From d8631e959e5509cb7f7a509fe86dad07ec2d6776 Mon Sep 17 00:00:00 2001
From: Daz DeBoer <daz@gradle.com>
Date: Tue, 9 Jun 2026 18:21:15 -0700
Subject: [PATCH] Remove redundant security overrides

The shell-quote, fast-xml-parser, fast-xml-builder and eslint>brace-expansion
overrides added in #980 are no-ops: npm's natural resolution already lands on
the same patched versions, so they upgrade nothing. The vulnerabilities were
actually resolved by regenerating the lockfile. Verified `npm audit` still
reports 0 vulnerabilities after removal.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 sources/package.json | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/sources/package.json b/sources/package.json
index 652310a0..9a7d58c0 100644
--- a/sources/package.json
+++ b/sources/package.json
@@ -73,12 +73,6 @@
     "@azure/logger": "1.1.4",
     "@octokit/request": "8.4.1",
     "@octokit/request-error": "5.1.1",
-    "@octokit/plugin-paginate-rest": "9.2.2",
-    "shell-quote": "1.8.4",
-    "fast-xml-parser": "5.8.0",
-    "fast-xml-builder": "1.2.0",
-    "eslint": {
-      "brace-expansion": "5.0.6"
-    }
+    "@octokit/plugin-paginate-rest": "9.2.2"
   }
 }