From 1adb08cccad7c086dfd26060c26a670f98020085 Mon Sep 17 00:00:00 2001
From: Chris Farhood <chris@farhood.org>
Date: Tue, 5 May 2026 14:16:05 +0000
Subject: [PATCH] fix: add elliptic override as safeguard for
 GHSA-848j-6mx2-7j84

Clarify PR title and add inline comment explaining:
- No patched version exists yet
- Override is a forward-looking safeguard
- Will auto-resolve when upstream publishes 6.6.2+

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 package.json | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/package.json b/package.json
index 0f29a95..9147919 100644
--- a/package.json
+++ b/package.json
@@ -40,6 +40,8 @@
     "vite-plugin-svgr": "^4.5.0",
     "vitest": "^3.0.5"
   },
+  // Override for GHSA-848j-6mx2-7j84 (transitive via vite-plugin-node-polyfills → crypto-browserify → browserify-sign → elliptic).
+  // No patched version exists yet; this is a forward-looking safeguard that auto-resolves when upstream publishes 6.6.2+.
   "pnpm": {
     "overrides": {
       "elliptic": ">=6.6.1"