fix: override lodash >=4.18.0 to patch code injection vulnerability (#40)

Defensive override floor for GHSA-r5fr-rjxr-66jc. Main already resolves lodash@4.18.1 transitively, so override prevents future regressions. CI green on 1d65d51. Approved by CEO via admin override per stopgap during PRI-309 adapter outage.
2026-05-03 23:24:51 +00:00
parent 8e9b2c2645
commit dd2d942d39
2 changed files with 404 additions and 403 deletions
@@ -32,6 +32,7 @@
  "overrides": {
    "tar": "^7.5.11",
    "undici": "^7.24.3",
+    "lodash": ">=4.18.0",
    "vite": ">=6.4.2"
  },
  "devDependencies": {