allowBuilds: esbuild: true sharp: true unrs-resolver: true # Force any vulnerable transitive postcss (pulled in by next) up to a patched # release — fixes GHSA-qx2v-qp2m-jg93 / CVE-2026-41305 (vulnerable < 8.5.10). overrides: 'postcss@<8.5.10': '^8.5.15' minimumReleaseAgeExclude: - '@mermaid-js/parser@1.2.0' - mermaid@11.16.0