Skip to content

update axios and dompurify#515

Merged
kwinto merged 2 commits into
masterfrom
bug/138441-update-axios-and-dompurify
May 28, 2026
Merged

update axios and dompurify#515
kwinto merged 2 commits into
masterfrom
bug/138441-update-axios-and-dompurify

Conversation

@saeb-cognigy

@saeb-cognigy saeb-cognigy commented May 20, 2026

Copy link
Copy Markdown
Collaborator

Quick update to patch Snyk vulnerabilities

Copilot AI review requested due to automatic review settings May 20, 2026 09:48
@graymalkin77

graymalkin77 commented May 20, 2026
edited
Loading

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Copilot AI reviewed May 20, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates third-party dependencies to address reported Snyk vulnerabilities in the Webchat Widget package.

Changes:

  • Bumped axios from ^1.15.0 to ^1.15.2.
  • Bumped dompurify from 3.3.2 to ^3.4.0 and updated the lockfile accordingly.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json Updates dependency versions for axios and dompurify.
package-lock.json Refreshes resolved versions/integrity metadata for the updated dependencies.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread package.json Outdated
@saeb-cognigy saeb-cognigy requested review from a team, kwinto and sushmi21 and removed request for kwinto May 20, 2026 12:01
kwinto
kwinto approved these changes May 28, 2026
View reviewed changes

@kwinto kwinto left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Smoke-tested locally: npm ci installs [email protected] and [email protected] cleanly, npm run dev (webpack-dev-server) compiles successfully (16s, webchat.js 4.5 MiB, message-renderer.js 2.45 MiB), and http://localhost:8787/ serves HTTP 200. LGTM for the Snyk vuln patch.

@kwinto kwinto merged commit dcb6b16 into master May 28, 2026
4 checks passed
@saeb-cognigy saeb-cognigy deleted the bug/138441-update-axios-and-dompurify branch May 28, 2026 09:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@kwinto kwinto kwinto approved these changes
@sushmi21 sushmi21 Awaiting requested review from sushmi21

Assignees

No one assigned

Labels

bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@saeb-cognigy @graymalkin77 @kwinto