From a7001eb6dabeb6f72511a1b46aec4478d9f59892 Mon Sep 17 00:00:00 2001
From: hicccc77 <98377878+hicccc77@users.noreply.github.com>
Date: Fri, 27 Mar 2026 21:04:44 +0800
Subject: [PATCH] fix(deps): upgrade react-router-dom to 7.13.2 and add pnpm
 overrides for security vulnerabilities

- Upgrade react-router-dom ^7.1.1 -> ^7.13.2
- Add pnpm.overrides to force safe versions of: tar, minimatch, rollup,
  immutable, lodash, ajv, brace-expansion, picomatch
---
 package.json | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 23f453f..3db3b63 100644
--- a/package.json
+++ b/package.json
@@ -38,7 +38,7 @@
     "react": "^19.2.3",
     "react-dom": "^19.2.3",
     "react-markdown": "^10.1.0",
-    "react-router-dom": "^7.1.1",
+    "react-router-dom": "^7.13.2",
     "react-virtuoso": "^4.18.1",
     "remark-gfm": "^4.0.1",
     "sherpa-onnx-node": "^1.10.38",
@@ -61,6 +61,18 @@
     "vite-plugin-electron": "^0.28.8",
     "vite-plugin-electron-renderer": "^0.14.6"
   },
+  "pnpm": {
+    "overrides": {
+      "tar": ">=6.2.1",
+      "minimatch": ">=3.1.2",
+      "rollup": ">=4.0.0",
+      "immutable": ">=4.0.0",
+      "lodash": ">=4.17.21",
+      "ajv": ">=6.12.3",
+      "brace-expansion": ">=1.1.11",
+      "picomatch": ">=2.3.1"
+    }
+  },
   "build": {
     "appId": "com.WeFlow.app",
     "publish": {