Pin lodash and lodash-es to ^4.18.1 via resolutions so transitive deps
pick up the patched versions, then drop the advisory ID.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
* chore: Resolve minimatch ReDoS advisories via dep bumps and resolutions
Bump glob (8→11), rimraf (2→6), babel-jest, jest-environment-jsdom (29→30),
and lint-staged (13→16) to drop several vulnerable transitive chains. Pin
remaining minimatch and brace-expansion descriptors via resolutions so all
in-tree copies are on their latest patched release. Removes 9 ignored
advisory IDs from .yarnrc.yml.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* fix: Make routeHelpers.urlify origin testable for jsdom 26
jsdom 26 (jest-environment-jsdom@30) makes window.location and
location.origin non-configurable, breaking the previous test that
redefined them via Object.defineProperty.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* chore: Align jest-cli to ^30.3.0 with other jest packages
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Adds group sync from external authentication providers, allowing team group memberships to be automatically managed based on provider data on sign-in in the future.
Tom Moor