Context
A temporary root pnpm.overrides pin was added to force minimatch to a patched version (10.2.2) and unblock CI audit-gate checks (advisory 1113371).
Goal
Remove the temporary override once direct/transitive dependencies have upgraded naturally and CI remains green without forced pinning.
Scope
- Audit current dependency graph for
minimatch consumers
- Remove root override from
package.json
- Regenerate lockfile
- Verify
scripts/security/audit-gate.mjs passes in CI
Acceptance Criteria
package.json no longer contains the temporary minimatch overridepnpm-lock.yaml resolves only patched minimatch versions via upstream dependency ranges- CI
Test job passes audit-gate with no allowlist additions
Notes
Do not merge this cleanup until all active PRs that currently depend on the pin are merged or rebased safely.
Context
A temporary root
pnpm.overridespin was added to forceminimatchto a patched version (10.2.2) and unblock CI audit-gate checks (advisory1113371).Goal
Remove the temporary override once direct/transitive dependencies have upgraded naturally and CI remains green without forced pinning.
Scope
minimatchconsumerspackage.jsonscripts/security/audit-gate.mjspasses in CIAcceptance Criteria
package.jsonno longer contains the temporaryminimatchoverridepnpm-lock.yamlresolves only patchedminimatchversions via upstream dependency rangesTestjob passes audit-gate with no allowlist additionsNotes
Do not merge this cleanup until all active PRs that currently depend on the pin are merged or rebased safely.