From 0e1ab75f2650a26e0ba0a96c887db2ddd52be9dc Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Thu, 30 Apr 2026 11:19:17 +0000
Subject: [PATCH] chore(security): patch 0 Dependabot alerts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Remove redundant resolutions in package.json:
- lodash: ^4.18.0 (natural resolution from @semantic-release/* satisfies >=4.18.0)
- lodash-es: ^4.18.0 (natural resolution from @semantic-release/exec satisfies >=4.18.0)

Kept semantic-release-slack-bot/**/micromatch: ^4.0.8 — without it,
semantic-release-slack-bot pins micromatch@4.0.2 which is below the
patched ^4.0.8 (GHSA-952p-6rrq-rcjv).

https://claude.ai/code/session_01SM8R8X6anjSWiZc5q2bfKt
---
 package.json | 6 ++----
 yarn.lock    | 4 ++--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/package.json b/package.json
index 60c453d58..ed16b2399 100644
--- a/package.json
+++ b/package.json
@@ -22,8 +22,6 @@
     "semantic-release-slack-bot": "4.0.2"
   },
   "resolutions": {
-    "semantic-release-slack-bot/**/micromatch": "^4.0.8",
-    "lodash": "^4.18.0",
-    "lodash-es": "^4.18.0"
-  } 
+    "semantic-release-slack-bot/**/micromatch": "^4.0.8"
+  }
 }
diff --git a/yarn.lock b/yarn.lock
index 70941785b..a80406a37 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2268,7 +2268,7 @@ locate-path@^6.0.0:
   dependencies:
     p-locate "^5.0.0"
 
-lodash-es@^4.17.21, lodash-es@^4.18.0:
+lodash-es@^4.17.21:
   version "4.18.1"
   resolved "https://registry.yarnpkg.com/lodash-es/-/lodash-es-4.18.1.tgz#b962eeb80d9d983a900bf342961fb7418ca10b1d"
   integrity sha512-J8xewKD/Gk22OZbhpOVSwcs60zhd95ESDwezOFuA3/099925PdHJ7OFHNTGtajL3AlZkykD32HykiMo+BIBI8A==
@@ -2343,7 +2343,7 @@ lodash.upperfirst@^4.3.1:
   resolved "https://registry.yarnpkg.com/lodash.upperfirst/-/lodash.upperfirst-4.3.1.tgz#1365edf431480481ef0d1c68957a5ed99d49f7ce"
   integrity sha512-sReKOYJIJf74dhJONhU4e0/shzi1trVbSWDOhKYE5XV2O+H7Sb2Dihwuc7xWxVl+DgFPyTqIN3zMfT9cq5iWDg==
 
-lodash@^4.17.15, lodash@^4.17.4, lodash@^4.18.0:
+lodash@^4.17.15, lodash@^4.17.4:
   version "4.18.1"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.18.1.tgz#ff2b66c1f6326d59513de2407bf881439812771c"
   integrity sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==