Skip to content

build(deps): patch axios security vulnerability#1598

Merged
ethan ozelius (ethan-ozelius-contentful) merged 1 commit intomainfrom
DX-728/axios-vuln
Feb 17, 2026
Merged

build(deps): patch axios security vulnerability#1598
ethan ozelius (ethan-ozelius-contentful) merged 1 commit intomainfrom
DX-728/axios-vuln

Conversation

@ethan-ozelius-contentful
Copy link
Contributor

@ethan-ozelius-contentful ethan ozelius (ethan-ozelius-contentful) commented Feb 14, 2026
edited
Loading

Summary

Patch a security vulnerability in axios.

https://contentful.atlassian.net/browse/ZEND-7627

https://contentful.atlassian.net/browse/DX-728

https://security.snyk.io/package/npm/axios/1.13.4

Affected versions of this package are vulnerable to Prototype Pollution via the mergeConfig function. An attacker can cause the application to crash by supplying a malicious configuration object containing a proto property, typically by leveraging JSON.parse().
How to fix Prototype Pollution?
Upgrade axios to version 1.13.5 or higher.

PR Checklist

  • I have read the CONTRIBUTING.md file
  • All commits follow conventional commits
  • Documentation is updated (if necessary)
  • PR doesn't contain any sensitive information
  • There are no breaking changes

@ethan-ozelius-contentful ethan ozelius (ethan-ozelius-contentful) merged commit 9f0bd06 into main Feb 17, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michaelphamcf Michael Pham (michaelphamcf) michaelphamcf approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ethan-ozelius-contentful @michaelphamcf