Skip to content

Commit 1830341

Browse files
dialmasterdialmaster
committed
fix: patch form-data security vuln (CVE-2025-7783)
- Add npm override to upgrade jsdom's form-data dependency from 3.0.1 to 3.0.4 - CVE-2025-7783: form-data <3.0.4 uses predictable Math.random() for multipart boundaries - Targeted override preserves axios's form-data 4.x while patching jsdom's 3.x dependency - Regenerate client and root package-lock.json files
1 parent e7dc6e9 commit 1830341

File tree

3 files changed

+2768
-9553
lines changed

3 files changed

+2768
-9553
lines changed

client/package-lock.json

Lines changed: 6 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

client/package.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,5 +62,10 @@
6262
"src/**/*.{ts,tsx,js,jsx}",
6363
"!src/types/**"
6464
]
65+
},
66+
"overrides": {
67+
"jsdom": {
68+
"form-data": "^3.0.4"
69+
}
6570
}
6671
}

0 commit comments

Comments
 (0)