Morph MORPH
SIGN IN SIGN UP
appsmithorg / appsmith UNCLAIMED

Platform to build admin panels, internal tools, and dashboards. Integrates with 25+ databases and any API.

0 0 68 TypeScript

fix(security): upgrade axios to 1.15.0 for GHSA-3p68-rc4w-qgx5 (#41739)

## Summary
- Upgrade `axios` to `^1.15.0` in `app/client/package.json` and
`app/client/packages/rts/package.json` to remediate GHSA-3p68-rc4w-qgx5
/ CVE-2025-62718.
- Regenerate `app/client/yarn.lock` so all client workspace consumers
(including `wait-on`) resolve to `axios@1.15.0`.
- Add RTS regression coverage in
`app/client/packages/rts/src/__tests__/axiosNoProxyNormalization.test.ts`
to verify loopback host variants are not proxied when `NO_PROXY` is set.

## Test plan
- [x] `yarn install --mode=skip-build` (from `app/client`)
- [x] `yarn why axios` shows `axios@1.15.0` for `appsmith`,
`appsmith-rts`, and `wait-on`
- [x] `yarn test:unit` (from `app/client/packages/rts`)
- [x] `yarn lint` (from `app/client/packages/rts`)
- [x] `yarn build` (from `app/client`)
- [x] `npx prettier --write ./src ./cypress` (from `app/client`)
- [ ] `npx eslint --fix -c ./cypress/.eslintrc.json --cache ./cypress`
(from `app/client`) - command was run multiple times but hangs in this
local environment without producing completion output.
- [ ] `yarn g:jest src/api/__tests__/apiRequestInterceptors.test.ts
src/api/__tests__/apiFailureResponseInterceptors.test.ts
src/api/__tests__/apiSucessResponseInterceptors.test.ts` (from
`app/client`) - fails in this environment due missing `canvas` binary
(`Cannot find module '../build/Release/canvas.node'`).

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->


Fixes
https://linear.app/appsmith/issue/APP-15127/security-critical-dependabot-alert-580-axios-no-proxy-hostname

## Summary by CodeRabbit

* **Chores**
* Updated HTTP client library dependencies across packages to the latest
compatible version for improved stability and performance.

* **Tests**
* Added test coverage for proxy configuration normalization behavior to
ensure reliable network connectivity.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->


## Automation

/ok-to-test tags="@tag.All"

<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/24443669428>
> Commit: ce5b56989264b4189357bd8b1b971455ef0bdefe
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=24443669428&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.All`
> Spec:
> <hr>Wed, 15 Apr 2026 09:39:49 UTC
<!-- end of auto-generated comment: Cypress test results  -->
S
subratadeypappu committed
8b2fe62da5387026332a48bd43a341adc184d02b
Parent: 7d8a5ef
Committed by GitHub <noreply@github.com> on 4/15/2026, 10:41:36 AM