From 0ce93a38bbf26801a585fc8e6a89dbdd8678c858 Mon Sep 17 00:00:00 2001 From: Michael Hughes Date: Sun, 8 Mar 2026 20:25:25 -0600 Subject: [PATCH 1/3] fix: resolve critical lodash vulnerabilities in gitbook-plugin-sharing - Added npm overrides to force lodash ^4.17.21 - Addresses GHSA-fvqr-27wr-82fm, GHSA-35jh-r3h4-6jhm, and others - Resolves transitive dependency issues in unmaintained gitbook plugin --- package.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/package.json b/package.json index f5a1eac2..4824ba19 100644 --- a/package.json +++ b/package.json @@ -36,5 +36,8 @@ "commitizen": { "path": "./node_modules/cz-conventional-changelog" } + }, + "overrides": { + "lodash": "^4.17.21" } } From 871e3341b9dab9b15a711488c3e5d65f64db806f Mon Sep 17 00:00:00 2001 From: Michael Hughes Date: Sun, 8 Mar 2026 20:46:25 -0600 Subject: [PATCH 2/3] Update package.json Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- package.json | 3 +++ 1 file changed, 3 insertions(+) diff --git a/package.json b/package.json index 4824ba19..f54a8803 100644 --- a/package.json +++ b/package.json @@ -39,5 +39,8 @@ }, "overrides": { "lodash": "^4.17.21" + }, + "resolutions": { + "lodash": "^4.17.21" } } From dc627145e6d62eedb0c6dbec894b706641258946 Mon Sep 17 00:00:00 2001 From: Michael Hughes Date: Sun, 8 Mar 2026 20:49:26 -0600 Subject: [PATCH 3/3] Update package.json add gitbook-plugin-sharing condition Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- package.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index f54a8803..e41279c4 100644 --- a/package.json +++ b/package.json @@ -38,7 +38,9 @@ } }, "overrides": { - "lodash": "^4.17.21" + "gitbook-plugin-sharing": { + "lodash": "4.17.21" + } }, "resolutions": { "lodash": "^4.17.21"