From 255c881c0175e901e5a432302e21f2a5a7a77659 Mon Sep 17 00:00:00 2001
From: jagan <jagan.polavarapu@checkdigit.com>
Date: Thu, 2 Apr 2026 15:56:47 -0500
Subject: [PATCH 1/2] Remove axios from notAllowed list as multiple services
 are using

---
 package-lock.json                             | 31 +++----------------
 package.json                                  |  2 +-
 .../packages-not-allowed.spec.ts              | 11 +------
 src/check-imports/packages-not-allowed.ts     |  5 ---
 4 files changed, 6 insertions(+), 43 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index adddaec..19e2a76 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "@checkdigit/github-actions",
-  "version": "4.0.1",
+  "version": "4.0.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@checkdigit/github-actions",
-      "version": "4.0.1",
+      "version": "4.0.2",
       "license": "MIT",
       "dependencies": {
         "@actions/core": "^3.0.0",
@@ -196,31 +196,6 @@
         "typescript": ">=5.9.3 <6"
       }
     },
-    "node_modules/@emnapi/core": {
-      "version": "1.9.2",
-      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.9.2.tgz",
-      "integrity": "sha512-UC+ZhH3XtczQYfOlu3lNEkdW/p4dsJ1r/bP7H8+rhao3TTTMO1ATq/4DdIi23XuGoFY+Cz0JmCbdVl0hz9jZcA==",
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "peer": true,
-      "dependencies": {
-        "@emnapi/wasi-threads": "1.2.1",
-        "tslib": "^2.4.0"
-      }
-    },
-    "node_modules/@emnapi/runtime": {
-      "version": "1.9.2",
-      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.9.2.tgz",
-      "integrity": "sha512-3U4+MIWHImeyu1wnmVygh5WlgfYDtyf0k8AbLhMFxOipihf6nrWC4syIm/SwEeec0mNSafiiNnMJwbza/Is6Lw==",
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "peer": true,
-      "dependencies": {
-        "tslib": "^2.4.0"
-      }
-    },
     "node_modules/@emnapi/wasi-threads": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.2.1.tgz",
@@ -2546,6 +2521,7 @@
       "integrity": "sha512-g3WpVQHngx0aLXn6kfIYCZxM6rRJlWzEkVpqEFLT3SgEDsp9cpCbxxgwnE504q4H+ruSDh/VGS6nqZIDynP+vg==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@typescript-eslint/scope-manager": "8.39.0",
         "@typescript-eslint/types": "8.39.0",
@@ -4551,6 +4527,7 @@
       "integrity": "sha512-ixmkI62Rbc2/w8Vfxyh1jQRTdRTF52VxwRVHl/ykPAmqG+Nb7/kNn+byLP0LxPgI7zWA16Jt82SybJInmMia3A==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@rtsao/scc": "^1.1.0",
         "array-includes": "^3.1.8",
diff --git a/package.json b/package.json
index deeb7f0..6189f78 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@checkdigit/github-actions",
-  "version": "4.0.1",
+  "version": "4.0.2",
   "description": " Provides supporting operations for github action builds.",
   "homepage": "https://github.com/checkdigit/github-actions#readme",
   "bugs": {
diff --git a/src/check-imports/packages-not-allowed.spec.ts b/src/check-imports/packages-not-allowed.spec.ts
index 19781fd..488a640 100644
--- a/src/check-imports/packages-not-allowed.spec.ts
+++ b/src/check-imports/packages-not-allowed.spec.ts
@@ -5,7 +5,7 @@ import { describe, it } from 'node:test';
 
 import * as semver from 'semver';
 
-import notAllowed, { SECURITY_RISK } from './packages-not-allowed.ts';
+import notAllowed from './packages-not-allowed.ts';
 
 describe('packages not allowed', async () => {
   it('contains a list of names, valid ranges, and reasons', async () => {
@@ -15,13 +15,4 @@ describe('packages not allowed', async () => {
       assert.ok(reason.length > 10); // Ten is an arbitrary length to ensure a full sentence used in the reason.
     });
   });
-  it('contains axios as a fully blocked dependency', async () => {
-    assert.ok(
-      notAllowed.some(
-        ([name, range, reason]) =>
-          name === 'axios' && range === '*' && reason === SECURITY_RISK,
-      ),
-      'Should contain axios@* as not allowed',
-    );
-  });
 });
diff --git a/src/check-imports/packages-not-allowed.ts b/src/check-imports/packages-not-allowed.ts
index 88f4a6f..1424bff 100644
--- a/src/check-imports/packages-not-allowed.ts
+++ b/src/check-imports/packages-not-allowed.ts
@@ -11,13 +11,8 @@ export type NotAllowed = [Name, Range, Reason];
 // const UNSTABLE =
 //   'Higher versions are unstable and break tests in Check Digit services. This can be removed from the Not Allowed list when stability improves.';
 
-export const SECURITY_RISK =
-  'Blocked by security policy due to security concerns'; /*
-  This is the list of packages that are not allowed to be imported.
- */
 const notAllowed: NotAllowed[] = [
   // ['@aws-sdk/client-*', '>3.387.0', UNSTABLE], // example of an unstable package
-  ['axios', '*', SECURITY_RISK],
 ];
 
 export default notAllowed;

From 7f79813d32a245e196603df028194653e6f62013 Mon Sep 17 00:00:00 2001
From: jagan <jagan.polavarapu@checkdigit.com>
Date: Thu, 2 Apr 2026 16:02:48 -0500
Subject: [PATCH 2/2] Remove axios from notAllowed list as multiple services
 are using

---
 package-lock.json | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 19e2a76..c3a2fec 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -196,6 +196,31 @@
         "typescript": ">=5.9.3 <6"
       }
     },
+    "node_modules/@emnapi/core": {
+      "version": "1.9.2",
+      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.9.2.tgz",
+      "integrity": "sha512-UC+ZhH3XtczQYfOlu3lNEkdW/p4dsJ1r/bP7H8+rhao3TTTMO1ATq/4DdIi23XuGoFY+Cz0JmCbdVl0hz9jZcA==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "peer": true,
+      "dependencies": {
+        "@emnapi/wasi-threads": "1.2.1",
+        "tslib": "^2.4.0"
+      }
+    },
+    "node_modules/@emnapi/runtime": {
+      "version": "1.9.2",
+      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.9.2.tgz",
+      "integrity": "sha512-3U4+MIWHImeyu1wnmVygh5WlgfYDtyf0k8AbLhMFxOipihf6nrWC4syIm/SwEeec0mNSafiiNnMJwbza/Is6Lw==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "peer": true,
+      "dependencies": {
+        "tslib": "^2.4.0"
+      }
+    },
     "node_modules/@emnapi/wasi-threads": {
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.2.1.tgz",
@@ -2521,7 +2546,6 @@
       "integrity": "sha512-g3WpVQHngx0aLXn6kfIYCZxM6rRJlWzEkVpqEFLT3SgEDsp9cpCbxxgwnE504q4H+ruSDh/VGS6nqZIDynP+vg==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@typescript-eslint/scope-manager": "8.39.0",
         "@typescript-eslint/types": "8.39.0",
@@ -4527,7 +4551,6 @@
       "integrity": "sha512-ixmkI62Rbc2/w8Vfxyh1jQRTdRTF52VxwRVHl/ykPAmqG+Nb7/kNn+byLP0LxPgI7zWA16Jt82SybJInmMia3A==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@rtsao/scc": "^1.1.0",
         "array-includes": "^3.1.8",