ci: re-trigger checks

Remove ineffective elliptic pnpm.overrides entry
The override "elliptic": ">=6.6.1" was added in PR #26 to address GHSA-848j-6mx2-7j84 (CVE-2025-14505), but it is a no-op because elliptic@6.6.1 IS the vulnerable version and no patched version exists. No upstream fix is available — elliptic@6.6.1 is the latest release. CTO decision: remove the no-op override, accept residual build-time risk. Dependency is build-time only and not shipped to production. Ref: PRI-1758, PRI-923
2026-05-31 00:14:04 +00:00 · 2026-05-30 23:53:40 +00:00
2 changed files with 1 additions and 3 deletions
@@ -33,8 +33,7 @@
    "overrides": {
      "tar": "^7.5.11",
      "undici": "^7.24.3",
-      "flatted": "^3.4.2",
-      "elliptic": ">=6.6.1"
+      "flatted": "^3.4.2"
    }
  },
  "devDependencies": {
@@ -8,7 +8,6 @@ overrides:
  tar: ^7.5.11
  undici: ^7.24.3
  flatted: ^3.4.2
-  elliptic: '>=6.6.1'

 importers:
Author	SHA1	Message	Date
Chris Farhood	42d14ad238	ci: re-trigger checks CI / ci (pull_request) Failing after 1m10s Details CI / ci (push) Failing after 1m13s Details Promotion Gate / Promotion Gate (pull_request) Failing after 4m4s Details	2026-05-31 00:14:04 +00:00
Gandalf the Greybeard	5986026abd	Remove ineffective elliptic pnpm.overrides entry CI / ci (pull_request) Failing after 1m13s Details Promotion Gate / Promotion Gate (pull_request) Failing after 4m4s Details CI / ci (push) Failing after 10m54s Details Promotion Gate / Promotion Gate (pull_request_review) Failing after 4m1s Details The override "elliptic": ">=6.6.1" was added in PR #26 to address GHSA-848j-6mx2-7j84 (CVE-2025-14505), but it is a no-op because elliptic@6.6.1 IS the vulnerable version and no patched version exists. No upstream fix is available — elliptic@6.6.1 is the latest release. CTO decision: remove the no-op override, accept residual build-time risk. Dependency is build-time only and not shipped to production. Ref: PRI-1758, PRI-923	2026-05-30 23:53:40 +00:00