i-am-bee · JanPokorny · Mar 9, 2026 · Mar 6, 2026 · Mar 9, 2026 · gemini-code-assist
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
@@ -2,6 +2,9 @@ overrides:
   # Fix CVE-2024-45296 / GHSA-9wv6-86v2-598j: path-to-regexp ReDoS vulnerability
   # Transitive via mintlify -> @mintlify/previewing -> express@4.18.2
   "path-to-regexp@<0.1.10": "0.1.10"
+  # Fix CVE-2026-25639 / GHSA-43fc-jf86-j433: axios DoS via __proto__ in mergeConfig
+  # Transitive via mintlify -> @mintlify/models
+  "axios@>=1.0.0 <=1.13.4": "1.13.5"
   # Fix CVE-2026-29074 / GHSA-xpqw-6gx7-v673: SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)
   # Transitive via @svgr/webpack -> @svgr/plugin-svgo -> svgo
   "svgo@>=3.0.0 <3.3.3": "3.3.3"