Commit 15d8444
committed
fix: add npm override for axios to address CVE-2025-58754
Axios versions prior to 1.9.1 are vulnerable to Denial of Service via
massive data schemas (CVE-2025-58754). The vulnerable version (1.9.0)
is pulled as a transitive dependency from @edx/frontend-platform.
Adding an npm override forces resolution to a patched version without
changing the frontend-platform version, avoiding breaking changes.1 parent e6febe6 commit 15d8444
1 file changed
Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
119 | 119 | | |
120 | 120 | | |
121 | 121 | | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
122 | 125 | | |
123 | 126 | | |
0 commit comments