Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-15930944
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 813a18d. Configure here.
| }, | ||
| "dependencies": { | ||
| "@azure/ms-rest-js": "^1.5.0", | ||
| "@azure/ms-rest-js": "^2.0.0", |
There was a problem hiding this comment.
MapperType runtime value removed in ms-rest-js v2
High Severity
Upgrading @azure/ms-rest-js from v1 to v2 likely breaks the runtime usage of msRest.MapperType.Sequence. In v1, MapperType was exported as a runtime const object, but in v2 it became a TypeScript type alias only, meaning it doesn't exist at runtime. The codebase accesses msRest.MapperType.Sequence as a value in src/blob/generated/utils/serializer.ts, src/queue/generated/utils/serializer.ts, and src/table/generated/utils/serializer.ts, which would either cause a build failure or a runtime TypeError.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 813a18d. Configure here.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 813a18de0f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "@azure/ms-rest-js": "^2.0.0", | ||
| "args": "^5.0.1", | ||
| "axios": "^0.27.0", | ||
| "axios": "^1.13.2", |
There was a problem hiding this comment.
This upgrade conflicts with the package's declared support for Node >=10.0.0: Azurite imports axios from CommonJS-compiled code (for example in BlobHandler), but axios 1.x ships an ESM entrypoint with conditional exports, and Node 10 does not support package exports resolution. In a Node 10 runtime, require("axios") can resolve to the ESM index.js and fail before the service starts, so this change can break all Node 10 users even though the engines field still advertises that version.
Useful? React with 👍 / 👎.
2 participants
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-AXIOS-15930944
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling
Note
Medium Risk
Upgrades
axiosto a newer major version and bumps@azure/ms-rest-js, which can introduce subtle HTTP/client behavior changes at runtime despite being dependency-only updates.Overview
Updates runtime dependencies to remediate a Snyk-reported vulnerability by upgrading
axiosfrom0.27.xto1.13.2and@azure/ms-rest-jsfrom1.xto2.0.0.Refreshes
package-lock.jsonaccordingly, pulling in new transitive packages (e.g.,proxy-from-env,node-fetchtypes, and intrinsic helper libs) and removing the older nestedaxiosdependency under@azure/ms-rest-js.Reviewed by Cursor Bugbot for commit 813a18d. Bugbot is set up for automated code reviews on this repo. Configure here.