Skip to content

fix: force secure version of axios#151

Merged
briantstephan merged 4 commits into
mainfrom
axios-vulnerability
Jun 5, 2026
Merged

fix: force secure version of axios#151
briantstephan merged 4 commits into
mainfrom
axios-vulnerability

Conversation

@briantstephan

@briantstephan briantstephan commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This ensures that axios version 1.16.0 is used, which avoids the following vulnerability present in 1.15.0.

GHSA-pjwm-pj3p-43mv

Also upgraded playwright as I was seeing Github actions hang on the browser install step, which has been fixed in 1.60.0.

microsoft/playwright#40998

@briantstephan briantstephan self-assigned this Jun 3, 2026
@changeset-bot

changeset-bot Bot commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 9033255

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai

coderabbitai Bot commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

Walkthrough

This PR bumps the pnpm.overrides pin for axios from 1.15.0 to 1.16.0 in package.json, updates @playwright/test and playwright-core devDependency versions in two package.json files to ^1.60.0, and adjusts the Markdown list formatting for the “Coming Soon” HoursStatus/HoursTable entry in packages/pages-components/CHANGELOG.md.

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title 'fix: force secure version of axios' directly and accurately summarizes the main change: updating axios to version 1.16.0 to address a security vulnerability.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description check ✅ Passed The description directly explains the security fix for axios vulnerability and an unrelated Playwright upgrade to fix CI hangs.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch axios-vulnerability

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

mkilpatrick
mkilpatrick previously approved these changes Jun 3, 2026
View reviewed changes
asanehisa
asanehisa previously approved these changes Jun 3, 2026
View reviewed changes
@briantstephan briantstephan dismissed stale reviews from asanehisa and mkilpatrick via 9033255 June 4, 2026 16:03
jwartofsky-yext
jwartofsky-yext approved these changes Jun 4, 2026
View reviewed changes
Comment thread packages/pages-components/CHANGELOG.md
Comment thread packages/pages-components/package.json
@briantstephan briantstephan merged commit 400392a into main Jun 5, 2026
23 checks passed
@briantstephan briantstephan deleted the axios-vulnerability branch June 5, 2026 13:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkilpatrick mkilpatrick mkilpatrick approved these changes

@asanehisa asanehisa asanehisa approved these changes

@jwartofsky-yext jwartofsky-yext jwartofsky-yext approved these changes

@benlife5 benlife5 Awaiting requested review from benlife5

Assignees

@briantstephan briantstephan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@briantstephan @mkilpatrick @asanehisa @jwartofsky-yext