Fix high-severity undici vulnerability via pnpm override

Override undici to >=7.24.0 to resolve GHSA-v9p9-hfj2-hcw8 (WebSocket 64-bit length overflow). The vulnerable version was pulled in transitively via jsdom@28.1.0. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-14 11:13:11 +01:00
parent 63e233bd8d
commit c75d148d1e
3 changed files with 12 additions and 540 deletions
--- a/package.json
+++ b/package.json
@@ -1,6 +1,11 @@
 {
 	"private": true,
 	"packageManager": "pnpm@10.6.0",
+	"pnpm": {
+		"overrides": {
+			"undici": ">=7.24.0"
+		}
+	},
 	"devDependencies": {
 		"@biomejs/biome": "2.0.0",
 		"@vitest/coverage-v8": "^3.2.4",