Skip to content

chore: update axios #2233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 19, 2025
Merged

chore: update axios #2233

merged 2 commits into from
Sep 19, 2025

Conversation

@wilsonrivera
Copy link
Contributor

@wilsonrivera wilsonrivera commented Sep 19, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Upgraded the HTTP client dependency to the latest version across CLI, Control Plane, Playground, and Studio.
    • Brings in security patches and stability improvements for network requests.
    • Enhances compatibility with modern environments and resolves minor upstream issues.
    • No changes to user-facing features or workflows; behavior remains consistent.
    • Expect improved reliability when performing API calls and integrations.

Checklist

  • I have discussed my proposed changes in an issue and have received approval to proceed.
  • I have followed the coding standards of the project.
  • Tests or benchmarks have been added or updated.
  • Documentation has been updated on https://github.com/wundergraph/cosmo-docs.
  • I have read the Contributors Guide.

@coderabbitai
Copy link

coderabbitai bot commented Sep 19, 2025
edited
Loading

Walkthrough

Bumps axios dependency from ^1.11.0 to ^1.12.2 across four package.json files: cli, controlplane, playground, and studio. No other changes.

Changes

Cohort / File(s) Summary of Changes
Axios dependency bump in package manifests
cli/package.json, controlplane/package.json, playground/package.json, studio/package.json		 Update dependencies.axios from ^1.11.0 to ^1.12.2

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

Pre-merge checks

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title "chore: update axios" is concise, uses Conventional Commits style, and accurately summarizes the primary change (an axios version bump across multiple package.json files), so it clearly communicates the main intent to reviewers.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b696681 and 0509a2f.

⛔ Files ignored due to path filters (1)
  • pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
📒 Files selected for processing (4)
  • cli/package.json (1 hunks)
  • controlplane/package.json (1 hunks)
  • playground/package.json (1 hunks)
  • studio/package.json (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (16)
  • GitHub Check: build_push_image (nonroot)
  • GitHub Check: build_test
  • GitHub Check: build_push_image
  • GitHub Check: integration_test (./telemetry)
  • GitHub Check: build_push_image
  • GitHub Check: integration_test (./. ./fuzzquery ./lifecycle ./modules)
  • GitHub Check: integration_test (./events)
  • GitHub Check: build_test
  • GitHub Check: image_scan (nonroot)
  • GitHub Check: build_test
  • GitHub Check: build_push_image
  • GitHub Check: build_test
  • GitHub Check: image_scan
  • GitHub Check: build_test
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: Analyze (go)
🔇 Additional comments (4)
studio/package.json (1)

73-73: Manual verification required — sandbox couldn't run build/tests (missing deps)

File: studio/package.json Lines: 73-73

    "axios": "^1.12.2",

Automated check failed: 'next' and 'vitest' not found (node_modules missing). Run locally or in CI and verify:

pnpm install --frozen-lockfile
pnpm -F studio build
pnpm -F studio test
# run any e2e/vitest HTTP tests and manually smoke pages that perform HTTP calls:
# check interceptors, baseURL handling, and validateStatus behavior
cli/package.json (1)

51-51: Verify CLI runtime: confirm axios ^1.12.2 doesn't regress networking (undici / proxy / HTTPS)

cli/package.json — "axios": "^1.12.2"

Attempted to run tests/smoke but sandbox lacked deps (eslint, tsx), so I couldn't verify. Run locally and paste results:

pnpm install
pnpm -F wgc test
pnpm -F wgc wgc --help

Smoke-test a real HTTP call (replace with a harmless read-only subcommand that triggers an outbound request):
pnpm -F wgc wgc
HTTPS_PROXY=http://127.0.0.1:3128 pnpm -F wgc wgc

If anything fails, share the logs and the built-binary behavior.

playground/package.json (1)

51-51: LGTM — verification blocked locally; please run the local build to confirm a single axios bundle

Sandbox failed to run the provided verification (vite not found / node_modules missing). Ensure the playground’s Vite build dedupes axios (package shows "axios": "^1.12.2") and that network panels look normal in preview.

# from repo root
pnpm install

# build & preview (check network panel in the preview)
pnpm -F @wundergraph/playground build
pnpm -F @wundergraph/playground preview --host

# optional: production bundle inspection
pnpm -F @wundergraph/playground vite build --mode production --stats

# workspace checks for multiple axios versions
pnpm -w why axios
# after a successful build, inspect the produced dist for duplicate axios code:
rg -n "axios" dist || grep -R --line-number "axios" dist || true
controlplane/package.json (1)

62-62: Axios bump OK — commit lockfile & verify axios-retry

  • Commit workspace lockfile so axios@1.12.2 is resolved everywhere.
  • Confirm axios-retry (^4.5.0) compatibility with axios 1.12.x — axios-retry 4.5.0 is the current release and its README shows standard usage with axios (no explicit breaking changes). (github.com)
  • Files to check for axios/axios-retry usage: controlplane/src/core/webhooks/PlatformWebhookService.ts, controlplane/src/core/webhooks/OrganizationWebhookService.ts, controlplane/src/core/webhooks/RedeliverWebhookService.ts, controlplane/src/core/util.ts (imports isNetworkError/isRetryableError).
  • Verify locally: pnpm -w why axios; pnpm -w ls axios; run unit/integration tests.

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link

github-actions bot commented Sep 19, 2025
edited
Loading

Router image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-917be62e0cb448d3c7549eb8f66aed0b13701c9f

StarpTech
StarpTech approved these changes Sep 19, 2025
View reviewed changes
Copy link
Contributor

@StarpTech StarpTech left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@wilsonrivera wilsonrivera merged commit ae65619 into main Sep 19, 2025
64 of 66 checks passed
@wilsonrivera wilsonrivera deleted the wilson/eng-8156-vanta-remediate-npm-axios-1120cve-2025-58754-cosmo branch September 19, 2025 21:35
@Noroth Noroth mentioned this pull request Sep 30, 2025
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@StarpTech StarpTech StarpTech approved these changes

@JivusAyrus JivusAyrus Awaiting requested review from JivusAyrus JivusAyrus is a code owner

@thisisnithin thisisnithin Awaiting requested review from thisisnithin thisisnithin is a code owner

@endigma endigma Awaiting requested review from endigma endigma is a code owner

@jensneuse jensneuse Awaiting requested review from jensneuse jensneuse is a code owner

Assignees

No one assigned

Labels

cli controlplane monorepo studio

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wilsonrivera @StarpTech