[Snyk] Fix for 1 vulnerabilities

[onsails]

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

• package.json

⚠️ Warning

Failed to update the pnpm-lock.yaml, please update manually before merging.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[Copilot]

Pull request overview

Adds Snyk Protect configuration to patch a reported Lodash vulnerability in the project’s pnpm dependency tree.

Changes:

• Updates package.json to run snyk-protect during prepare, adds a snyk-protect script, enables Snyk, and introduces @snyk/protect.
• Adds a new .snyk policy file with patches for SNYK-JS-LODASH-567746 across multiple dependency paths.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
package.json	Adds Snyk Protect dependency + wiring (prepare, snyk-protect script, snyk: true) to apply vulnerability patches on install.
.snyk	Introduces Snyk policy patch entries for Lodash vulnerability remediation in transitive dependencies.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

@snyk/protect is set to "latest", which breaks reproducible installs and conflicts with the repo’s save-exact=true setting. Please pin this to an explicit version (and keep it updated via normal dependency bumps) instead of using latest.

[Copilot]

This PR changes package.json (adds @snyk/protect, scripts, and snyk: true) but does not update pnpm-lock.yaml (the repo has one). Please regenerate and commit the updated lockfile so installs/CI pick up the same dependency graph and the new prepare step doesn’t reference missing binaries.