[Snyk] Fix for 3 vulnerabilities

[sestinj]

Snyk has created this PR to fix 3 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• extensions/vscode/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Uncontrolled Recursion SNYK-JS-AXIOS-16299923	828
	Improperly Controlled Modification of Dynamically-Determined Object Attributes SNYK-JS-AXIOS-16299921	808
	Prototype Pollution SNYK-JS-AXIOS-16299904	741

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Improperly Controlled Modification of Dynamically-Determined Object Attributes

---

Summary by cubic

Upgrade dependencies in the VS Code extension to fix security issues. axios is updated to close three high/critical Snyk vulnerabilities.

• Dependencies
  • axios: 1.13.1 → 1.15.2
  • vectordb: 0.4.20 → 0.21.2

^{Written for commit 9db18a4. Summary will update on new commits.}

[continue]

Docs Update Review: No documentation changes needed.

This PR updates internal dependencies (axios and vectordb) to address security vulnerabilities. These are transparent, under-the-hood changes that don't affect:

• How users install or configure Continue
• Any user-facing APIs, commands, or settings
• Developer workflows or features

Dependency version bumps in package.json don't require documentation updates.

[cubic-dev-ai]

1 issue found across 1 file

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="extensions/vscode/package.json">

<violation number="1" location="extensions/vscode/package.json:736">
P1: Sync the VS Code lockfile with these dependency bumps. `npm ci` will fail on the package.json/package-lock.json mismatch, so this PR breaks the extension build until `extensions/vscode/package-lock.json` is updated.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.}

[cubic-dev-ai]

P1: Sync the VS Code lockfile with these dependency bumps. npm ci will fail on the package.json/package-lock.json mismatch, so this PR breaks the extension build until extensions/vscode/package-lock.json is updated.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At extensions/vscode/package.json, line 736:

<comment>Sync the VS Code lockfile with these dependency bumps. `npm ci` will fail on the package.json/package-lock.json mismatch, so this PR breaks the extension build until `extensions/vscode/package-lock.json` is updated.</comment>

<file context>
@@ -733,7 +733,7 @@
     "@reduxjs/toolkit": "^1.9.3",
     "@vscode/ripgrep": "^1.15.9",
-    "axios": "^1.13.1",
+    "axios": "^1.15.2",
     "core": "file:../../core",
     "cors": "^2.8.5",
</file context>