From 9ed0daaf8cdf05854a05c7de7d24e2df95c17a1d Mon Sep 17 00:00:00 2001
From: David Skewis <david@zitadel.com>
Date: Fri, 8 Aug 2025 17:10:12 +0100
Subject: [PATCH] fix: add form-data override (#10419)

# Which Problems Are Solved

- form-data Math.random() vulnerability

# How the Problems Are Solved

- Overrides the form-data usage in pnpm to a patched version

# Additional Context

CVE ID: https://github.com/advisories/GHSA-fjxv-7rqg-78g4
GHSA ID: https://github.com/advisories/GHSA-fjxv-7rqg-78g4
---
 apps/login/package.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/apps/login/package.json b/apps/login/package.json
index 84c9ce5907..7176647722 100644
--- a/apps/login/package.json
+++ b/apps/login/package.json
@@ -20,6 +20,11 @@
     "test:acceptance:setup": "cd ../.. && make login_test_acceptance_setup_env && NODE_ENV=test turbo run test:acceptance:setup:dev",
     "test:acceptance:setup:dev": "cd ../.. && make login_test_acceptance_setup_dev"
   },
+  "pnpm": {
+    "overrides": {
+      "form-data@>=4.0.0 <4.0.4": ">=4.0.4"
+    }
+  },
   "git": {
     "pre-commit": "lint-staged"
   },