fix(deps): override rollup to >=4.59.0 for CVE-2025-XXXXX

Rollup 4.57.0 has arbitrary file write via path traversal (GHSA-mw96-cpmx-2vgc). Added pnpm override to force >=4.59.0. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 19:08:36 -06:00
parent 0c40630aa0
commit bf213de374
2 changed files with 118 additions and 127 deletions
--- a/package.json
+++ b/package.json
@@ -71,7 +71,8 @@
      "request": "npm:@cypress/request@3.0.10",
      "qs": ">=6.15.0",
      "tough-cookie": ">=4.1.3",
-      "undici": ">=6.23.0"
+      "undici": ">=6.23.0",
+      "rollup": ">=4.59.0"
    }
  }
 }