From 40949dd3b53353250fe8d49d3f7935d3718c8e7d Mon Sep 17 00:00:00 2001
From: Chris Farhood <chris@farhood.org>
Date: Sun, 3 May 2026 22:47:14 +0000
Subject: [PATCH] fix: drop bogus direct lodash devDependency that conflicted
 with override

The rebase added "lodash": "4.18.1" as a direct devDependency alongside
the >=4.18.0 override, which npm rejects with EOVERRIDE during the
headlamp-plugin build step. The plugin source does not import lodash;
the override alone is sufficient to patch the transitive CVE.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 pnpm-lock.yaml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index bc0b934..6a1bd54 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -38,9 +38,6 @@ importers:
       jsdom:
         specifier: ^24.0.0
         version: 24.1.3
-      lodash:
-        specifier: 4.18.1
-        version: 4.18.1
       notistack:
         specifier: ^3.0.0
         version: 3.0.2(csstype@3.2.3)(react-dom@18.3.1(react@18.3.1))(react@18.3.1)