Skip to content

fix: Bump follow-redirects from 1.15.11 to 1.16.0#10577

Merged
mtrezza merged 1 commit into
parse-community:alphafrom
mtrezza:fix/follow-redirects-1.16.0
Jul 13, 2026
Merged

fix: Bump follow-redirects from 1.15.11 to 1.16.0#10577
mtrezza merged 1 commit into
parse-community:alphafrom
mtrezza:fix/follow-redirects-1.16.0

Conversation

@mtrezza

@mtrezza mtrezza commented Jul 13, 2026

Copy link
Copy Markdown
Member

Bumps follow-redirects from 1.15.11 to 1.16.0.

This is a security update for a direct production dependency. It resolves the open Dependabot advisory for follow-redirects.

Closes #10437

Resolved Advisory

  • GHSA: GHSA-r4q5-vmmm-2653
  • CVE: none assigned
  • Severity: Medium
  • Summary: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets

Changes

Breaking Changes

None

Code Changes Required

None — the upgrade is a drop-in replacement.

Summary by CodeRabbit

  • Maintenance
    • Updated the follow-redirects dependency to version 1.16.0.
    • Includes the latest dependency metadata and integrity information.

@parse-github-assistant

Copy link
Copy Markdown

🚀 Thanks for opening this pull request! We appreciate your effort in improving the project. Please let us know once your pull request is ready for review.

Tip

  • Keep pull requests small. Large PRs will be rejected. Break complex features into smaller, incremental PRs.
  • Use Test Driven Development. Write failing tests before implementing functionality. Ensure tests pass.
  • Group code into logical blocks. Add a short comment before each block to explain its purpose.
  • We offer conceptual guidance. Coding is up to you. PRs must be merge-ready for human review.
  • Our review focuses on concept, not quality. PRs with code issues will be rejected. Use an AI agent.
  • Human review time is precious. Avoid review ping-pong. Inspect and test your AI-generated code.

Note

Please respond to review comments from AI agents just like you would to comments from a human reviewer. Let the reviewer resolve their own comments, unless they have reviewed and accepted your commit, or agreed with your explanation for why the feedback was incorrect.

Caution

Pull requests must be written using an AI agent with human supervision. Pull requests written entirely by a human will likely be rejected, because of lower code quality, higher review effort and the higher risk of introducing bugs. Please note that AI review comments on this pull request alone do not satisfy this requirement. Our CI and AI review are safeguards, not development tools. If many issues are flagged, rethink your development approach. Invest more effort in planning and design rather than using review cycles to fix low-quality code.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: dbab1d8d-c462-4ca3-9f30-f307d3e07f15

📥 Commits

Reviewing files that changed from the base of the PR and between 7d4d135 and 1a6f1ff.

📒 Files selected for processing (2)
  • package-lock.json
  • package.json
👮 Files not reviewed due to content moderation or server errors (1)
  • package-lock.json

📝 Walkthrough

Walkthrough

The PR updates follow-redirects from version 1.15.11 to 1.16.0 in package.json and corresponding package-lock.json entries, including resolved artifact URLs and integrity hashes.

Changes

follow-redirects dependency update

Layer / File(s) Summary
Dependency metadata and lockfile update
package.json, package-lock.json
The declared dependency and lockfile artifacts are updated to follow-redirects 1.16.0.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Suggested reviewers: dependabot[bot], semantic-release-bot, moumouls, cbaker6, coratgerl

🚥 Pre-merge checks | ✅ 7
✅ Passed checks (7 passed)
Check name Status Explanation
Title check ✅ Passed The title matches the dependency bump and uses an allowed prefix with a capitalized summary.
Description check ✅ Passed The description covers the issue, approach, and security context, with only the checklist section missing.
Linked Issues check ✅ Passed The package and lockfile updates satisfy the linked issue's requirement to bump follow-redirects to 1.16.0.
Out of Scope Changes check ✅ Passed The diff only changes the dependency version and lock metadata, with no unrelated code changes.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Security Check ✅ Passed Only a dependency bump to follow-redirects 1.16.0; no app code changed, and package.json/package-lock.json both replace 1.15.11.
Engage In Review Feedback ✅ Passed PASS: The PR shows "No reviews" and only bot comments, so there was no review feedback to ignore or resolve.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@codecov

codecov Bot commented Jul 13, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.68%. Comparing base (7d4d135) to head (1a6f1ff).

Additional details and impacted files
@@           Coverage Diff           @@
##            alpha   #10577   +/-   ##
=======================================
  Coverage   92.68%   92.68%           
=======================================
  Files         193      193           
  Lines       17025    17025           
  Branches      248      248           
=======================================
  Hits        15779    15779           
  Misses       1225     1225           
  Partials       21       21           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mtrezza mtrezza merged commit d577327 into parse-community:alpha Jul 13, 2026
42 of 43 checks passed
@mtrezza mtrezza deleted the fix/follow-redirects-1.16.0 branch July 13, 2026 22:57
parseplatformorg pushed a commit that referenced this pull request Jul 13, 2026
## [9.10.1-alpha.1](9.10.0...9.10.1-alpha.1) (2026-07-13)

### Bug Fixes

* Bump follow-redirects from 1.15.11 to 1.16.0 ([#10577](#10577)) ([d577327](d577327))
@parseplatformorg

Copy link
Copy Markdown
Contributor

🎉 This change has been released in version 9.10.1-alpha.1

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

state:released-alpha Released as alpha version

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants