Conversation
Snyk has created this PR to upgrade axios from 1.9.0 to 1.13.2. See this package in pnpm: axios See this project in Snyk: https://app.snyk.io/org/sunwuyuan/project/7f95d725-ca6f-4cce-ab56-8b055b9f632f?utm_source=github&utm_medium=referral&page=upgrade-pr
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR updates the project’s HTTP client dependency (axios) to a newer minor version as recommended by Snyk, bringing along the corresponding lockfile updates for axios and its transitive dependencies.
Changes:
- Bump
axiosdependency inpackage.jsonfrom^1.9.0to^1.13.2. - Update
pnpm-lock.yamlto resolveaxiosto1.13.5and refresh related transitive dependencies (follow-redirects,form-data).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Updates the declared axios version range to the recommended newer version. |
| pnpm-lock.yaml | Updates resolved versions/integrities for axios and transitive deps (follow-redirects, form-data). |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| axios: | ||
| specifier: ^1.9.0 | ||
| version: 1.9.0 | ||
| specifier: ^1.13.5 |
There was a problem hiding this comment.
pnpm-lock.yaml is out of sync with package.json: the importer specifier for axios is ^1.13.5 but package.json declares ^1.13.2. This will likely cause pnpm install --frozen-lockfile (or CI lockfile checks) to fail. Regenerate the lockfile from the current package.json (or align the specifiers) so the importer specifier matches the manifest.
| specifier: ^1.13.5 | |
| specifier: ^1.13.2 |
| "@simplewebauthn/server": "^10.0.1", | ||
| "axios": "^1.9.0", | ||
| "axios": "^1.13.2", | ||
| "base32-encode": "^2.0.0", |
There was a problem hiding this comment.
The PR description/title says the upgrade is to axios 1.13.2, but the lockfile currently resolves axios to 1.13.5 (and even records the specifier as ^1.13.5). Please ensure the intended target version/range is consistent across package.json, pnpm-lock.yaml, and the PR metadata to avoid confusion and lockfile drift.
|
测试 |
|
此拉取请求已在 Kernyr 上被提及。那里可能有相关详细信息: |
3 participants
Snyk has created this PR to upgrade axios from 1.9.0 to 1.13.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 8 versions ahead of your current version.
The recommended version was released 3 months ago.
Issues fixed by the recommended upgrade:
SNYK-JS-AXIOS-12613773
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: