Skip to content

chore(deps): bump axios from 0.27.2 to 0.30.3#873

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/axios-0.30.3
Open

chore(deps): bump axios from 0.27.2 to 0.30.3#873
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/axios-0.30.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps axios from 0.27.2 to 0.30.3.

Release notes

Sourced from axios's releases.

Release notes - v0.30.3

This is a critical security maintenance release for the v0.x branch. It addresses a high-priority vulnerability involving prototype pollution that could lead to a Denial of Service (DoS).

Recommendation: All users currently on the 0.x release line should upgrade to this version immediately to ensure environment stability.

🛡️ Security Fixes

  • Backport: Fix DoS via proto key in merge config
    • Patched a vulnerability where specifically crafted configuration objects using the proto key could cause a Denial of Service during the merge process. - by @​FeBe95 in [PR #7388](axios/axios#7388)

⚙️ Maintenance & CI

  • CI Infrastructure Update

⚠️ Breaking Changes

Configuration Merging Behavior:

As part of the security fix, Axios now restricts the merging of the proto key within configuration objects. If your codebase relies on unconventional deep-merging patterns that target the object prototype via Axios config, those operations will now be blocked. This is a necessary change to prevent prototype pollution.

Full Changelog: v0.30.2...v0.30.3

v0.30.2

What's Changed

New Contributors

Full Changelog: axios/axios@v0.30.1...v0.30.2

Release v0.30.1

Release notes:

Bug Fixes

Contributors to this release

Full Changelog: axios/axios@v0.30.0...v0.30.1

Release v0.30.0

Release notes:

Bug Fixes

... (truncated)

Commits
  • f53bcf6 chore: release 0.30.2
  • 3ddccd3 chore: remove publish as this wont work
  • 9ef39d0 chore: try with npm token
  • 4775de6 chore: fix version scheme
  • f96f26b chore: fix issues with using replace
  • ead45c2 chore: update the publish workflow to run on tag
  • 8119265 chore: tag version as legacy on v0.x
  • 9954985 chore: dispatch for first time
  • 3f8b70f chore: final rename
  • c665584 chore: revert naming
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 16, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 16, 2026 15:30
@dependabot dependabot Bot mentioned this pull request Mar 16, 2026
Closed
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Mar 16, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fb7f912c-0990-4972-9688-2ed5b32fc05c

📥 Commits

Reviewing files that changed from the base of the PR and between de1adbd and 4efde0c.

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (1)
  • package.json
✅ Files skipped from review due to trivial changes (1)
  • package.json

Summary by CodeRabbit

  • Chores
    • Updated HTTP client dependency.

Walkthrough

A single dependency version update in package.json: axios upgraded from 0.27.2 to 0.30.3. No code modifications, no changes to exported signatures, and no impact to control flow.

Changes

Cohort / File(s) Summary
Dependency Update
package.json		 Updated axios from version 0.27.2 to 0.30.3.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description lacks required template sections: no 2-3 sentence summary, no UI impact discussion, no RHCLOUDXXXX issue link, no screenshots, and checklist items are incomplete. Complete the description template with a summary, impact analysis, linked issue reference, and filled checklist items. If this addresses a tracked issue, include the RHCLOUDXXXX link.
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: a dependency version bump of axios from 0.27.2 to 0.30.3.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/axios-0.30.3

Comment @coderabbitai help to get the list of available commands and usage tips.

@dependabot
chore(deps): bump axios from 0.27.2 to 0.30.3
4efde0c 
Bumps [axios](https://github.com/axios/axios) from 0.27.2 to 0.30.3.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v0.27.2...v0.30.3)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 0.30.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/axios-0.30.3 branch from de1adbd to 4efde0c Compare April 1, 2026 12:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants