From 90cae146218b0b16f629d069e02e86220e7de7b4 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 27 May 2026 13:36:57 +0000
Subject: [PATCH] chore(deps): bump tmp to >=0.2.6 via overrides
 (GHSA-ph9p-34f9-6g65)

Add npm overrides to force tmp to >=0.2.6, patching the path traversal
vulnerability CVE-2026-44705 / GHSA-ph9p-34f9-6g65. The tmp package is
a transitive dependency of nx (which requires tmp@~0.2.1). Since nx's
range already satisfies 0.2.6, the override ensures the lockfile resolves
to the patched version.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 package-lock.json | 14 +++++++-------
 package.json      |  3 +++
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b49637e2..54d1807e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -26775,9 +26775,9 @@
       }
     },
     "node_modules/tmp": {
-      "version": "0.2.5",
-      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.5.tgz",
-      "integrity": "sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==",
+      "version": "0.2.6",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.6.tgz",
+      "integrity": "sha512-5sJPdPjfI5Kx+qbrDesxkglRBxW//g7hCsqspEjwkewGvBMGIKMOTKzLt1hFVJzyadba3lDUN20O9qhvbQUSTA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -48703,7 +48703,7 @@
         "smol-toml": "1.6.1",
         "string-width": "^4.2.3",
         "tar-stream": "~2.2.0",
-        "tmp": "~0.2.1",
+        "tmp": ">=0.2.6",
         "tree-kill": "^1.2.2",
         "tsconfig-paths": "^4.1.2",
         "tslib": "^2.3.0",
@@ -51987,9 +51987,9 @@
       }
     },
     "tmp": {
-      "version": "0.2.5",
-      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.5.tgz",
-      "integrity": "sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==",
+      "version": "0.2.6",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.6.tgz",
+      "integrity": "sha512-5sJPdPjfI5Kx+qbrDesxkglRBxW//g7hCsqspEjwkewGvBMGIKMOTKzLt1hFVJzyadba3lDUN20O9qhvbQUSTA==",
       "dev": true
     },
     "to-buffer": {
diff --git a/package.json b/package.json
index 2a1f7b08..cd5827bc 100644
--- a/package.json
+++ b/package.json
@@ -51,5 +51,8 @@
     "depcheck": "^1.4.7",
     "husky": "^9.1.7",
     "lerna": "^9.0.7"
+  },
+  "overrides": {
+    "tmp": ">=0.2.6"
   }
 }