From 44323c980d488263cf7da5fb90bc0edcebccb6ce Mon Sep 17 00:00:00 2001
From: BAS-More <avi@basnmore.com.au>
Date: Mon, 13 Apr 2026 15:42:02 +1000
Subject: [PATCH] security: add npm overrides for vulnerable transitive
 dependencies

Pins node-forge>=1.4.0, flatted>=3.3.3, picomatch>=4.0.3,
lodash>=4.17.22, brace-expansion>=2.0.2 via package.json overrides
to resolve Dependabot alerts downstream in BAS-More/RuView.

Co-Authored-By: claude-flow <ruv@ruv.net>
---
 npm/package.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/npm/package.json b/npm/package.json
index c7202b846..80ae1eee3 100644
--- a/npm/package.json
+++ b/npm/package.json
@@ -28,5 +28,12 @@
   "engines": {
     "node": ">=18.0.0",
     "npm": ">=9.0.0"
+  },
+  "overrides": {
+    "node-forge": ">=1.4.0",
+    "flatted": ">=3.3.3",
+    "picomatch": ">=4.0.3",
+    "lodash": ">=4.17.22",
+    "brace-expansion": ">=2.0.2"
   }
 }