fix(deps): override axios to 1.15.0 to resolve critical SSRF vulnerability

Cascade Bot · claude · Cascade Bot · commit b668751a7a93 · 2026-04-14T18:58:25.000Z
Adds npm overrides entry to force axios>=1.15.0 across transitive dependencies (jira.js, trello.js), resolving GHSA-3p68-rc4w-qgx5 and GHSA-fvcv-3m26-pcqx that were failing the CI npm audit check. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/package.json b/package.json
@@ -134,6 +134,7 @@
 	"overrides": {
 		"lodash": "^4.18.1",
 		"lodash-es": "^4.18.1",
-		"brace-expansion": "^2.0.3"
+		"brace-expansion": "^2.0.3",
+		"axios": "^1.15.0"
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -134,6 +134,7 @@`
`134`	`134`	`"overrides": {`
`135`	`135`	`"lodash": "^4.18.1",`
`136`	`136`	`"lodash-es": "^4.18.1",`
`137`		`- "brace-expansion": "^2.0.3"`
	`137`	`+ "brace-expansion": "^2.0.3",`
	`138`	`+ "axios": "^1.15.0"`
`138`	`139`	`}`
`139`	`140`	`}`