Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@
"dependencies": {
"@types/js-cookie": "^2.2.7",
"@types/query-string": "^6.3.0",
"js-cookie": "^2.2.1",
"js-cookie": "^3.0.7",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Namespace import incompatible with js-cookie v3 default export

High Severity

Bumping js-cookie to v3 without updating the import style or type definitions breaks the library. js-cookie v3 only provides a default export, so import * as cookie from 'js-cookie' (used in create-request-sender.ts) results in a namespace object where cookie.get is undefined when resolved by ESM-aware bundlers like webpack. Additionally, @types/js-cookie remains at ^2.2.7 which is documented as incompatible with js-cookie v3. This silently breaks XSRF-TOKEN reading at runtime in production builds.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 00f0118. Configure here.

"lodash.merge": "^4.6.2",
"query-string": "^6.14.1",
"tslib": "^2.8.1"
Expand Down