Feat axios update

[eldadfux]

What does this PR do?

(Provide a description of what this PR does.)

Test Plan

(Write your test plan here. If you changed any code, please provide us with clear instructions on how you verified your changes work.)

Related PRs and Issues

(If this PR is related to any other PR or resolves any issue or related to any issue link all related PR and issues here.)

Have you read the Contributing Guidelines on issues?

(Write your answer here.)

Summary by CodeRabbit

• Documentation
  • Published a security update blog post and matching changelog confirming Appwrite SDKs and tooling were not impacted by the Axios npm supply‑chain incident.
  • Clarified JS/TS SDKs use native fetch and that no emergency customer action is required.
  • Recommended pinning JS/TS dependencies via committed lockfiles.
  • Announced added workflow safeguards and ongoing dependency‑management monitoring.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ac698be5-6753-4e44-ba06-84f6dd58a285

📥 Commits

Reviewing files that changed from the base of the PR and between 29b944f and e2168ae.

📒 Files selected for processing (1)

• .optimize-cache.json

✅ Files skipped from review due to trivial changes (1)

• .optimize-cache.json

---

Walkthrough

Added a blog post at src/routes/blog/post/security-update-regarding-the-axios-npm-incident/+page.markdoc, a changelog entry at src/routes/changelog/(entries)/2026-03-31.markdoc linking to that post, and an .optimize-cache.json entry mapping the blog cover image to its content hash. The content reports Appwrite’s review found production repositories, SDKs, and tooling were not impacted by the compromised Axios npm releases (JS/TS SDKs use native fetch), and documents customer recommendations plus new TypeScript SDK CI and lockfile safeguards. No code or exported/public entities were changed.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~4 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Feat axios update' is vague and overly broad. While the PR contains axios-related content, the title does not clearly convey the actual change: publishing a security incident update addressing an axios npm supply-chain incident and documenting safeguards.	Revise the title to be more descriptive and specific, such as 'Add security update blog post for axios npm incident' or 'Document axios npm supply-chain incident response and safeguards'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat-axios-update

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR publishes a security advisory blog post and a matching changelog entry confirming that Appwrite's SDKs and tooling were not impacted by the Axios npm supply-chain incident, along with a cover image and an updated image optimisation cache entry.

• Blog post (+page.markdoc): Well-structured with correct frontmatter (author: eldad-fux resolves to an existing author page, valid category: security, correct date). Prose is clear and accurately scoped — no emergency action required for Appwrite customers.
• Changelog entry (2026-03-31.markdoc): Concise summary with an arrow_link pointing to the full blog post; format is consistent with all other changelog entries.
• Cover image: Added at the path referenced by both files' cover frontmatter field.
• .optimize-cache.json: Hash entry correctly added for the new image.

No code changes; all content and formatting are consistent with existing conventions in the repository.

Confidence Score: 5/5

Pure content addition with no code changes — safe to merge.

All four changed files are content or static assets. The blog post and changelog follow existing formatting conventions exactly, the referenced author slug exists, image paths are consistent across both files and the cache, and no logic or configuration is touched.

No files require special attention.

Important Files Changed

Filename	Overview
src/routes/blog/post/security-update-regarding-the-axios-npm-incident/+page.markdoc	New security advisory blog post explaining Appwrite's non-exposure to the Axios npm supply chain incident, with correct frontmatter (valid author, date, category) and prose consistent with the existing blog format.
src/routes/changelog/(entries)/2026-03-31.markdoc	New changelog entry summarising the Axios security update and linking to the full blog post via the arrow_link component; format matches existing changelog entries.
static/images/blog/security-update-regarding-the-axios-npm-incident/cover.png	New cover image for the blog post; path matches the cover field referenced in both the blog post and changelog frontmatter.
.optimize-cache.json	Image optimisation cache updated with the hash for the new cover image; no issues.

_{Reviews (4): Last reviewed commit: "Merge branch 'main' into feat-axios-upda..." | Re-trigger Greptile}

[adityaoberai]

minor edits, approving the PR to unblock