fix(core): bump axios to 1.13.5 to resolve CVE-2026-25639#35148
fix(core): bump axios to 1.13.5 to resolve CVE-2026-25639#35148FrozenPandaz merged 1 commit intonrwl:masterfrom
Conversation
✅ Deploy Preview for nx-docs canceled.
|
✅ Deploy Preview for nx-dev canceled.
|
|
View your CI Pipeline Execution ↗ for commit 20b637a
☁️ Nx Cloud last updated this comment at |
![nx-cloud[bot]](https://avatars.githubusercontent.com/in/80458?s=60&v=4){kind=small}
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
Nx Cloud has identified a flaky task in your failed CI:
Since the failure was identified as flaky, the solution is to rerun CI. Because this branch comes from a fork, it is not possible for us to push directly, but you can rerun by pushing an empty commit:
git commit --allow-empty -m "chore: trigger rerun"
git push
🔔 Heads up, your workspace has pending recommendations ↗ to auto-apply fixes for similar failures.
🎓 Learn more about Self-Healing CI on nx.dev
|
Thank you for your contribution! LGTM 🎉 The failures are unrelated. |
## Current Behavior The `nx`, `create-nx-workspace`, and `nx-dev` packages pin `axios` at version `1.12.0`, which has a known security vulnerability ([CVE-2026-25639](GHSA-43fc-jf86-j433)). ## Expected Behavior Axios is pinned at `1.13.5`, which includes the fix for CVE-2026-25639, eliminating the security vulnerability. ## Related Issue(s) Fixes #35145 (cherry picked from commit aca93cc)
|
This pull request has already been merged/closed. If you experience issues related to these changes, please open a new issue referencing this pull request. |
2 participants
Current Behavior
The
nx,create-nx-workspace, andnx-devpackages pinaxiosat version1.12.0, which has a known security vulnerability (CVE-2026-25639).Expected Behavior
Axios is pinned at
1.13.5, which includes the fix for CVE-2026-25639, eliminating the security vulnerability.Related Issue(s)
Fixes #35145