fix(deps): patch axios DoS and transitive prototype pollution/decompression vulns

Bump axios ^1.13.4→^1.13.5 (GHSA-43fc-jf86-j433). Add pnpm overrides for lodash/lodash-es >=4.17.23 and undici >=6.23.0 to resolve transitive vulnerabilities via chevrotain and discord.js. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-09 13:07:10 -06:00
parent 64077b5169
commit 946d84442a
3 changed files with 29 additions and 33 deletions
--- a/package.json
+++ b/package.json
@@ -56,7 +56,10 @@
  },
  "pnpm": {
    "overrides": {
-      "@isaacs/brace-expansion": ">=5.0.1"
+      "@isaacs/brace-expansion": ">=5.0.1",
+      "lodash": ">=4.17.23",
+      "lodash-es": ">=4.17.23",
+      "undici": ">=6.23.0"
    }
  }
 }