fix: add axios override to patch SSRF vulnerability (APS-18720)

avinash-bharti · claude · avinash-bharti · commit 5d15171ef1bf · 2026-04-16T19:30:37.000+05:30
Adds npm override for axios >=1.15.0 to fix GHSA-3p68-rc4w-qgx5 (NO_PROXY hostname normalization bypass leads to SSRF). The package is a transitive dev dependency. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/package.json b/package.json
@@ -20,12 +20,16 @@
   },
   "homepage": "https://github.com/browserstack/codecept-js-playwright-browserstack#readme",
   "devDependencies": {
-    "browserstack-node-sdk": "latest",
+    "browserstack-node-sdk": "^1.22.0",
     "codeceptjs": "^3.2.3",
     "playwright": "^1.41.2"
   },
   "dependencies": {
     "browserstack-local": "^1.5.2",
     "dotenv": "^16.0.0"
+  },
+  "overrides": {
+    "serialize-javascript": ">=7.0.3",
+    "axios": ">=1.15.0"
   }
 }
