From 4deca04ecb3275ae17dd95d02f7ca6b8076ebaad Mon Sep 17 00:00:00 2001
From: Paul Mulligan <paul@pmds.pull-list.net>
Date: Thu, 14 May 2026 12:31:42 -0400
Subject: [PATCH] chore(deps): pin fast-uri override for security advisory

Adds pnpm.overrides for fast-uri to package.json (matching the advisory
versions Dependabot's audit-fix was injecting into PR lockfiles). Without
the override in package.json, regenerated lockfiles fail CI's frozen
install with ERR_PNPM_LOCKFILE_CONFIG_MISMATCH.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 package.json   |  6 ++++++
 pnpm-lock.yaml | 12 ++++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index 44824cf..fa4fea9 100644
--- a/package.json
+++ b/package.json
@@ -33,6 +33,12 @@
   "author": "PAMulligan",
   "license": "MIT",
   "packageManager": "pnpm@10.15.1",
+  "pnpm": {
+    "overrides": {
+      "fast-uri@<=3.1.0": ">=3.1.1",
+      "fast-uri@<=3.1.1": ">=3.1.2"
+    }
+  },
   "devDependencies": {
     "@commitlint/cli": "^20.5.0",
     "@commitlint/config-conventional": "^20.5.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 36ff94e..26757a0 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -4,6 +4,10 @@ settings:
   autoInstallPeers: true
   excludeLinksFromLockfile: false
 
+overrides:
+  fast-uri@<=3.1.0: '>=3.1.1'
+  fast-uri@<=3.1.1: '>=3.1.2'
+
 importers:
 
   .:
@@ -380,8 +384,8 @@ packages:
   fast-deep-equal@3.1.3:
     resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==}
 
-  fast-uri@3.1.0:
-    resolution: {integrity: sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==}
+  fast-uri@3.1.2:
+    resolution: {integrity: sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==}
 
   fast-xml-builder@1.1.4:
     resolution: {integrity: sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg==}
@@ -1112,7 +1116,7 @@ snapshots:
   ajv@8.18.0:
     dependencies:
       fast-deep-equal: 3.1.3
-      fast-uri: 3.1.0
+      fast-uri: 3.1.2
       json-schema-traverse: 1.0.0
       require-from-string: 2.0.2
 
@@ -1370,7 +1374,7 @@ snapshots:
 
   fast-deep-equal@3.1.3: {}
 
-  fast-uri@3.1.0: {}
+  fast-uri@3.1.2: {}
 
   fast-xml-builder@1.1.4:
     dependencies: