Pin dependency overrides in package.json and update lockfile by WPISabaGanji · Pull Request #6 · vernamlab/vernamlab.github.io

WPISabaGanji · 2026-06-09T22:48:40Z

Ensure consistent, secure versions of transitive dependencies by pinning specific packages via an overrides section.
Address multiple transitive package updates and potential vulnerabilities by forcing known-good versions for webpack-dev-server and related sub-dependencies.
Regenerate the lockfile to reflect the pinned versions and produce reproducible installs.

Added an overrides section to package.json that pins webpack-dev-server to 5.2.1 and fixes versions for related packages such as open, p-retry, rimraf, webpack-dev-middleware, ws and several others.
Applied additional overrides for a set of transitive dependencies including brace-expansion, on-headers, shell-quote, node-forge, minimatch, picomatch, lodash, serialize-javascript, svgo, fast-uri, js-yaml (for several Docusaurus packages), and npm sub-dependencies like glob/minimatch/tar.
Updated package-lock.json to reflect the pinned versions and multiple upgraded/transitive package versions (for example: webpack-dev-server -> 5.2.1, js-yaml -> 4.1.1, lodash -> 4.17.23, serialize-javascript -> 7.0.4, svgo -> 3.3.3, and others).
Adjusted various package engine and dependency entries as required by the updated versions in the lockfile.

Ran npm install to apply the overrides and regenerate package-lock.json, and the install completed successfully.
Ran npm ci against the updated lockfile to verify a clean install from the lockfile, and it completed successfully.

…ies-dutmmr

fix additional npm security alerts

a40a77b

WPISabaGanji added the codex label Jun 9, 2026 — with ChatGPT Codex Connector

WPISabaGanji added 2 commits June 9, 2026 19:09

rebase security overrides on dev

fa0829a

Merge branch 'dev' into codex/fix-github-security-alerts-in-dependenc…

cebc8b5

…ies-dutmmr

Provide feedback