chore(deps): bump axios from 1.12.0 to 1.13.5 in /frontend#3843
chore(deps): bump axios from 1.12.0 to 1.13.5 in /frontend#3843dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
dependabot
bot
added
dependencies
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
2 similar comments
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
Bumps [axios](https://github.com/axios/axios) from 1.12.0 to 1.13.5. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.12.0...v1.13.5) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/frontend/axios-1.13.5
branch
from
20aa953 to
3fd7252
Compare
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
2 similar comments
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| "cpu": [ | ||
| "arm" | ||
| ], | ||
| "dev": true, |
There was a problem hiding this comment.
Optional native deps now treated as prod
Medium Severity
@parcel/watcher and its platform-specific packages no longer have the dev marker in package-lock.json while still having install scripts and native binaries. In environments using npm ci --omit=dev (or production installs), this can cause unnecessary native installs/builds and can fail on unsupported platforms, even though these deps are typically only needed for local watching.
Bumps axios from 1.12.0 to 1.13.5.
Release notes
Sourced from axios's releases.
... (truncated)
Changelog
Sourced from axios's changelog.
... (truncated)
Commits
29f7542chore(release): prepare release 1.13.5 (#7379)431c3a3ci: fix run condition (#7373)9ff3a78ci: update ymls (#7372)265b712docs: fix deprecated Buffer constructor and formatting issues in README (#7371)475e75afeat: add input validation to isAbsoluteURL (#7326)28c7215fix: Denial of Service via proto Key in mergeConfig (#7369)04cf019docs: clarify object check comment (#7323)696fa75fix: status is missing in AxiosError on and after v1.13.3 (#7368)569f028fix: added a option to choose between legacy and the new request/response int...44b7c9fchore(deps-dev): bump karma-sourcemap-loader (#7360)Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for axios since your current version.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.
Note
Low Risk
Dependency-only update; main risk is minor behavior/typing changes in axios affecting HTTP requests and error handling.
Overview
Updates the
frontenddependency onaxiosfrom1.12.0to1.13.5(including corresponding lockfile updates).The lockfile changes also drop some previously recorded packages (notably
cypress/cypress-mailosaurand related transitive deps) and remove legacy entries like@nangohq/frontend-v2/@formbricks/jsfrom the resolved dependency set.Written by Cursor Bugbot for commit 3fd7252. This will update automatically on new commits. Configure here.