chore: pin all dependencies to exact versions

jdalton · jdalton · commit b26c79db513c · 2026-03-10T20:29:28.000-04:00
Pin unpinned dependencies across the monorepo to exact versions for better reproducibility and security. Catalog entries and direct dependencies now use exact version specifications instead of caret or minimum ranges, except for security overrides which maintain minimum version constraints.
diff --git a/packages/cli/package.json b/packages/cli/package.json
@@ -88,7 +88,7 @@
     "@socketsecurity/registry": "catalog:",
     "@socketsecurity/sdk": "catalog:",
     "@types/adm-zip": "catalog:",
-    "@types/react": "^19.2.14",
+    "@types/react": "19.2.14",
     "adm-zip": "catalog:",
     "ajv-dist": "catalog:",
     "ansi-regex": "catalog:",
@@ -98,7 +98,7 @@
     "chalk-table": "catalog:",
     "cmd-shim": "catalog:",
     "compromise": "catalog:",
-    "cross-env": "^10.1.0",
+    "cross-env": "10.1.0",
     "del-cli": "catalog:",
     "emoji-regex": "catalog:",
     "fast-glob": "catalog:",
@@ -109,7 +109,7 @@
     "ink": "catalog:",
     "ink-table": "catalog:",
     "ink-text-input": "catalog:",
-    "lru-cache": "^11.2.6",
+    "lru-cache": "11.2.6",
     "micromatch": "catalog:",
     "nanotar": "catalog:",
     "npm-package-arg": "catalog:",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
@@ -18,7 +18,7 @@ catalog:
   '@babel/types': 7.28.5
   '@dotenvx/dotenvx': 1.49.0
   '@gitbeaker/rest': 43.7.0
-  '@iarna/toml': ^2.2.5
+  '@iarna/toml': 2.2.5
   '@npmcli/arborist': 9.1.4
   '@npmcli/config': 10.4.0
   '@octokit/graphql': 9.0.1
@@ -56,7 +56,7 @@ catalog:
   '@types/yargs-parser': 21.0.3
   '@vitest/coverage-v8': 4.0.3
   '@yao-pkg/pkg': 6.8.0
-  '@yarnpkg/parsers': ^3.0.3
+  '@yarnpkg/parsers': 3.0.3
   aggregate-error: npm:@socketregistry/aggregate-error@^1.0.15
   ajv-dist: 8.17.1
   ansi-regex: 6.2.2
@@ -72,7 +72,7 @@ catalog:
   es-set-tostringtag: npm:@socketregistry/es-set-tostringtag@^1.0.10
   esbuild: 0.25.11
   fast-glob: 3.3.3
-  fast-xml-parser: ^5.5.1
+  fast-xml-parser: 5.5.1
   function-bind: npm:@socketregistry/function-bind@^1.0.7
   globalthis: npm:@socketregistry/globalthis@^1.0.8
   gopd: npm:@socketregistry/gopd@^1.0.7
