Skip to content

Commit 15d8444

Browse files
committed
fix: add npm override for axios to address CVE-2025-58754
Axios versions prior to 1.9.1 are vulnerable to Denial of Service via massive data schemas (CVE-2025-58754). The vulnerable version (1.9.0) is pulled as a transitive dependency from @edx/frontend-platform. Adding an npm override forces resolution to a patched version without changing the frontend-platform version, avoiding breaking changes.
1 parent e6febe6 commit 15d8444

1 file changed

Lines changed: 3 additions & 0 deletions

File tree

package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,5 +119,8 @@
119119
"jest-expect-message": "^1.1.3",
120120
"react-test-renderer": "^18.3.1",
121121
"redux-mock-store": "^1.5.4"
122+
},
123+
"overrides": {
124+
"axios": "^1.9.1"
122125
}
123126
}

0 commit comments

Comments
 (0)