From 8f62bc23d1b9fdfa2f61842a001f66b8f40f4e30 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 14 Mar 2026 05:22:04 +0000 Subject: [PATCH 01/10] chore(deps): bump undici from 6.23.0 to 6.24.0 in /packages/http-client Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.24.0. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.24.0) --- updated-dependencies: - dependency-name: undici dependency-version: 6.24.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- packages/http-client/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/http-client/package-lock.json b/packages/http-client/package-lock.json index 2a625161..41352196 100644 --- a/packages/http-client/package-lock.json +++ b/packages/http-client/package-lock.json @@ -232,9 +232,9 @@ } }, "node_modules/undici": { - "version": "6.23.0", - "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz", - "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==", + "version": "6.24.0", + "resolved": "https://registry.npmjs.org/undici/-/undici-6.24.0.tgz", + "integrity": "sha512-lVLNosgqo5EkGqh5XUDhGfsMSoO8K0BAN0TyJLvwNRSl4xWGZlCVYsAIpa/OpA3TvmnM01GWcoKmc3ZWo5wKKA==", "license": "MIT", "engines": { "node": ">=18.17" From 233d556477e82a3dbe94750e37c573238eaa73b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Mar 2026 22:41:36 +0000 Subject: [PATCH 02/10] chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 Bumps [picomatch](https://github.com/micromatch/picomatch) from 2.3.1 to 2.3.2. - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2) --- updated-dependencies: - dependency-name: picomatch dependency-version: 2.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 76e8212e..7bd90f7f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13278,9 +13278,9 @@ "license": "ISC" }, "node_modules/picomatch": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", - "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz", + "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==", "dev": true, "license": "MIT", "engines": { From a8ea745713d98f479025e95def530e4a616e0420 Mon Sep 17 00:00:00 2001 From: Salman Chishti Date: Tue, 7 Apr 2026 16:16:11 +0000 Subject: [PATCH 03/10] feat(github): append orchestration ID to user-agent in getOctokitOptions When ACTIONS_ORCHESTRATION_ID is set, appends actions_orchestration_id/{sanitizedId} to the user-agent string. - Add getUserAgentWithOrchestrationId() to internal/utils.ts - Wire into getOctokitOptions() so all getOctokit() calls include it - Re-export helper from @actions/github/lib/utils for downstream consumers - 14 deterministic unit tests covering helper, integration, edge cases --- packages/github/RELEASES.md | 5 + .../github/__tests__/orchestration.test.ts | 118 ++++++++++++++++++ packages/github/src/internal/utils.ts | 12 ++ packages/github/src/utils.ts | 10 ++ 4 files changed, 145 insertions(+) create mode 100644 packages/github/__tests__/orchestration.test.ts diff --git a/packages/github/RELEASES.md b/packages/github/RELEASES.md index d56d82d4..487e1237 100644 --- a/packages/github/RELEASES.md +++ b/packages/github/RELEASES.md @@ -1,5 +1,10 @@ # @actions/github Releases +### 9.1.0 + +- Append `actions_orchestration_id` to user-agent when `ACTIONS_ORCHESTRATION_ID` environment variable is set +- Export `getUserAgentWithOrchestrationId` from `@actions/github/lib/utils` for downstream consumers + ### 9.0.0 - **Breaking change**: Package is now ESM-only diff --git a/packages/github/__tests__/orchestration.test.ts b/packages/github/__tests__/orchestration.test.ts new file mode 100644 index 00000000..35ef91d1 --- /dev/null +++ b/packages/github/__tests__/orchestration.test.ts @@ -0,0 +1,118 @@ +import {getOctokitOptions, getUserAgentWithOrchestrationId} from '../src/utils' +import {getUserAgentWithOrchestrationId as internalGetUserAgentWithOrchestrationId} from '../src/internal/utils' + +describe('orchestration ID support', () => { + let originalOrchId: string | undefined + + beforeEach(() => { + originalOrchId = process.env['ACTIONS_ORCHESTRATION_ID'] + delete process.env['ACTIONS_ORCHESTRATION_ID'] + }) + + afterEach(() => { + if (originalOrchId !== undefined) { + process.env['ACTIONS_ORCHESTRATION_ID'] = originalOrchId + } else { + delete process.env['ACTIONS_ORCHESTRATION_ID'] + } + }) + + describe('getUserAgentWithOrchestrationId', () => { + it('returns undefined when env var is not set and no base user agent', () => { + expect(getUserAgentWithOrchestrationId()).toBeUndefined() + }) + + it('returns base user agent unchanged when env var is not set', () => { + expect(getUserAgentWithOrchestrationId('my-app')).toBe('my-app') + }) + + it('returns orchestration ID without base when env var is set and no base', () => { + process.env['ACTIONS_ORCHESTRATION_ID'] = 'abc-123' + expect(getUserAgentWithOrchestrationId()).toBe( + 'actions_orchestration_id/abc-123' + ) + }) + + it('appends orchestration ID to base user agent', () => { + process.env['ACTIONS_ORCHESTRATION_ID'] = 'abc-123' + expect(getUserAgentWithOrchestrationId('my-app')).toBe( + 'my-app actions_orchestration_id/abc-123' + ) + }) + + it('sanitizes special characters in orchestration ID', () => { + process.env['ACTIONS_ORCHESTRATION_ID'] = 'id with spaces/and$pecial!' + expect(getUserAgentWithOrchestrationId('my-app')).toBe( + 'my-app actions_orchestration_id/id_with_spaces_and_pecial_' + ) + }) + + it('preserves allowed characters in orchestration ID', () => { + process.env['ACTIONS_ORCHESTRATION_ID'] = + 'valid_id-with.allowed_chars.123' + expect(getUserAgentWithOrchestrationId()).toBe( + 'actions_orchestration_id/valid_id-with.allowed_chars.123' + ) + }) + + it('ignores whitespace-only orchestration ID', () => { + process.env['ACTIONS_ORCHESTRATION_ID'] = ' ' + expect(getUserAgentWithOrchestrationId('my-app')).toBe('my-app') + }) + }) + + describe('public re-export', () => { + it('exports getUserAgentWithOrchestrationId from utils (public API)', () => { + expect(getUserAgentWithOrchestrationId).toBe( + internalGetUserAgentWithOrchestrationId + ) + }) + }) + + describe('getOctokitOptions', () => { + it('sets userAgent when ACTIONS_ORCHESTRATION_ID is set', () => { + process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id' + const opts = getOctokitOptions('fake-token') + expect(opts.userAgent).toBe( + 'actions_orchestration_id/test-orch-id' + ) + }) + + it('does not set userAgent when ACTIONS_ORCHESTRATION_ID is not set', () => { + const opts = getOctokitOptions('fake-token') + expect(opts.userAgent).toBeUndefined() + }) + + it('preserves and appends to caller-provided userAgent', () => { + process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id' + const opts = getOctokitOptions('fake-token', { + userAgent: 'custom-agent/1.0' + }) + expect(opts.userAgent).toBe( + 'custom-agent/1.0 actions_orchestration_id/test-orch-id' + ) + }) + + it('leaves caller-provided userAgent intact when env var is not set', () => { + const opts = getOctokitOptions('fake-token', { + userAgent: 'custom-agent/1.0' + }) + expect(opts.userAgent).toBe('custom-agent/1.0') + }) + + it('does not mutate the original options object', () => { + process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id' + const original = {userAgent: 'original/1.0'} + getOctokitOptions('fake-token', original) + expect(original.userAgent).toBe('original/1.0') + }) + + it('sanitizes special characters through getOctokitOptions', () => { + process.env['ACTIONS_ORCHESTRATION_ID'] = 'bad chars here!' + const opts = getOctokitOptions('fake-token') + expect(opts.userAgent).toBe( + 'actions_orchestration_id/bad_chars_here_' + ) + }) + }) +}) diff --git a/packages/github/src/internal/utils.ts b/packages/github/src/internal/utils.ts index c97db185..5ff4db52 100644 --- a/packages/github/src/internal/utils.ts +++ b/packages/github/src/internal/utils.ts @@ -42,3 +42,15 @@ export function getProxyFetch(destinationUrl): typeof fetch { export function getApiBaseUrl(): string { return process.env['GITHUB_API_URL'] || 'https://api.github.com' } + +export function getUserAgentWithOrchestrationId( + baseUserAgent?: string +): string | undefined { + const orchId = process.env['ACTIONS_ORCHESTRATION_ID']?.trim() + if (orchId) { + const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_') + const ua = baseUserAgent ? `${baseUserAgent} ` : '' + return `${ua}actions_orchestration_id/${sanitizedId}` + } + return baseUserAgent +} diff --git a/packages/github/src/utils.ts b/packages/github/src/utils.ts index e06c4f98..d783278d 100644 --- a/packages/github/src/utils.ts +++ b/packages/github/src/utils.ts @@ -23,6 +23,8 @@ export const GitHub = Octokit.plugin( paginateRest ).defaults(defaults) +export {getUserAgentWithOrchestrationId} from './internal/utils.js' + /** * Convience function to correctly format Octokit Options to pass into the constructor. * @@ -41,5 +43,13 @@ export function getOctokitOptions( opts.auth = auth } + // Orchestration ID + const userAgent = Utils.getUserAgentWithOrchestrationId( + opts.userAgent as string | undefined + ) + if (userAgent) { + opts.userAgent = userAgent + } + return opts } From b0917c5a37118baba90bd114e17dfcf9de8997f2 Mon Sep 17 00:00:00 2001 From: Salman Chishti Date: Tue, 7 Apr 2026 16:35:32 +0000 Subject: [PATCH 04/10] style: fix prettier formatting in orchestration tests --- packages/github/__tests__/orchestration.test.ts | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/packages/github/__tests__/orchestration.test.ts b/packages/github/__tests__/orchestration.test.ts index 35ef91d1..3b851ddb 100644 --- a/packages/github/__tests__/orchestration.test.ts +++ b/packages/github/__tests__/orchestration.test.ts @@ -73,9 +73,7 @@ describe('orchestration ID support', () => { it('sets userAgent when ACTIONS_ORCHESTRATION_ID is set', () => { process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id' const opts = getOctokitOptions('fake-token') - expect(opts.userAgent).toBe( - 'actions_orchestration_id/test-orch-id' - ) + expect(opts.userAgent).toBe('actions_orchestration_id/test-orch-id') }) it('does not set userAgent when ACTIONS_ORCHESTRATION_ID is not set', () => { @@ -110,9 +108,7 @@ describe('orchestration ID support', () => { it('sanitizes special characters through getOctokitOptions', () => { process.env['ACTIONS_ORCHESTRATION_ID'] = 'bad chars here!' const opts = getOctokitOptions('fake-token') - expect(opts.userAgent).toBe( - 'actions_orchestration_id/bad_chars_here_' - ) + expect(opts.userAgent).toBe('actions_orchestration_id/bad_chars_here_') }) }) }) From ffeb50bd029ac95a0cf7015ccbba6bcd1d65f44e Mon Sep 17 00:00:00 2001 From: Salman Chishti Date: Wed, 8 Apr 2026 16:49:32 +0000 Subject: [PATCH 05/10] fix: prevent duplicate orchestration ID in user-agent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add idempotency check to getUserAgentWithOrchestrationId — if the tag is already present in baseUserAgent, return it unchanged. This prevents doubling when both the exported helper and getOctokitOptions run for the same client. --- .../github/__tests__/orchestration.test.ts | 18 ++++++++++++++++++ packages/github/src/internal/utils.ts | 4 +++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/packages/github/__tests__/orchestration.test.ts b/packages/github/__tests__/orchestration.test.ts index 3b851ddb..0bda82f0 100644 --- a/packages/github/__tests__/orchestration.test.ts +++ b/packages/github/__tests__/orchestration.test.ts @@ -59,6 +59,14 @@ describe('orchestration ID support', () => { process.env['ACTIONS_ORCHESTRATION_ID'] = ' ' expect(getUserAgentWithOrchestrationId('my-app')).toBe('my-app') }) + + it('does not duplicate orchestration ID if already present in base', () => { + process.env['ACTIONS_ORCHESTRATION_ID'] = 'abc-123' + const alreadyTagged = 'my-app actions_orchestration_id/abc-123' + expect(getUserAgentWithOrchestrationId(alreadyTagged)).toBe( + alreadyTagged + ) + }) }) describe('public re-export', () => { @@ -110,5 +118,15 @@ describe('orchestration ID support', () => { const opts = getOctokitOptions('fake-token') expect(opts.userAgent).toBe('actions_orchestration_id/bad_chars_here_') }) + + it('does not duplicate orchestration ID when caller already applied it', () => { + process.env['ACTIONS_ORCHESTRATION_ID'] = 'test-orch-id' + const opts = getOctokitOptions('fake-token', { + userAgent: 'my-app actions_orchestration_id/test-orch-id' + }) + expect(opts.userAgent).toBe( + 'my-app actions_orchestration_id/test-orch-id' + ) + }) }) }) diff --git a/packages/github/src/internal/utils.ts b/packages/github/src/internal/utils.ts index 5ff4db52..03c5822a 100644 --- a/packages/github/src/internal/utils.ts +++ b/packages/github/src/internal/utils.ts @@ -49,8 +49,10 @@ export function getUserAgentWithOrchestrationId( const orchId = process.env['ACTIONS_ORCHESTRATION_ID']?.trim() if (orchId) { const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_') + const tag = `actions_orchestration_id/${sanitizedId}` + if (baseUserAgent?.includes(tag)) return baseUserAgent const ua = baseUserAgent ? `${baseUserAgent} ` : '' - return `${ua}actions_orchestration_id/${sanitizedId}` + return `${ua}${tag}` } return baseUserAgent } From 3643ce2db4a129e7bac3dea3a35b3582447c8ec0 Mon Sep 17 00:00:00 2001 From: Salman Chishti Date: Wed, 8 Apr 2026 19:38:31 +0000 Subject: [PATCH 06/10] style: fix prettier formatting in orchestration tests --- packages/github/__tests__/orchestration.test.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/packages/github/__tests__/orchestration.test.ts b/packages/github/__tests__/orchestration.test.ts index 0bda82f0..044fd458 100644 --- a/packages/github/__tests__/orchestration.test.ts +++ b/packages/github/__tests__/orchestration.test.ts @@ -63,9 +63,7 @@ describe('orchestration ID support', () => { it('does not duplicate orchestration ID if already present in base', () => { process.env['ACTIONS_ORCHESTRATION_ID'] = 'abc-123' const alreadyTagged = 'my-app actions_orchestration_id/abc-123' - expect(getUserAgentWithOrchestrationId(alreadyTagged)).toBe( - alreadyTagged - ) + expect(getUserAgentWithOrchestrationId(alreadyTagged)).toBe(alreadyTagged) }) }) From e4598e374ba75e2f6c12db10250150a23ce2e587 Mon Sep 17 00:00:00 2001 From: Salman Chishti Date: Wed, 8 Apr 2026 19:57:41 +0000 Subject: [PATCH 07/10] chore: bump @actions/github to 9.1.0 for release MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Version bump 9.0.0 → 9.1.0 in package.json - Update RELEASES.md with idempotency guard note and PR link --- packages/github/RELEASES.md | 3 +-- packages/github/package-lock.json | 4 ++-- packages/github/package.json | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/packages/github/RELEASES.md b/packages/github/RELEASES.md index 487e1237..e9d69fbb 100644 --- a/packages/github/RELEASES.md +++ b/packages/github/RELEASES.md @@ -2,8 +2,7 @@ ### 9.1.0 -- Append `actions_orchestration_id` to user-agent when `ACTIONS_ORCHESTRATION_ID` environment variable is set -- Export `getUserAgentWithOrchestrationId` from `@actions/github/lib/utils` for downstream consumers +- Append `actions_orchestration_id` to user-agent when the `ACTIONS_ORCHESTRATION_ID` environment variable is set [#2364](https://github.com/actions/toolkit/pull/2364) ### 9.0.0 diff --git a/packages/github/package-lock.json b/packages/github/package-lock.json index 04cb0338..536fcf61 100644 --- a/packages/github/package-lock.json +++ b/packages/github/package-lock.json @@ -1,12 +1,12 @@ { "name": "@actions/github", - "version": "9.0.0", + "version": "9.1.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@actions/github", - "version": "9.0.0", + "version": "9.1.0", "license": "MIT", "dependencies": { "@actions/http-client": "^3.0.2", diff --git a/packages/github/package.json b/packages/github/package.json index 21345966..c3d6fa18 100644 --- a/packages/github/package.json +++ b/packages/github/package.json @@ -1,6 +1,6 @@ { "name": "@actions/github", - "version": "9.0.0", + "version": "9.1.0", "description": "Actions github lib", "keywords": [ "github", From 140509034c2ca4181f476334f45850d98fa5cfd5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 8 Apr 2026 20:54:11 +0000 Subject: [PATCH 08/10] chore(deps): bump brace-expansion in /packages/glob Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.12 to 1.1.13. - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.13) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 1.1.13 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- packages/glob/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/glob/package-lock.json b/packages/glob/package-lock.json index 35920049..91212dfd 100644 --- a/packages/glob/package-lock.json +++ b/packages/glob/package-lock.json @@ -55,9 +55,9 @@ "license": "MIT" }, "node_modules/brace-expansion": { - "version": "1.1.12", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", - "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "version": "1.1.13", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz", + "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==", "license": "MIT", "dependencies": { "balanced-match": "^1.0.0", From 1f375f130a1622595df37822035e2588888978ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Apr 2026 18:58:03 +0000 Subject: [PATCH 09/10] chore(deps-dev): bump follow-redirects from 1.15.11 to 1.16.0 Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.11 to 1.16.0. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0) --- updated-dependencies: - dependency-name: follow-redirects dependency-version: 1.16.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7bd90f7f..43d86d43 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7235,9 +7235,9 @@ } }, "node_modules/follow-redirects": { - "version": "1.15.11", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.11.tgz", - "integrity": "sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==", + "version": "1.16.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.16.0.tgz", + "integrity": "sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==", "dev": true, "funding": [ { From 3c424f0d630a9702e4b9caebf2677fa1063f48ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Apr 2026 21:34:33 +0000 Subject: [PATCH 10/10] chore(deps-dev): bump axios from 1.12.2 to 1.15.1 Bumps [axios](https://github.com/axios/axios) from 1.12.2 to 1.15.1. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](https://github.com/axios/axios/compare/v1.12.2...v1.15.1) --- updated-dependencies: - dependency-name: axios dependency-version: 1.15.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index 43d86d43..a8b8d0e3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4322,15 +4322,15 @@ } }, "node_modules/axios": { - "version": "1.12.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz", - "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==", + "version": "1.15.1", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.15.1.tgz", + "integrity": "sha512-WOG+Jj8ZOvR0a3rAn+Tuf1UQJRxw5venr6DgdbJzngJE3qG7X0kL83CZGpdHMxEm+ZK3seAbvFsw4FfOfP9vxg==", "dev": true, "license": "MIT", "dependencies": { - "follow-redirects": "^1.15.6", - "form-data": "^4.0.4", - "proxy-from-env": "^1.1.0" + "follow-redirects": "^1.15.11", + "form-data": "^4.0.5", + "proxy-from-env": "^2.1.0" } }, "node_modules/axobject-query": { @@ -13570,11 +13570,14 @@ "license": "MIT" }, "node_modules/proxy-from-env": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-2.1.0.tgz", + "integrity": "sha512-cJ+oHTW1VAEa8cJslgmUZrc+sjRKgAKl3Zyse6+PV38hZe/V6Z14TbCuXcan9F9ghlz4QrFr2c92TNF82UkYHA==", "dev": true, - "license": "MIT" + "license": "MIT", + "engines": { + "node": ">=10" + } }, "node_modules/pure-rand": { "version": "6.1.0",