fix: override yauzl to 3.2.1 to resolve moderate vulnerability

yauzl <3.2.1 has an off-by-one error (GHSA-gmq8-994r-jv83). Transitive dependency via puppeteer → @puppeteer/browsers → extract-zip. npm overrides pins yauzl@3.2.1 without changing puppeteer version. npm audit now reports 0 vulnerabilities.
2026-03-14 08:02:50 +01:00 · 2026-03-14 08:02:50 +01:00 · 14181d17a7
commit 14181d17a7
parent 8f70a32f77
2 changed files with 11 additions and 14 deletions
--- a/package.json
+++ b/package.json
@ -41,5 +41,8 @@
    "typescript": "^5.9.3",
    "vitest": "^4.1.0"
  },
-  "type": "module"
+  "type": "module",
+  "overrides": {
+    "yauzl": "3.2.1"
+  }
 }