From a7ad7d201847adf10f71e05498e458ee8d774391 Mon Sep 17 00:00:00 2001
From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com>
Date: Tue, 19 May 2026 08:31:51 +0000
Subject: [PATCH] fix: sync lockfile axios specifier and remove redundant
 flatted override

The package-lock.json root spec for axios was stale (^1.13.6) while
package.json already specified ^1.16.0. This mismatch could cause
security scanners to flag the dependency as vulnerable. Regenerated
the lockfile to sync the spec. Also removed the flatted override
since flat-cache@3.0.4 already resolves to 3.4.2 without it.

Resolves: GRAL-5985

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 CHANGELOG.md      | 4 ++++
 package-lock.json | 2 +-
 package.json      | 3 +--
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 29210c8e..1c4b5c46 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,10 @@ For public Changelog covering all changes done to Pipedrive’s API, webhooks an
 
 ## [Unreleased]
 
+### Security
+- Synced `package-lock.json` to match `package.json` `axios` specifier (`^1.16.0`), fixing stale lockfile metadata that referenced `^1.13.6`
+- Removed redundant `flatted` override — parent `flat-cache@3.0.4` (`^3.1.0`) already resolves to `3.4.2`
+
 ## [33.0.1] - 2026-05-13
 
 ### Fixed
diff --git a/package-lock.json b/package-lock.json
index 206bb62d..24cb173a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "version": "33.0.1",
       "license": "MIT",
       "dependencies": {
-        "axios": "^1.13.6",
+        "axios": "^1.16.0",
         "qs": "^6.14.2"
       },
       "devDependencies": {
diff --git a/package.json b/package.json
index 2b142ccc..68abb0f2 100644
--- a/package.json
+++ b/package.json
@@ -88,8 +88,7 @@
     "typescript-eslint": "^8.56.1"
   },
   "overrides": {
-    "serialize-javascript": "^7.0.4",
-    "flatted": "^3.4.0"
+    "serialize-javascript": "^7.0.4"
   },
   "lint-staged": {
     "*.{ts,js}": [