Skip to content

[agent] chore(deps): bump nx to 22.7.5 to update axios to 1.16.0#779

Draft
github-actions[bot] wants to merge 1 commit into
mainfrom
security/bump-nx-22.7.5-fix-axios-1.16.0-aa13c394a1d317c2
Draft

[agent] chore(deps): bump nx to 22.7.5 to update axios to 1.16.0#779
github-actions[bot] wants to merge 1 commit into
mainfrom
security/bump-nx-22.7.5-fix-axios-1.16.0-aa13c394a1d317c2

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Updates nx from 22.6.522.7.5 in package-lock.json, which upgrades the transitive axios dependency from 1.15.01.16.0, resolving two high-severity Dependabot alerts.

Alerts addressed

How the fix works

axios is not a direct dependency — it is brought in transitively by nx (which is itself a transitive dependency of lerna@9.0.7, declared as nx: ">=21.5.3 < 23.0.0"). nx@22.7.5 pins axios@1.16.0 (the first patched version), so updating nx within its already-permitted range resolves both advisories without any overrides needed.

Only package-lock.json is changed; no package.json manifest required modification.

Generated by Dependabot remediation agent · ● 542.8K ·

@github-actions
chore(deps): bump nx to 22.7.5 to update axios to 1.16.0
1ad9847 
Updates nx from 22.6.5 to 22.7.5 (within the lerna >=21.5.3 <23.0.0
range), which upgrades the transitive axios dependency from 1.15.0 to
1.16.0, addressing two high-severity advisories:
- GHSA-j5f8-grm9-p9fc (CVE-2026-44486)
- GHSA-p92q-9vqr-4j8v (CVE-2026-44487)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants