fix: update axios and path-to-regexp to resolve security vulnerabilities

nrkruk · nrkruk · commit 8f43d985be61 · 2025-11-19T11:53:24.000-05:00
- Updated axios dependency to ^1.12.0 to fix CVE-2025-58754 (HIGH) - Added path-to-regexp resolution to ^6.3.0 to fix CVE-2024-52798 (HIGH) - All transitive dependencies now use secure versions - All tests pass successfully
diff --git a/package.json b/package.json
@@ -14,7 +14,7 @@
     "@salesforce/kit": "^3.2.4",
     "@salesforce/lwc-dev-mobile-core": "4.0.0-alpha.14",
     "@salesforce/sf-plugins-core": "^11.2.4",
-    "axios": "^1.13.2",
+    "axios": "^1.12.0",
     "glob": "^10.5.0",
     "lwc": "~8.24.0",
     "node-fetch": "^3.3.2",
@@ -109,7 +109,8 @@
     "access": "public"
   },
   "resolutions": {
-    "cliui": "7.0.4"
+    "cliui": "7.0.4",
+    "path-to-regexp": "^6.3.0"
   },
   "wireit": {
     "build": {
diff --git a/yarn.lock b/yarn.lock
@@ -3731,7 +3731,7 @@ available-typed-arrays@^1.0.7:
   dependencies:
     possible-typed-array-names "^1.0.0"
 
-axios@^1.13.2:
+axios@^1.12.0:
   version "1.13.2"
   resolved "https://registry.yarnpkg.com/axios/-/axios-1.13.2.tgz#9ada120b7b5ab24509553ec3e40123521117f687"
   integrity sha512-VPk9ebNqPcy5lRGuSlKx752IlDatOjT9paPlm8A7yOuW2Fbvp4X3JznJtT4f0GzGLLiWE9W8onz51SqLYwzGaA==
@@ -6438,11 +6438,6 @@ is-wsl@^3.1.0:
   dependencies:
     is-inside-container "^1.0.0"
 
-isarray@0.0.1:
-  version "0.0.1"
-  resolved "https://registry.yarnpkg.com/isarray/-/isarray-0.0.1.tgz#8a18acfca9a8f4177e09abfc6038939b05d1eedf"
-  integrity sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==
-
 isarray@1.0.0, isarray@^1.0.0, isarray@~1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11"
@@ -7784,14 +7779,7 @@ path-scurry@^2.0.0:
     lru-cache "^11.0.0"
     minipass "^7.1.2"
 
-path-to-regexp@^1.7.0:
-  version "1.8.0"
-  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-1.8.0.tgz#887b3ba9d84393e87a0a0b9f4cb756198b53548a"
-  integrity sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==
-  dependencies:
-    isarray "0.0.1"
-
-path-to-regexp@^6.2.1:
+path-to-regexp@^1.7.0, path-to-regexp@^6.2.1, path-to-regexp@^6.3.0:
   version "6.3.0"
   resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-6.3.0.tgz#2b6a26a337737a8e1416f9272ed0766b1c0389f4"
   integrity sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==
