Skip to content

fix(deps): bump axios, node-forge, undici, ws in docusaurus lockfile#81366

Merged
Aaron ("AJ") Steers (aaronsteers) merged 1 commit into
masterfrom
devin/1782943583-security-npm-batch
Jul 2, 2026
Merged

fix(deps): bump axios, node-forge, undici, ws in docusaurus lockfile#81366
Aaron ("AJ") Steers (aaronsteers) merged 1 commit into
masterfrom
devin/1782943583-security-npm-batch

Conversation

@aaronsteers

Copy link
Copy Markdown
Member

What

Resolves 24 Dependabot security alerts for transitive npm dependencies in docusaurus/pnpm-lock.yaml:

Resolves https://github.com/airbytehq/airbyte-internal-issues/issues/16679

How

Lockfile-only regeneration — no direct dependency or code changes. Ran pnpm update axios node-forge undici ws then pnpm install --lockfile-only in the docusaurus/ directory.

Version changes in lockfile:

Package Before After Target
axios 1.13.1 1.18.1 ≥ 1.16.0
node-forge 1.3.1 1.4.0 ≥ 1.4.0
undici 7.16.0 7.28.0 ≥ 7.28.0
ws 7.5.10 7.5.11 ≥ 7.5.11
ws 8.18.3 8.21.0 ≥ 7.5.11

No breaking changes — all upgrades are minor/patch within the same major version lines.

Review guide

  1. docusaurus/pnpm-lock.yaml — regenerated lockfile with patched transitive dependency versions

User Impact

No user-facing impact. This only affects the documentation site's build dependencies.

Can this PR be safely reverted and rolled back?

  • YES 💚

Link to Devin session: https://app.devin.ai/sessions/51c0e8e5617546959e861e7cb54d8074
Requested by: Aaron ("AJ") Steers (@aaronsteers)

Regenerate docusaurus/pnpm-lock.yaml to resolve 24 Dependabot alerts:

- axios: 1.13.1 -> 1.18.1 (12 alerts)
- node-forge: 1.3.1 -> 1.4.0 (6 alerts)
- undici: 7.16.0 -> 7.28.0 (4 alerts)
- ws: 7.5.10 -> 7.5.11, 8.18.3 -> 8.21.0 (2 alerts)

Co-Authored-By: AJ Steers <aj@airbyte.io>
@devin-ai-integration

Copy link
Copy Markdown
Contributor

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment, CI, and merge conflict monitoring

@devin-ai-integration devin-ai-integration Bot marked this pull request as ready for review July 1, 2026 22:09
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

👋 Greetings, Airbyte Team Member!

Here are some helpful tips and reminders for your convenience.

💡 Show Tips and Tricks

PR Slash Commands

Airbyte Maintainers (that's you!) can execute the following slash commands on your PR:

  • 🛠️ Quick Fixes
    • /format-fix - Fixes most formatting issues.
    • /bump-version - Bumps connector versions, scraping changelog description from the PR title.
      • Bump types: patch (default), minor, major, major_rc, rc, promote.
      • The rc type is a smart default: applies minor_rc if stable, or bumps the RC number if already RC.
      • The promote type strips the RC suffix to finalize a release.
      • Example: /bump-version type=rc or /bump-version type=minor
    • /bump-progressive-rollout-version - Alias for /bump-version type=rc. Bumps with an RC suffix and enables progressive rollout.
  • ❇️ AI Testing and Review (internal link: AI-SDLC Docs):
    • /ai-prove-fix - Runs prerelease readiness checks, including testing against customer connections.
    • /ai-canary-prerelease - Rolls out prerelease to 5-10 connections for canary testing.
    • /ai-review - AI-powered PR review for connector safety and quality gates.
  • 📝 AI Documentation:
    • /ai-docs-review - AI-powered documentation review for PRs with connector changes.
    • /ai-create-docs-pr - Creates a documentation PR for connector changes, stacked on the current PR.
  • 🚀 Connector Releases:
    • /publish-connectors-prerelease - Publishes pre-release connector builds (tagged as {version}-preview.{git-sha}) for all modified connectors in the PR.
  • ☕️ JVM connectors:
    • /update-connector-cdk-version connector=<CONNECTOR_NAME> - Updates the specified connector to the latest CDK version.
      Example: /update-connector-cdk-version connector=destination-bigquery
  • 🐍 Python connectors:
    • /poe connector source-example lock - Run the Poe lock task on the source-example connector, committing the results back to the branch.
    • /poe source example lock - Alias for /poe connector source-example lock.
    • /poe source example use-cdk-branch my/branch - Pin the source-example CDK reference to the branch name specified.
    • /poe source example use-cdk-latest - Update the source-example CDK dependency to the latest available version.
  • ⚙️ Admin commands:
    • /force-merge reason="<REASON>" - Force merges the PR using admin privileges, bypassing CI checks. Requires a reason.
      Example: /force-merge reason="CI is flaky, tests pass locally"
📚 Show Repo Guidance

Helpful Resources

📝 Edit this welcome message.

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

Open in Devin Review

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Deploy preview for airbyte-docs ready!

Project:airbyte-docs
Status: ✅  Deploy successful!
Preview URL:https://airbyte-docs-o7lr5s4dl-airbyte-growth.vercel.app
Latest Commit:7e471d7

Deployed with vercel-action

@aaronsteers Aaron ("AJ") Steers (aaronsteers) merged commit 09de56a into master Jul 2, 2026
61 of 64 checks passed
@aaronsteers Aaron ("AJ") Steers (aaronsteers) deleted the devin/1782943583-security-npm-batch branch July 2, 2026 18:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant