intomainfrom
chore/pin-axios-1.13.6
Mar 31, 2026
Merged

chore: pin axios to 1.13.6#561
jonathannorris merged 2 commits intomainfrom
chore/pin-axios-1.13.6

Conversation

@jonathannorris
Copy link
Copy Markdown
Member

@jonathannorris jonathannorris commented Mar 31, 2026

Summary

  • Pins axios from ^1.13.6 to 1.13.6
  • Avoids exposure to the supply chain attack reported in axios 1.14.1

@jonathannorris jonathannorris requested a review from a team as a code owner March 31, 2026 03:24
Copilot AI review requested due to automatic review settings March 31, 2026 03:24
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages bot commented Mar 31, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs		 devcycle-mcp-server 5c01ae1 Mar 31 2026, 06:08 PM

Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Pins axios to an exact version to prevent unintentional upgrades to a potentially compromised release, aligning dependency resolution with the security intent described in the PR.

Changes:

  • Change axios dependency spec from ^1.13.6 to 1.13.6 in package.json.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings March 31, 2026 18:05
@jonathannorris jonathannorris force-pushed the chore/pin-axios-1.13.6 branch from d569ed4 to 5c01ae1 Compare March 31, 2026 18:05
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

package.json
Comment on lines 53 to 55
"@zodios/core": "^10.9.6",
"axios": "~1.13.6",
"axios": "1.13.6",
"chalk": "^4.1.2",
Copy link

Copilot AI Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR description says axios is pinned from ^1.13.6 to 1.13.6, but the actual change is from ~1.13.6 to 1.13.6. Please update the PR description (or the dependency spec) so it accurately reflects what’s being changed and why ~ wasn’t sufficient for the security goal.

Copilot uses AI. Check for mistakes.
@jonathannorris jonathannorris merged commit f911605 into main Mar 31, 2026
11 checks passed
@jonathannorris jonathannorris deleted the chore/pin-axios-1.13.6 branch March 31, 2026 19:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kaushalkapasi kaushalkapasi kaushalkapasi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jonathannorris @kaushalkapasi