From c4ae860d8e01f707d10f6b646ee642b04b77a5d3 Mon Sep 17 00:00:00 2001
From: avinash-bharti <avinash.b@browserstack.com>
Date: Fri, 17 Apr 2026 14:50:19 +0530
Subject: [PATCH] fix: add axios override to patch SSRF vulnerability
 (APS-18720)

Adds npm override for axios >=1.15.0 to fix GHSA-3p68-rc4w-qgx5
(NO_PROXY hostname normalization bypass leads to SSRF).
The package is a transitive dev dependency.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 package.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 4fa3ff7..1b16906 100644
--- a/package.json
+++ b/package.json
@@ -29,6 +29,7 @@
     "dotenv": "^16.0.0"
   },
   "overrides": {
-    "serialize-javascript": ">=7.0.3"
+    "serialize-javascript": ">=7.0.3",
+    "axios": ">=1.15.0"
   }
 }