Skip to content

chore(deps): upgrade axios version to 1.11.0 #35037

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 24, 2025
Merged

chore(deps): upgrade axios version to 1.11.0 #35037

merged 4 commits into from
Jul 24, 2025
+190 −57

Conversation

ozelalisen
Copy link
Member

Issue # (if applicable)

Closes Dependabot alerts: 419, 495, 496

Reason for this change

There are security issues with axios versions detected by dependabot.

Description of changes

  • Upgraded axios versions
  • Added _package.json for pnpm to make the updates for the future easier.

Describe any new or updated permissions being added

  • None

Description of how you validated changes

  • Build the package

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added the p2 label Jul 23, 2025
@aws-cdk-automation aws-cdk-automation requested a review from a team July 23, 2025 12:12
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Jul 23, 2025
@aws-cdk-automation aws-cdk-automation added the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Jul 23, 2025
alvazjor
alvazjor reviewed Jul 24, 2025
View reviewed changes
...ws-cdk-testing/framework-integ/test/aws-lambda-nodejs/test/integ-handlers/pnpm/_package.json
@@ -0,0 +1,6 @@
{
"/": "If you need to regenerate the lockfile, temporarily rename this file to package.json",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this might be needed?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you need to update dependencies in pnpm, you need a package.json, otherwise it is not possible to update pnpm-lock.yml. Having _package.json will not affect current structure, it will make it easier for future upgrades.

Same pattern can be observed for bun where a _package.json exists to update lock file.

@mergify Mergify
Copy link
Contributor

mergify bot commented Jul 24, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify Mergify
Copy link
Contributor

mergify bot commented Jul 24, 2025

This pull request has been removed from the queue for the following reason: pull request branch update failed.

The pull request can't be updated.

You should update or rebase your pull request manually. If you do, this pull request will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue, you can requeue the pull request, without updating it, by posting a @mergifyio requeue comment.

@aws-cdk-automation aws-cdk-automation removed the pr/needs-maintainer-review This PR needs a review from a Core Team Member label Jul 24, 2025
@mergify Mergify
Copy link
Contributor

mergify bot commented Jul 24, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@alvazjor
Copy link
Contributor

@Mergifyio requeue

@mergify Mergify
Copy link
Contributor

mergify bot commented Jul 24, 2025

requeue

✅ The queue state of this pull request has been cleaned. It can be re-embarked automatically

@mergify Mergify
Copy link
Contributor

mergify bot commented Jul 24, 2025

This pull request has been removed from the queue for the following reason: pull request branch update failed.

The pull request can't be updated.

You should update or rebase your pull request manually. If you do, this pull request will automatically be requeued once the queue conditions match again.
If you think this was a flaky issue, you can requeue the pull request, without updating it, by posting a @mergifyio requeue comment.

@mergify Mergify
Copy link
Contributor

mergify bot commented Jul 24, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 3377823
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 4373976 into aws:main Jul 24, 2025
20 checks passed
@github-actions GitHub Actions
Copy link
Contributor

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 24, 2025
@ozelalisen ozelalisen deleted the upgrade-axios branch July 25, 2025 15:48
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@alvazjor alvazjor alvazjor approved these changes

Assignees

@alvazjor alvazjor

Labels
contribution/core This is a PR that came from AWS. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ozelalisen @alvazjor @aws-cdk-automation