From 2c05c28aa1f71bd099a20cde3e3f9850f77e2201 Mon Sep 17 00:00:00 2001 From: Bill Berry Date: Wed, 27 May 2026 20:17:54 -0700 Subject: [PATCH] fix(build): pin tmp >=0.2.6 to resolve GHSA-ph9p-34f9-6g65 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - add tmp override in package.json to force @vscode/vsce dep onto patched 0.2.6 - regenerate package-lock.json; npm audit now reports 0 vulnerabilities 🔒 - Generated by Copilot --- package-lock.json | 6 +++--- package.json | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index a0c71372d..fe46687b8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7105,9 +7105,9 @@ } }, "node_modules/tmp": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.5.tgz", - "integrity": "sha512-voyz6MApa1rQGUxT3E+BK7/ROe8itEx7vD8/HEvt4xwXucvQ5G5oeEiHkmHZJuBO21RpOf+YYm9MOivj709jow==", + "version": "0.2.6", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.6.tgz", + "integrity": "sha512-5sJPdPjfI5Kx+qbrDesxkglRBxW//g7hCsqspEjwkewGvBMGIKMOTKzLt1hFVJzyadba3lDUN20O9qhvbQUSTA==", "dev": true, "license": "MIT", "engines": { diff --git a/package.json b/package.json index 12e85509a..1f1a83f6e 100644 --- a/package.json +++ b/package.json @@ -74,6 +74,7 @@ "picomatch@^2": "2.3.2", "picomatch@^4": "4.0.4", "smol-toml": "1.6.1", + "tmp": "0.2.6", "undici": "7.24.1", "uuid": "14.0.0", "yaml": "2.8.3",