Commit d58a65d
π€π΅ fix: Resolve open Dependabot vulnerabilities for tar and lodash
Remove @yarnpkg/pnpify and @yarnpkg/sdks to eliminate @yarnpkg/core β tar@6 chain.
Upgrade mocha to v11 (drops chokidar@3 β fsevents β node-gyp β tar@6).
Update lodash to 4.17.23.
Fixes: CVE-2026-26960, CVE-2026-24842, CVE-2026-23950, CVE-2026-23745, CVE-2025-13465
Co-authored-by: Cursor <cursoragent@cursor.com>1 parent 811998b commit d58a65d
4 files changed
+1454
-3374
lines changed
0 commit comments