fix: add node-forge security override to resolve Dependabot #230 (#6948)

2026-02-15 10:08:41 -06:00 · 2025-12-08 13:34:36 +01:00
parent 7412b32526
commit eb92392ed1
2 changed files with 7 additions and 5 deletions
--- a/package.json
+++ b/package.json
@@ -84,11 +84,12 @@
    },
    "overrides": {
      "axios": ">=1.12.2",
+      "node-forge": ">=1.3.2",
      "tar-fs": "2.1.4",
      "typeorm": ">=0.3.26"
    },
    "comments": {
-      "overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: axios (CVE-2025-58754) - awaiting @boxyhq/saml-jackson update | tar-fs (Dependabot #205) - awaiting upstream dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update"
+      "overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: axios (CVE-2025-58754) - awaiting @boxyhq/saml-jackson update | node-forge (Dependabot #230) - awaiting @boxyhq/saml-jackson update | tar-fs (Dependabot #205) - awaiting upstream dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update"
    }
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -6,6 +6,7 @@ settings:

 overrides:
  axios: '>=1.12.2'
+  node-forge: '>=1.3.2'
  tar-fs: 2.1.4
  typeorm: '>=0.3.26'

@@ -7799,8 +7800,8 @@ packages:
    resolution: {integrity: sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==}
    engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0}

-  node-forge@1.3.1:
-    resolution: {integrity: sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==}
+  node-forge@1.3.3:
+    resolution: {integrity: sha512-rLvcdSyRCyouf6jcOIPe/BgwG/d7hKjzMKOas33/pHEr6gbq18IK9zV7DiPvzsz0oBJPme6qr6H6kGZuI9/DZg==}
    engines: {node: '>= 6.13.0'}

  node-gyp@8.4.1:
@@ -11701,7 +11702,7 @@ snapshots:
      mongodb: 6.16.0(@aws-sdk/credential-providers@3.817.0)(socks@2.8.7)
      mssql: 11.0.1
      mysql2: 3.14.1
-      node-forge: 1.3.1
+      node-forge: 1.3.3
      openid-client: 6.5.0
      pg: 8.16.0
      redis: 4.7.0
@@ -18640,7 +18641,7 @@ snapshots:
      fetch-blob: 3.2.0
      formdata-polyfill: 4.0.10

-  node-forge@1.3.1: {}
+  node-forge@1.3.3: {}

  node-gyp@8.4.1:
    dependencies: