Skip to content

fix(security): upgrade axios to ^1.15.2 (CVE-2026-42033/42035/42043/42264)#246

Merged
sophia-chen-ttd merged 1 commit intomainfrom
syw-axios-upgrade-1.15.2
May 6, 2026
Merged

fix(security): upgrade axios to ^1.15.2 (CVE-2026-42033/42035/42043/42264)#246
sophia-chen-ttd merged 1 commit intomainfrom
syw-axios-upgrade-1.15.2

Conversation

@sophia-chen-ttd
Copy link
Copy Markdown
Contributor

@sophia-chen-ttd sophia-chen-ttd commented May 6, 2026

Summary

Upgrades axios from ^1.15.0 to ^1.15.2 (resolves to 1.16.0).

Fixes four HIGH severity axios vulnerabilities:

axios is a direct production dependency used in server.js files to make HTTP calls to UID2 APIs.

Test plan

  • CI vulnerability scan passes (axios 1.16.0 resolves all 4 CVEs)
  • No functional regressions

@sophia-chen-ttd @claude
fix(security): upgrade axios from ^1.15.0 to ^1.15.2
1a529a3 
Fixes CVE-2026-42033 (HTTP Transport Hijacking), CVE-2026-42035 (HTTP header
injection), CVE-2026-42043 (prototype pollution), and CVE-2026-42264 (prototype
pollution credential exfiltration) — all HIGH severity in axios 1.15.0.
Resolved version: 1.16.0.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@sophia-chen-ttd sophia-chen-ttd merged commit a543b48 into main May 6, 2026
3 checks passed
@sophia-chen-ttd sophia-chen-ttd deleted the syw-axios-upgrade-1.15.2 branch May 6, 2026 01:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BehnamMozafari BehnamMozafari BehnamMozafari approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sophia-chen-ttd @BehnamMozafari