fix: upgrade axios and tar-fs to resolve dependabot issues (#6655)

2026-04-22 11:29:22 -05:00 · 2025-10-06 22:27:24 -07:00
parent c5e31d14d1
commit b11fbd9f95
2 changed files with 19 additions and 8 deletions
@@ -76,6 +76,13 @@
  "pnpm": {
    "patchedDependencies": {
      "next-auth@4.24.11": "patches/next-auth@4.24.11.patch"
+    },
+    "overrides": {
+      "axios": ">=1.12.2",
+      "tar-fs": "2.1.4"
+    },
+    "comments": {
+      "overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: axios (CVE-2025-58754) - awaiting @boxyhq/saml-jackson update | tar-fs (Dependabot #205) - awaiting upstream dependency updates"
    }
  }
 }
@@ -4,6 +4,10 @@ settings:
  autoInstallPeers: true
  excludeLinksFromLockfile: false

+overrides:
+  axios: '>=1.12.2'
+  tar-fs: 2.1.4
+
 patchedDependencies:
  next-auth@4.24.11:
    hash: bdy3m55bopfzpysceipfxj5eei
@@ -5169,8 +5173,8 @@ packages:
    resolution: {integrity: sha512-Xm7bpRXnDSX2YE2YFfBk2FnF0ep6tmG7xPh8iHee8MIcrgq762Nkce856dYtJYLkuIoYZvGfTs/PbZhideTcEg==}
    engines: {node: '>=4'}

-  axios@1.9.0:
-    resolution: {integrity: sha512-re4CqKTJaURpzbLHtIi6XpDv20/CnpXOtjRY5/CU32L8gU8ek9UIivcfvSWvmKEngmVbrUtPpdDwWDWL7DNHvg==}
+  axios@1.12.2:
+    resolution: {integrity: sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==}

  axobject-query@4.1.0:
    resolution: {integrity: sha512-qIj0G9wZbMGNLjLmg1PT6v2mE9AH2zlnADJD/2tC6E00hgmhUOfEB6greHPAfLRSufHqROIUTkw6E+M3lH0PTQ==}
@@ -9106,8 +9110,8 @@ packages:
    resolution: {integrity: sha512-Re10+NauLTMCudc7T5WLFLAwDhQ0JWdrMK+9B2M8zR5hRExKmsRDCBA7/aV/pNJFltmBFO5BAMlQFi/vq3nKOg==}
    engines: {node: '>=6'}

-  tar-fs@2.1.3:
-    resolution: {integrity: sha512-090nwYJDmlhwFwEW3QQl+vaNnxsO2yVsd45eTKRBzSzu+hlb1w2K9inVq5b0ngXuLVqQ4ApvsUHHnu/zQNkWAg==}
+  tar-fs@2.1.4:
+    resolution: {integrity: sha512-mDAjwmZdh7LTT6pNleZ05Yt65HC3E+NiQzl672vQG38jIrehtJk/J3mNwIg+vShQPcLF/LV7CMnDW6vjj6sfYQ==}

  tar-stream@2.2.0:
    resolution: {integrity: sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==}
@@ -11262,7 +11266,7 @@ snapshots:
      '@boxyhq/saml20': 1.12.1
      '@googleapis/admin': 23.5.0(encoding@0.1.13)
      '@libsql/sqlite3': 0.3.1(encoding@0.1.13)
-      axios: 1.9.0
+      axios: 1.12.2
      encoding: 0.1.13
      ipaddr.js: 2.2.0
      jose: 6.0.11
@@ -15502,7 +15506,7 @@ snapshots:

  axe-core@4.10.3: {}

-  axios@1.9.0:
+  axios@1.12.2:
    dependencies:
      follow-redirects: 1.15.9
      form-data: 4.0.4
@@ -18749,7 +18753,7 @@ snapshots:
      pump: 3.0.3
      rc: 1.2.8
      simple-get: 4.0.1
-      tar-fs: 2.1.3
+      tar-fs: 2.1.4
      tunnel-agent: 0.6.0

  prelude-ls@1.2.1: {}
@@ -19882,7 +19886,7 @@ snapshots:

  tapable@2.2.2: {}

-  tar-fs@2.1.3:
+  tar-fs@2.1.4:
    dependencies:
      chownr: 1.1.4
      mkdirp-classic: 0.5.3