chore(project): upgraded dependencies versions#251
Conversation
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) ✅ license/snyk check is complete. No issues have been found. (View Details) ✅ code/snyk check is complete. No issues have been found. (View Details) |
KeiKey
force-pushed
the
feature/update-dependencies
branch
from
b2ddc28 to
387e25b
Compare
| "cross-spawn": "7.0.5", | ||
| "srt-parser-2": "1.1.3", | ||
| "axios": "1.8.3", | ||
| "axios": "1.11.0", |
There was a problem hiding this comment.
Hello @KeiKey, do we still need axios override here? I can see axios exists in dependencies
There was a problem hiding this comment.
Hey @mhdha94 , yeah it is needed because we have 2 dependencies that still install a previous version of axios. These would be the installed versions without the override:
There was a problem hiding this comment.
@KeiKey I see. In that case, would it be possible to update either @langchain or ibm-cloud-sdk-core?
Both packages seem to have newer versions available. In fact, the latest release of ibm-cloud-sdk-core is already using axios@1.11.0:
https://github.com/IBM/node-sdk-core/blob/main/package.json
That said, I’m not sure if we can update them directly.
@langchain/community https://www.npmjs.com/package/@langchain/community/v/0.3.49?activeTab=versions has a newer version as well
There was a problem hiding this comment.
We try to update these remaining dependencies @KeiKey? I see you were already proactive to update many of the dependencies, which I really like, so try these extra ones as well :)
There was a problem hiding this comment.
We've already updated @cognigy/rest-api-client to the latest available version (2025.15.1), but it still uses axios@1.8.3. I also checked their repo, and it looks like even in the upcoming release, that won’t change.
Regarding @langchain/community, we’ll need to wait for a version that updates ibm-cloud-sdk-core. While ibm-cloud-sdk-core does have a version compatible with axios@1.11.0, @langchain/community isn’t using that version yet in their latest release.
I could’ve explained the reasoning for keeping these versions more clearly. Thanks for bringing it up!
** If/whenever we ping team Boron for them to upgrade axios to 1.11.0, we can also let them know to fix a npm warn deprecated warning that we are getting. They are using uuidv4, which is a deprecated package. uuid package is the suggested alternative.
|
🎉 This PR is included in version 1.8.6 🎉 The release is available on: Your semantic-release bot 📦🚀 |
4 participants
Upgraded dependencies based on snyk suggestions.
Upgraded axios to 1.11.0 in order to address a security issue with the previous versions.
Didn't remove the form-data override because it is still needed for @langchain/community. They have pushed a fix, but its not published yet.