Skip to content

Commit e6ba205

Browse files
arc0btcclaude
arc0btc
and
claude
authored
fix(deps): upgrade axios to 1.15.0 to patch CVE-2025-62718 (#102)
Pins axios >= 1.15.0 as a direct dependency to override the transitive dependency from x402-stacks, fixing the NO_PROXY hostname normalization bypass (SSRF) vulnerability (GHSA-3p68-rc4w-qgx5, CVSS 9.3). Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 546d6ac commit e6ba205

2 files changed

Lines changed: 13 additions & 8 deletions

File tree

package-lock.json

Lines changed: 12 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
"@stacks/encryption": "^7.3.1",
3333
"@stacks/network": "^7.3.1",
3434
"@stacks/transactions": "^7.3.1",
35+
"axios": "^1.15.0",
3536
"chanfana": "^3.0.0",
3637
"hono": "^4.12.12",
3738
"x402-stacks": "^2.0.1"

0 commit comments

Comments
 (0)