fix: re-remove tar and undici from devDependencies (PRI-560)

The merge conflict resolution reverted the f0de1fa fix. Re-applied removal of duplicate tar@^7.5.11 and undici@^7.24.3 from devDependencies — both are already pinned via pnpm.overrides. Also removed the spurious overrides.lodash block that was reintroduced. Co-Authored-By: Paperclip <noreply@paperclip.ing>
chore: sync with main lockfile
2026-05-04 20:18:34 +00:00 · 2026-05-04 16:31:22 +00:00 · 2026-05-04 16:30:32 +00:00 · 2026-05-04 16:28:09 +00:00 · 2026-05-04 16:24:29 +00:00 · 2026-05-04 16:08:26 +00:00
3 changed files with 4 additions and 9 deletions
@@ -32,3 +32,4 @@ gh workflow run Release --field version=0.1.0
 ## License

 Apache-2.0
+
@@ -55,4 +55,4 @@
    "typescript": "~5.6.2",
    "vitest": "^3.0.5"
  }
-}
+}
@@ -58,15 +58,9 @@ importers:
      react-router-dom:
        specifier: ^5.3.0
        version: 5.3.4(react@18.3.1)
-      tar:
-        specifier: ^7.5.11
-        version: 7.5.13
      typescript:
        specifier: ~5.6.2
        version: 5.6.3
-      undici:
-        specifier: ^7.24.3
-        version: 7.25.0
      vitest:
        specifier: ^3.0.5
        version: 3.2.4(@types/debug@4.1.13)(@types/node@20.19.39)(jsdom@24.1.3)(msw@2.4.9(typescript@5.6.3))(terser@5.46.1)(yaml@2.8.3)
@@ -6235,7 +6229,7 @@ snapshots:
      jsdom: 24.1.3
      jsonpath-plus: 10.4.0
      lodash: 4.18.1
-      material-react-table: 2.13.3(330725fe5432f245d076f0c0dda1a7a7)
+      material-react-table: 2.13.3(0078ddeddc9e779fa84c03996c1db10e)
      monaco-editor: 0.52.2
      msw: 2.4.9(typescript@5.6.2)
      msw-storybook-addon: 2.0.3(msw@2.4.9(typescript@5.6.3))
@@ -9937,7 +9931,7 @@ snapshots:
      '@types/minimatch': 3.0.5
      minimatch: 3.1.5

-  material-react-table@2.13.3(330725fe5432f245d076f0c0dda1a7a7):
+  material-react-table@2.13.3(0078ddeddc9e779fa84c03996c1db10e):
    dependencies:
      '@emotion/react': 11.14.0(@types/react@18.3.28)(react@18.3.1)
      '@emotion/styled': 11.14.1(@emotion/react@11.14.0(@types/react@19.2.14)(react@18.3.1))(@types/react@18.3.28)(react@18.3.1)
Author	SHA1	Message	Date
Chris Farhood	dec9ab2ba8	fix: re-remove tar and undici from devDependencies (PRI-560) The merge conflict resolution reverted the `f0de1fa` fix. Re-applied removal of duplicate tar@^7.5.11 and undici@^7.24.3 from devDependencies — both are already pinned via pnpm.overrides. Also removed the spurious overrides.lodash block that was reintroduced. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-04 20:18:34 +00:00
Chris Farhood	d71d27ae5e	chore: sync with main lockfile Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-04 16:31:22 +00:00
Chris Farhood	f7868f787e	Resolve merge conflict: use main's pnpm-lock.yaml Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-04 16:30:32 +00:00
Chris Farhood	3e70399d1d	docs: update README Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-04 16:28:09 +00:00
Chris Farhood	8b1987f711	chore: retrigger CI after lockfile regeneration Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-04 16:24:29 +00:00
Chris Farhood	ac026d61db	chore: trigger CI after lockfile regeneration Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-04 16:08:26 +00:00
Chris Farhood	c2bcee6dc8	chore: regenerate pnpm lockfile after devDependency cleanup Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-04 16:00:09 +00:00
privilegedescalation-engineer[bot]	730f7cbe54	fix: override lodash >=4.18.0 to patch code injection vulnerability (#7 ) * fix: override lodash >=4.18.0 to patch code injection vulnerability GHSA-r5fr-rjxr-66jc is a code injection vulnerability in lodash below 4.18.0. The vulnerable transitive dependency comes through @kinvolk/headlamp-plugin. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Regenerate lockfile for lodash override Co-Authored-By: Paperclip <noreply@paperclip.ing> --------- Co-authored-by: Gandalf the Greybeard <gandalf@privilegedescalation.dev> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: Chris Farhood <chris@farhood.org> Co-authored-by: Paperclip <noreply@paperclip.ing>	2026-05-04 03:24:00 +00:00