Commit 18c2345
Reconcile package.json with package-lock.json for npm ci
The v5.x lockfile carried newer versions than package.json declared —
a desync that lockless `yarn` never validated but `npm ci` (now used by
the lint job) rejects:
- @types/node: package.json 25.9.1 vs lock 25.9.2
- tmp: package.json 0.2.6 vs lock 0.2.7
Align package.json up to the already-locked versions rather than down:
tmp 0.2.6 carries a High-severity advisory (GHSA-7c78-jf6q-g5cm) and the
lock was already advanced to the fixed 0.2.7. This changes nothing about
what gets installed; it only makes the manifest honest. Regenerating the
lockfile also drops the stale root `hasInstallScript` flag (the install
script was removed in #363) and realigns the eslint-plugin-n / semver
range mirrors with package.json.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent 9356084 commit 18c2345
2 files changed
Lines changed: 4 additions & 5 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
42 | 42 | | |
43 | 43 | | |
44 | 44 | | |
45 | | - | |
| 45 | + | |
46 | 46 | | |
47 | 47 | | |
48 | 48 | | |
| |||
58 | 58 | | |
59 | 59 | | |
60 | 60 | | |
61 | | - | |
| 61 | + | |
62 | 62 | | |
63 | 63 | | |
64 | 64 | | |
| |||
0 commit comments