Skip to content

Commit c825692

Browse files
committed
fix(security): pin axios to ^1.15.0 to remediate CVE-2025-58754
Axios versions 1.9.0-1.13.4 are vulnerable to DoS via large data schemes. Force resolution to ^1.15.0 (resolves to 1.18.0) via npm overrides. Regenerated package-lock.json for npm ci compatibility. Refs: CVE-2025-58754
1 parent e6febe6 commit c825692

2 files changed

Lines changed: 28 additions & 30 deletions

File tree

package-lock.json

Lines changed: 25 additions & 30 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -119,5 +119,8 @@
119119
"jest-expect-message": "^1.1.3",
120120
"react-test-renderer": "^18.3.1",
121121
"redux-mock-store": "^1.5.4"
122+
},
123+
"overrides": {
124+
"axios": "^1.15.0"
122125
}
123126
}

0 commit comments

Comments
 (0)