Hotfix/adjust vuln package

[fernando-plank]

---

EntelligenceAI PR Summary

This PR updates dependency management to enforce secure versions:

• Bumped project version to 0.0.26 in package.json
• Enforced 'brace-expansion' >=2.0.2 in both overrides and resolutions
• Upgraded 'brace-expansion' to 4.0.1 and 'balanced-match' to 3.0.1 in pnpm-lock.yaml
• Removed 'concat-map' and updated all references to use the new versions

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
chat-popup	❌ Failed (Inspect)			Jun 16, 2025 9:00pm

[entelligence-ai-pr-reviews]

Walkthrough

This pull request updates dependency management to address security and compatibility concerns related to the 'brace-expansion' package. The package version is incremented, and both the package manifest and lockfile are modified to enforce a minimum version of 'brace-expansion' (>=2.0.2), with all references updated to 4.0.1. Related dependencies are also updated or removed as needed, ensuring the project uses secure and supported versions throughout.

Changes

File(s)	Summary
package.json	Incremented version from 0.0.25 to 0.0.26; added 'brace-expansion' >=2.0.2 to both 'overrides' and 'resolutions' sections.
pnpm-lock.yaml	Upgraded 'brace-expansion' to 4.0.1 and its dependency 'balanced-match' to 3.0.1; removed 'concat-map'; enforced 'brace-expansion' >=2.0.2 in overrides; updated all dependent package references.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    title Package Dependency Update Flow
    
    actor Developer
    participant PackageJSON as "package.json"
    participant PnpmLock as "pnpm-lock.yaml"
    participant DependencyResolver as "PNPM Dependency Resolver"
    participant BraceExpansion as "brace-expansion@4.0.1"
    participant BalancedMatch as "balanced-match@3.0.1"
    
    Developer->>PackageJSON: Add override for brace-expansion
    Note over PackageJSON: Add "brace-expansion@<2.0.2": ">=2.0.2"
    Developer->>PackageJSON: Add resolution for brace-expansion
    Note over PackageJSON: Add "brace-expansion": ">=2.0.2"
    
    Developer->>PnpmLock: Update dependency overrides
    Note over PnpmLock: Add brace-expansion override
    
    Developer->>DependencyResolver: Run package installation
    activate DependencyResolver
    
    DependencyResolver->>BraceExpansion: Resolve to version 4.0.1
    Note over BraceExpansion: Upgraded from 1.1.11/2.0.1
    
    DependencyResolver->>BalancedMatch: Resolve to version 3.0.1
    Note over BalancedMatch: Upgraded from 1.0.2
    
    DependencyResolver-->>PnpmLock: Update dependency tree
    Note over PnpmLock: Remove concat-map@0.0.1
    Note over PnpmLock: Update minimatch dependencies
    
    DependencyResolver-->>Developer: Installation complete
    deactivate DependencyResolver
    
    Developer->>PackageJSON: Bump package version
    Note over PackageJSON: 0.0.25 → 0.0.26

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[entelligence-ai-pr-reviews]

📚 Documentation Updates

I've created a pull request with documentation updates based on your changes:
https://github.com/Entelligence-AI/entelligence-docs/pull/42

The documentation updates are in branch: doc-updates-1750107660

Please review the documentation changes to ensure they accurately reflect your code changes.