From 1bb4305627ba8c2ff80a954d99e337267ce7f8c4 Mon Sep 17 00:00:00 2001
From: Eric Anderson <eanderson@palantir.com>
Date: Tue, 9 Jul 2024 10:55:04 -0400
Subject: [PATCH] Force braces to non-CVE version to silence false flags

---
 package.json   |  3 ++-
 pnpm-lock.yaml | 23 ++++++++++++-----------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/package.json b/package.json
index 988b8a64e..bd861ed16 100644
--- a/package.json
+++ b/package.json
@@ -58,7 +58,8 @@
       "turbotree@1.0.1": "patches/turbotree@1.0.1.patch"
     },
     "overrides": {
-      "trim@0.0.1": "0.0.3"
+      "trim@0.0.1": "0.0.3",
+      "braces@3.0.2": "3.0.3"
     }
   },
   "engines": {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 38d151876..882328a16 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -6,6 +6,7 @@ settings:
 
 overrides:
   trim@0.0.1: 0.0.3
+  braces@3.0.2: 3.0.3
 
 patchedDependencies:
   turbotree@1.0.1:
@@ -453,7 +454,7 @@ importers:
         version: 5.4.5
       vite:
         specifier: ^5.2.11
-        version: 5.3.2(@types/node@18.17.15)
+        version: 5.3.2(@types/node@20.12.7)
 
   examples/example-tutorial-todo-app:
     dependencies:
@@ -4184,7 +4185,7 @@ packages:
       '@babel/plugin-transform-react-jsx-source': 7.23.3(@babel/core@7.24.5)
       '@types/babel__core': 7.20.5
       react-refresh: 0.14.0
-      vite: 5.3.2(@types/node@18.17.15)
+      vite: 5.3.2(@types/node@20.12.7)
     transitivePeerDependencies:
       - supports-color
     dev: true
@@ -4721,11 +4722,11 @@ packages:
     dependencies:
       balanced-match: 1.0.2
 
-  /braces@3.0.2:
-    resolution: {integrity: sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==}
+  /braces@3.0.3:
+    resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==}
     engines: {node: '>=8'}
     dependencies:
-      fill-range: 7.0.1
+      fill-range: 7.1.1
 
   /breakword@1.0.6:
     resolution: {integrity: sha512-yjxDAYyK/pBvws9H4xKYpLDpYKEH6CzrBPAuXq3x18I+c/2MkVtT3qAr7Oloi6Dss9qNhPVueAAVU1CSeNDIXw==}
@@ -4918,7 +4919,7 @@ packages:
     engines: {node: '>= 8.10.0'}
     dependencies:
       anymatch: 3.1.3
-      braces: 3.0.2
+      braces: 3.0.3
       glob-parent: 5.1.2
       is-binary-path: 2.1.0
       is-glob: 4.0.3
@@ -6323,8 +6324,8 @@ packages:
     dependencies:
       flat-cache: 4.0.1
 
-  /fill-range@7.0.1:
-    resolution: {integrity: sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==}
+  /fill-range@7.1.1:
+    resolution: {integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==}
     engines: {node: '>=8'}
     dependencies:
       to-regex-range: 5.0.1
@@ -7685,7 +7686,7 @@ packages:
     resolution: {integrity: sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==}
     engines: {node: '>=8.6'}
     dependencies:
-      braces: 3.0.2
+      braces: 3.0.3
       picomatch: 2.3.1
 
   /mimic-fn@2.1.0:
@@ -10214,7 +10215,7 @@ packages:
       debug: 4.3.4(supports-color@9.4.0)
       pathe: 1.1.1
       picocolors: 1.0.0
-      vite: 5.3.2(@types/node@18.17.15)
+      vite: 5.3.2(@types/node@20.12.7)
     transitivePeerDependencies:
       - '@types/node'
       - less
@@ -10417,7 +10418,7 @@ packages:
       strip-literal: 2.0.0
       tinybench: 2.5.1
       tinypool: 0.8.4
-      vite: 5.3.2(@types/node@18.17.15)
+      vite: 5.3.2(@types/node@20.12.7)
       vite-node: 1.6.0
       why-is-node-running: 2.2.2
     transitivePeerDependencies: