From 8e98339954ac424f01ced93ade1fc4ee0eef0d04 Mon Sep 17 00:00:00 2001
From: Ryan Whitworth <rwhitworth@a16z.com>
Date: Fri, 27 Mar 2026 15:48:04 -0400
Subject: [PATCH] fix: add npm overrides for form-data to remediate
 CVE-2025-7783

Adds npm overrides to ensure all transitive form-data dependencies
resolve to patched versions (>=2.5.4 for 2.x, >=3.0.4 for 3.x,
>=4.0.4 for 4.x), remediating CVE-2025-7783 (CVSS 9.4).
---
 package.json | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/package.json b/package.json
index 077d24e..75177c3 100644
--- a/package.json
+++ b/package.json
@@ -39,5 +39,10 @@
   "homepage": "https://github.com/a16z/a16z-contracts#readme",
   "dependencies": {
     "@openzeppelin/contracts": "^4.7.3"
+  },
+  "overrides": {
+    "form-data@2": ">=2.5.4",
+    "form-data@3": ">=3.0.4",
+    "form-data@4": ">=4.0.4"
   }
 }