Skip to content

VULN UPGRADE: axios (major → 1.13.5) [php/Laravel57]#165

Open
campaigner-prod[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/major/npm/Laravel57/3-1772730296
Open

VULN UPGRADE: axios (major → 1.13.5) [php/Laravel57]#165
campaigner-prod[bot] wants to merge 1 commit intomasterfrom
engraver-auto-version-upgrade/major/npm/Laravel57/3-1772730296

Conversation

@campaigner-prod
Copy link

@campaigner-prod campaigner-prod bot commented Mar 5, 2026

Summary: High-severity security update — 1 package upgraded (MAJOR changes included)

Manifests changed:

  • php/Laravel57 (npm)

Updates

Package From To Type Vulnerabilities Fixed
axios 0.18 1.13.5 major 8 HIGH, 4 MODERATE

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

  • Review the changelog/release notes for breaking changes
  • Test thoroughly in a staging environment
  • Update any code that depends on changed APIs
  • Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (8 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
axios GHSA-jr5f-v2jv-69x6 HIGH axios Requests Vulnerable To Possible SSRF and Credential Leakage via Absolute URL 0.18 1.8.2
axios CVE-2025-27152 HIGH Possible SSRF and Credential Leakage via Absolute URL in axios Requests 0.18 -
axios GHSA-cph5-m8f7-6c5x HIGH axios Inefficient Regular Expression Complexity vulnerability 0.18 0.21.2
axios CVE-2021-3749 HIGH - 0.18 -
axios GHSA-42xw-2xvc-qx8m HIGH Denial of Service in axios 0.18 0.18.1
axios CVE-2019-10742 HIGH - 0.18 -
axios GHSA-43fc-jf86-j433 HIGH Axios is Vulnerable to Denial of Service via proto Key in mergeConfig 0.18 1.13.5
axios CVE-2026-25639 HIGH Axios affected by Denial of Service via proto Key in mergeConfig 0.18 -
ℹ️ Other Vulnerabilities (4)
Package CVE Severity Summary Unsafe Version Fixed In
axios GHSA-4w2v-q235-vp99 MODERATE Axios vulnerable to Server-Side Request Forgery 0.18 0.21.1
axios CVE-2020-28168 MODERATE - 0.18 -
axios GHSA-wf5p-g6vw-rhxx MODERATE Axios Cross-Site Request Forgery Vulnerability 0.18 1.6.0
axios CVE-2023-45857 MODERATE - 0.18 -

Review Checklist

Extra review is recommended for this update:

  • Review changes for compatibility with your code
  • Check release notes for breaking changes
  • Run integration tests to verify service behavior
  • Test in staging environment before production
  • Monitor key metrics after deployment

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod bot marked this pull request as ready for review March 11, 2026 22:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-high-severity adms-major-update adms-medium-severity adms-mode-all-updates adms-npm campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants