Jason Woltje 3cc2030446 fix(#377): add pnpm overrides for matrix-bot-sdk transitive vulnerabilities ...

matrix-bot-sdk depends on the deprecated `request` library which pulls
in vulnerable form-data (<2.5.4, critical: unsafe random boundary) and
qs (<6.14.1, high: DoS via memory exhaustion). Add pnpm overrides to
force patched versions since matrix-bot-sdk has no newer release.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-15 12:17:17 -06:00

2.2 KiB

Raw Blame History

View Raw