fix: add tar and undici as direct devDeps for Dependabot resolution #68

Merged

ghost merged 1 commits from fix/dependabot-security-resolution into main

2026-03-18 23:54:21 +00:00

Author	SHA1	Message	Date
Gandalf the Greybeard	3a5e905214	fix: add tar and undici as direct devDependencies for Dependabot resolution Dependabot security update runs are failing because it cannot resolve patched versions of tar (>=7.5.11) and undici (>=7.24.0) through transitive dependency chains. While npm overrides already mitigate the vulnerabilities locally, Dependabot's resolver doesn't honor overrides. Adding these as explicit devDependencies lets Dependabot see and resolve the patched versions directly. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-03-18 23:51:56 +00:00

Author

SHA1

Message

Date

Gandalf the Greybeard

3a5e905214

fix: add tar and undici as direct devDependencies for Dependabot resolution

Dependabot security update runs are failing because it cannot resolve
patched versions of tar (>=7.5.11) and undici (>=7.24.0) through
transitive dependency chains. While npm overrides already mitigate the
vulnerabilities locally, Dependabot's resolver doesn't honor overrides.

Adding these as explicit devDependencies lets Dependabot see and
resolve the patched versions directly.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-18 23:51:56 +00:00

fix: add tar and undici as direct devDeps for Dependabot resolution #68

1 Commits