xiaojiou176-open
diff --git a/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎apps/dashboard/package.json‎
Lines changed: 2 additions & 1 deletion b/‎apps/dashboard/package.json‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎apps/dashboard/pnpm-lock.yaml‎
Lines changed: 25 additions & 14 deletions b/‎apps/dashboard/pnpm-lock.yaml‎
Lines changed: 25 additions & 14 deletions
diff --git a/‎package.json‎
Lines changed: 2 additions & 1 deletion b/‎package.json‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎pnpm-lock.yaml‎
Lines changed: 10 additions & 10 deletions b/‎pnpm-lock.yaml‎
Lines changed: 10 additions & 10 deletions
@@ -6,6 +6,10 @@ All notable changes to this repository will be documented in this file.
 
 ### Changed
 
+- pinned transitive dashboard security fixes through the maintained pnpm
+  override surfaces so `axios` now resolves to `1.15.0` and `basic-ftp` to
+  `5.2.2` in both the root and dashboard lockfiles, clearing the live
+  Dependabot alert chain without widening into unrelated dependency upgrades
 - added a registry-shaped `manifest.yaml` for the repo-owned
   `cortexpilot-adoption-router` skill inside the coding-agent bundle, then
   synced the distribution contract, skills quickstart, and Codex / Claude Code /
 
@@ -44,7 +44,8 @@
   },
   "pnpm": {
     "overrides": {
-      "basic-ftp": "5.2.0",
+      "axios": "1.15.0",
+      "basic-ftp": "5.2.2",
       "brace-expansion@5": "5.0.5",
       "lodash-es": "4.18.1",
       "minimatch@3": "3.1.4",
 
@@ -148,7 +148,8 @@
   "packageManager": "pnpm@10.22.0+sha512.bf049efe995b28f527fd2b41ae0474ce29186f7edcb3bf545087bd61fbbebb2bf75362d1307fda09c2d288e1e499787ac12d4fcb617a974718a6051f2eee741c",
   "pnpm": {
     "overrides": {
-      "basic-ftp": "5.2.0",
+      "axios": "1.15.0",
+      "basic-ftp": "5.2.2",
       "brace-expansion@5": "5.0.5",
       "cosmiconfig@7.1.0>yaml": "1.10.3",
       "lodash-es": "4.18.1",