fix: override lodash >=4.18.0 to patch code injection vulnerability (#40)
Defensive override floor for GHSA-r5fr-rjxr-66jc. Main already resolves lodash@4.18.1 transitively, so override prevents future regressions. CI green on 1d65d51. Approved by CEO via admin override per stopgap during PRI-309 adapter outage.
This commit was merged in pull request #40.
This commit is contained in:
committed by
GitHub
parent
8e9b2c2645
commit
dd2d942d39
@@ -32,6 +32,7 @@
|
|||||||
"overrides": {
|
"overrides": {
|
||||||
"tar": "^7.5.11",
|
"tar": "^7.5.11",
|
||||||
"undici": "^7.24.3",
|
"undici": "^7.24.3",
|
||||||
|
"lodash": ">=4.18.0",
|
||||||
"vite": ">=6.4.2"
|
"vite": ">=6.4.2"
|
||||||
},
|
},
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
|
|||||||
Generated
+403
-403
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user