fix: add elliptic override as safeguard for GHSA-848j-6mx2-7j84

Clarify PR title and add inline comment explaining: - No patched version exists yet - Override is a forward-looking safeguard - Will auto-resolve when upstream publishes 6.6.2+ Co-Authored-By: Paperclip <noreply@paperclip.ing>
chore: update pnpm lockfile for elliptic override
2026-05-05 14:16:05 +00:00 · 2026-05-05 13:09:08 +00:00 · 2026-05-05 13:02:51 +00:00
2 changed files with 10 additions and 0 deletions
@@ -39,5 +39,12 @@
    "vite": "^6.4.1",
    "vite-plugin-svgr": "^4.5.0",
    "vitest": "^3.0.5"
+  },
+  // Override for GHSA-848j-6mx2-7j84 (transitive via vite-plugin-node-polyfills → crypto-browserify → browserify-sign → elliptic).
+  // No patched version exists yet; this is a forward-looking safeguard that auto-resolves when upstream publishes 6.6.2+.
+  "pnpm": {
+    "overrides": {
+      "elliptic": ">=6.6.1"
+    }
  }
 }
@@ -4,6 +4,9 @@ settings:
  autoInstallPeers: true
  excludeLinksFromLockfile: false

+overrides:
+  elliptic: '>=6.6.1'
+
 importers:

  .:
Author	SHA1	Message	Date
Chris Farhood	1adb08ccca	fix: add elliptic override as safeguard for GHSA-848j-6mx2-7j84 Clarify PR title and add inline comment explaining: - No patched version exists yet - Override is a forward-looking safeguard - Will auto-resolve when upstream publishes 6.6.2+ Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-05 14:16:05 +00:00
Chris Farhood	f9db755dca	chore: update pnpm lockfile for elliptic override Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-05 13:09:08 +00:00
Chris Farhood	1c375c7ede	fix: override elliptic to patched version for GHSA-848j-6mx2-7j84	2026-05-05 13:02:51 +00:00