From 1a529a383c4219a72d62d547fe41b4129760badc Mon Sep 17 00:00:00 2001 From: sophia chen Date: Wed, 6 May 2026 11:03:26 +1000 Subject: [PATCH] fix(security): upgrade axios from ^1.15.0 to ^1.15.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes CVE-2026-42033 (HTTP Transport Hijacking), CVE-2026-42035 (HTTP header injection), CVE-2026-42043 (prototype pollution), and CVE-2026-42264 (prototype pollution credential exfiltration) — all HIGH severity in axios 1.15.0. Resolved version: 1.16.0. Co-Authored-By: Claude Sonnet 4.6 --- package-lock.json | 16 ++++++++-------- package.json | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8171bed..5c4ab81 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "4.0.95", "license": "Apache 2.0", "dependencies": { - "axios": "^1.15.0", + "axios": "^1.15.2", "body-parser": "^1.20.3", "path-to-regexp": "^8.4.0" }, @@ -3028,11 +3028,11 @@ } }, "node_modules/axios": { - "version": "1.15.0", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.0.tgz", - "integrity": "sha512-wWyJDlAatxk30ZJer+GeCWS209sA42X+N5jU2jy6oHTp7ufw8uzUTVFBX9+wTfAlhiJXGS0Bq7X6efruWjuK9Q==", + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.16.0.tgz", + "integrity": "sha512-6hp5CwvTPlN2A31g5dxnwAX0orzM7pmCRDLnZSX772mv8WDqICwFjowHuPs04Mc8deIld1+ejhtaMn5vp6b+1w==", "dependencies": { - "follow-redirects": "^1.15.11", + "follow-redirects": "^1.16.0", "form-data": "^4.0.5", "proxy-from-env": "^2.1.0" } @@ -5586,9 +5586,9 @@ "dev": true }, "node_modules/follow-redirects": { - "version": "1.15.11", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", - "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz", + "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==", "funding": [ { "type": "individual", diff --git a/package.json b/package.json index 946edb6..9abdcbe 100644 --- a/package.json +++ b/package.json @@ -74,7 +74,7 @@ "webpack-dev-server": "^5.1.0" }, "dependencies": { - "axios": "^1.15.0", + "axios": "^1.15.2", "body-parser": "^1.20.3", "path-to-regexp": "^8.4.0" },