From 4c237bf4f24496b3e9f27b05574c56960f145434 Mon Sep 17 00:00:00 2001
From: Jose Ignacio Palma <ignacio.palma@edunext.co>
Date: Tue, 16 Jun 2026 01:06:25 -0400
Subject: [PATCH] fix: add npm override for axios to address CVE-2025-58754

Axios versions prior to 1.9.1 are vulnerable to Denial of Service via
massive data schemas (CVE-2025-58754). The vulnerable version is pulled
as a transitive dependency from @edx/frontend-platform.

Adding an npm override forces resolution to a patched version without
changing the frontend-platform version, avoiding breaking changes.
---
 package.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package.json b/package.json
index 32efb0a25..261e8aa79 100755
--- a/package.json
+++ b/package.json
@@ -82,5 +82,8 @@
     "react-dev-utils": "^12.0.0",
     "react-test-renderer": "^18.3.1",
     "redux-mock-store": "^1.5.4"
+  },
+  "overrides": {
+    "axios": "^1.9.1"
   }
 }