Skip to content

chore: 14339 axios CVE#36407

Draft
PaulGMardling wants to merge 5 commits into
microsoft:masterfrom
PaulGMardling:fix/14339-axios-cve
Draft

chore: 14339 axios CVE#36407
PaulGMardling wants to merge 5 commits into
microsoft:masterfrom
PaulGMardling:fix/14339-axios-cve

Conversation

@PaulGMardling

@PaulGMardling PaulGMardling commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Previous Behavior

Component Governance reported vulnerabilities affecting Axios 1.13.2.

New Behavior

The repository now resolves Axios to version 1.18.1 through a root-level Yarn resolution.

Investigation / Findings

Investigation showed that Axios 1.13.2 was introduced through multiple dependency paths:

  • nx
  • chromedriver (used by @fluentui/web-components and @fluentui/chart-web-components)

A root-level Yarn resolution was added:

"resolutions": {
  "axios": "^1.18.1"
}

Related Issue(s)

@github-actions

Copy link
Copy Markdown

📊 Bundle size report

✅ No changes found

@github-actions

Copy link
Copy Markdown

Pull request demo site: URL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant