Skip to content

Comments

Update axios dependency to version ^1.12.0#2657

Merged
WilliamBergamin merged 1 commit intoslackapi:mainfrom
malewis5:patch-1
Sep 22, 2025
Merged

Update axios dependency to version ^1.12.0#2657
WilliamBergamin merged 1 commit intoslackapi:mainfrom
malewis5:patch-1

Conversation

@malewis5
Copy link
Contributor

@malewis5 malewis5 commented Sep 19, 2025
edited
Loading

Axios < 1.12.0 has a high vulnerability

Axios is vulnerable to DoS attack through lack of data size check

Summary

Screenshot 2025-09-19 at 9 36 26 AM

@malewis5
Update axios dependency to version 1.12.0
d83b790 
Axios < 1.12.0 has a high vulnerability

**Axios is vulnerable to DoS attack through lack of data size check**
@malewis5 malewis5 changed the title Update axios dependency to version 1.12.0 Update axios dependency to version >=1.12.0 Sep 19, 2025
@malewis5 malewis5 changed the title Update axios dependency to version >=1.12.0 Update axios dependency to version ^1.12.0 Sep 19, 2025
@codecov
Copy link

codecov bot commented Sep 22, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.37%. Comparing base (ac58bfd) to head (d83b790).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2657   +/-   ##
=======================================
  Coverage   93.37%   93.37%           
=======================================
  Files          37       37           
  Lines        7581     7581           
  Branches      667      667           
=======================================
  Hits         7079     7079           
  Misses        497      497           
  Partials        5        5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

WilliamBergamin
WilliamBergamin approved these changes Sep 22, 2025
View reviewed changes
Copy link
Contributor

@WilliamBergamin WilliamBergamin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @malewis5 thanks for opening this PR 💯
This does seems like a reasonable reason to bump the minor version of the axios dependency. But just what to point out that since we use the ^ specifier, npm will install the latest minor or patch version, as long as it's within the same major version.

@WilliamBergamin WilliamBergamin merged commit 6d45f99 into slackapi:main Sep 22, 2025
19 checks passed
@WilliamBergamin WilliamBergamin added this to the 4.4.1 milestone Sep 22, 2025
@WilliamBergamin WilliamBergamin added security semver:patch dependencies Pull requests that update a dependency file labels Sep 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WilliamBergamin WilliamBergamin WilliamBergamin approved these changes

Assignees

No one assigned

Labels

cla:signed dependencies Pull requests that update a dependency file security semver:patch

Projects

None yet

Milestone

4.5.0

Development

Successfully merging this pull request may close these issues.

2 participants

@malewis5 @WilliamBergamin