Fix NPM vulnerabilites (#5459)

andyleejordan · web-flow · commit 5f77d8b206cd · 2026-04-08T13:20:29.000-07:00
diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
@@ -9,3 +9,5 @@
 - After updating, verify: `npm run compile` (build), `npm run lint` (lint), `npm audit` (security)
 - The ESLint packages (`eslint`, `@eslint/js`, `typescript-eslint`, `eslint-config-prettier`) should be updated together
 - Fix any new lint warnings from updates to ESLint
+- Use `npm audit` to identify vulnerabilities
+- Do not use `npm audit fix --force` when a vulnerability is in a transitive dependency, instead add an `overrides` entry
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -94,6 +94,10 @@
     "typescript": "^6.0.2",
     "typescript-eslint": "^8.58.0"
   },
+  "overrides": {
+    "serialize-javascript": "^7.0.5",
+    "diff": "^8.0.3"
+  },
   "extensionDependencies": [
     "vscode.powershell"
   ],
