chore(deps): patch protobufjs runtime advisories

[kunickiaj]

Description

Patches the runtime protobufjs advisory chain by adding a scoped pnpm override for onnx-proto>protobufjs to 7.5.8 and refreshing the lockfile. This removes the production Dependabot/audit findings while avoiding a broader Transformers.js or ONNX Runtime migration.

Type of Change

• 🚀 Feature (new functionality)
• 🐛 Bug fix (fixes an issue)
• 📚 Documentation (docs-only change)
• 🔧 Maintenance (refactor, chore, CI, etc.)
• 🧪 Testing (test-only changes)

Testing

• Relevant checks pass locally (pnpm run tsc, pnpm run lint, pnpm run test)
• Added/updated tests for changes
• Manually verified changes work as expected

Validation run:

• pnpm install --ignore-scripts
• pnpm why protobufjs
• pnpm why @protobufjs/utf8
• pnpm audit --prod --json
• pnpm audit --json
• pnpm run check

Checklist

• Code follows project style (pnpm run lint passes for touched files)
• Self-review completed
• Documentation updated (if needed)
• No new warnings introduced

Notes: pnpm audit --json still reports the existing dev-only esbuild@0.18.20 chain through drizzle-kit > @esbuild-kit; production audit is clean.

[kunickiaj]

• fix(security): address first-pass CodeQL alerts #1114
• chore(deps): patch protobufjs runtime advisories #1113 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[kunickiaj]

Merge activity

• May 21, 3:50 PM UTC: A user started a stack merge that includes this pull request via Graphite.
• May 21, 3:51 PM UTC: Graphite rebased this pull request as part of a merge.
• May 21, 3:52 PM UTC: @kunickiaj merged this pull request with Graphite.