Skip to content

[Snyk] Security upgrade axios from 1.15.0 to 1.15.2#13764

Merged
LukasHirt merged 2 commits into
masterfrom
snyk-fix-940565b52fc85c5f3046de5d48e66315
Jun 25, 2026
Merged

[Snyk] Security upgrade axios from 1.15.0 to 1.15.2#13764
LukasHirt merged 2 commits into
masterfrom
snyk-fix-940565b52fc85c5f3046de5d48e66315

Conversation

@kw-security

Copy link
Copy Markdown
Contributor

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

  • packages/web-test-helpers/package.json
⚠️ Warning
Failed to update the pnpm-lock.yaml, please update manually before merging.

Vulnerabilities that will be fixed with an upgrade:

Issue Score
critical severity Prototype Pollution
SNYK-JS-AXIOS-16417750
  226  
high severity Improperly Controlled Modification of Dynamically-Determined Object Attributes
SNYK-JS-AXIOS-16299921
  182  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improperly Controlled Modification of Dynamically-Determined Object Attributes
🦉 Prototype Pollution

@update-docs

update-docs Bot commented May 7, 2026

Copy link
Copy Markdown

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@LukasHirt

Copy link
Copy Markdown
Collaborator

@dependabot rebase

@LukasHirt LukasHirt force-pushed the snyk-fix-940565b52fc85c5f3046de5d48e66315 branch from a90523e to 472a532 Compare June 25, 2026 07:43
@CLAassistant

CLAassistant commented Jun 25, 2026

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

@kw-security

kw-security commented Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

LukasHirt and others added 2 commits June 25, 2026 10:38
Signed-off-by: Lukas Hirt <info@hirt.cz>
…bump

vi.doMock inside beforeEach registered the @ownclouders/web-client mock
after useWebWorker had already loaded the worker module and resolved its
static `webdav` import, leaving every test running against the real
WebDAV client. Replace vi.doMock with a hoisted module-level vi.mock
(matching the pattern already used for the PDF renderer mock) so the
mock is in place before any worker module loads. Also move webDavMock to
module scope so the factory closure can reference it, and fix the
pasteWorker test data which incorrectly nested baseUrl inside transferData
items instead of at the top level of MessageData.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@LukasHirt LukasHirt force-pushed the snyk-fix-940565b52fc85c5f3046de5d48e66315 branch from 472a532 to a5eedb4 Compare June 25, 2026 08:38
@LukasHirt LukasHirt merged commit c858df7 into master Jun 25, 2026
20 checks passed
@LukasHirt LukasHirt deleted the snyk-fix-940565b52fc85c5f3046de5d48e66315 branch June 25, 2026 09:00
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants