From b11849b4c1902488d0a675d35251032c3944c7b5 Mon Sep 17 00:00:00 2001
From: Naomi Most <naomi@nthmost.com>
Date: Fri, 27 Feb 2026 13:00:36 -0800
Subject: [PATCH] Bump undici and add overrides for vulnerable transitive deps

- Bump undici ^7.16.0 -> ^7.17.0 (GHSA-g9mf-h72j-4rw9)
- Add npm overrides for transitive vulnerabilities:
  - minimatch >=3.1.4 (GHSA-23c5-xmqv-rm74, GHSA-3ppc-4f35-3m26, GHSA-7r86-cg39-jmmj)
  - glob >=10.5.0 (GHSA-5j98-mcp5-4vw2)
  - js-yaml >=3.14.2 (GHSA-mh29-5h37-fv8m)
  - markdown-it >=14.1.1 (GHSA-38c4-r59v-3vqw)
  - ajv >=6.14.0 (GHSA-2g4f-4pwh-qvx6)

Refs #107, #108, #109, #110, #111, #113, #114
---
 package.json | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 3121f166..ffd88023 100644
--- a/package.json
+++ b/package.json
@@ -75,7 +75,14 @@
     "uuid": "^9.0.0"
   },
   "optionalDependencies": {
-    "undici": "^7.16.0"
+    "undici": "^7.17.0"
+  },
+  "overrides": {
+    "minimatch": ">=3.1.4",
+    "glob": ">=10.5.0",
+    "js-yaml": ">=3.14.2",
+    "markdown-it": ">=14.1.1",
+    "ajv": ">=6.14.0"
   },
   "tsup": {
     "target": "node18",