Skip to content

Bump @datadog/datadog-ci to 5.11.0 (exact-pinned axios)#681

Merged
ava-silver merged 1 commit intomainfrom
ava.silver/security/bump-datadog-ci-to-5.11.0-for-exact-axios-pin
Mar 31, 2026
Merged

Bump @datadog/datadog-ci to 5.11.0 (exact-pinned axios)#681
ava-silver merged 1 commit intomainfrom
ava.silver/security/bump-datadog-ci-to-5.11.0-for-exact-axios-pin

Conversation

@ava-silver
Copy link
Copy Markdown
Contributor

@ava-silver ava-silver commented Mar 31, 2026
edited
Loading

Summary

  • Bumps @datadog/datadog-ci from 5.9.1 to 5.11.0
  • Version 5.11.0 pins axios@1.13.5 exactly (no caret), preventing npm from resolving to a compromised version

Context

Following the axios npm supply chain compromise, axios@1.14.1 was published with a RAT payload. Because @datadog/datadog-ci-base@5.9.1 declared axios@^1.13.5, any customer installing serverless-plugin-datadog without a lockfile during the attack window would have resolved to the compromised version transitively.

@datadog/datadog-ci-base@5.11.0 exact-pins axios@1.13.5, closing this vector for future installs. This is the most impactful fix for downstream customers.

Test plan

  • CI passes
  • npm view of published package shows @datadog/datadog-ci: 5.11.0

🤖 Generated with Claude Code

@ava-silver Graphite App
Copy link
Copy Markdown
Contributor Author

ava-silver commented Mar 31, 2026

This stack of pull requests is managed by Graphite. Learn more about stacking.

@ava-silver ava-silver changed the title [SECURITY] bump datadog-ci to 5.11.0 for exact axios pin Bump @datadog/datadog-ci to 5.11.0 (exact-pinned axios) Mar 31, 2026
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Mar 31, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.69%. Comparing base (3e8dac9) to head (2608817).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #681   +/-   ##
=======================================
  Coverage   77.69%   77.69%           
=======================================
  Files          12       12           
  Lines        1112     1112           
  Branches      350      350           
=======================================
  Hits          864      864           
  Misses        118      118           
  Partials      130      130

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@ava-silver ava-silver marked this pull request as ready for review March 31, 2026 18:37
@ava-silver ava-silver requested a review from a team as a code owner March 31, 2026 18:37
@ava-silver ava-silver requested a review from TalUsvyatsky March 31, 2026 18:37
@ava-silver ava-silver merged commit ac88049 into main Mar 31, 2026
7 checks passed
@ava-silver ava-silver deleted the ava.silver/security/bump-datadog-ci-to-5.11.0-for-exact-axios-pin branch March 31, 2026 18:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@avangelillo avangelillo avangelillo approved these changes

@TalUsvyatsky TalUsvyatsky Awaiting requested review from TalUsvyatsky TalUsvyatsky is a code owner automatically assigned from DataDog/serverless-onboarding-and-enablement

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ava-silver @codecov-commenter @avangelillo