fix(#377): add pnpm overrides for matrix-bot-sdk transitive vulnerabilities

matrix-bot-sdk depends on the deprecated `request` library which pulls in vulnerable form-data (<2.5.4, critical: unsafe random boundary) and qs (<6.14.1, high: DoS via memory exhaustion). Add pnpm overrides to force patched versions since matrix-bot-sdk has no newer release. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-15 12:17:17 -06:00
parent eca2c46e9d
commit 3cc2030446
2 changed files with 6 additions and 18 deletions
--- a/package.json
+++ b/package.json
@@ -57,8 +57,10 @@
  "pnpm": {
    "overrides": {
      "@isaacs/brace-expansion": ">=5.0.1",
+      "form-data": ">=2.5.4",
      "lodash": ">=4.17.23",
      "lodash-es": ">=4.17.23",
+      "qs": ">=6.14.1",
      "undici": ">=6.23.0"
    }
  }