From c16f79eb6cc674aa91cc66684005cb0a3bf7994d Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sun, 5 Apr 2026 12:44:39 +0000
Subject: [PATCH] chore(release): version packages

---
 .changeset/fix-vulnerable-deps.md | 10 ----------
 packages/core/CHANGELOG.md        |  8 ++++++++
 packages/core/package.json        |  2 +-
 packages/express/CHANGELOG.md     | 11 +++++++++++
 packages/express/package.json     |  2 +-
 packages/nextjs/CHANGELOG.md      | 11 +++++++++++
 packages/nextjs/package.json      |  7 +++++--
 packages/nuxt/CHANGELOG.md        | 11 +++++++++++
 packages/nuxt/package.json        |  2 +-
 9 files changed, 49 insertions(+), 15 deletions(-)
 delete mode 100644 .changeset/fix-vulnerable-deps.md

diff --git a/.changeset/fix-vulnerable-deps.md b/.changeset/fix-vulnerable-deps.md
deleted file mode 100644
index d1f7d25..0000000
--- a/.changeset/fix-vulnerable-deps.md
+++ /dev/null
@@ -1,10 +0,0 @@
----
-"@csrf-armor/core": patch
-"@csrf-armor/express": patch
-"@csrf-armor/nextjs": patch
-"@csrf-armor/nuxt": patch
----
-
-fix: resolve high/moderate severity vulnerabilities in transitive dependencies
-
-Added pnpm overrides to force patched versions of `lodash` (>=4.18.0) and `defu` (>=6.1.5), which were pulled in transitively through the nuxt dependency chain. Addresses GHSA-r5fr-rjxr-66jc (lodash code injection), GHSA-f23m-r3pf-42rh (lodash prototype pollution), and GHSA-737v-mqg7-c878 (defu prototype pollution).
diff --git a/packages/core/CHANGELOG.md b/packages/core/CHANGELOG.md
index 357b785..0e1b763 100644
--- a/packages/core/CHANGELOG.md
+++ b/packages/core/CHANGELOG.md
@@ -1,5 +1,13 @@
 # @csrf-armor/core
 
+## 1.2.2
+
+### Patch Changes
+
+- [#46](https://github.com/muneebs/csrf-armor/pull/46) [`2eded88`](https://github.com/muneebs/csrf-armor/commit/2eded88f07c8c199fb16fd84ea13149c8864f56f) Thanks [@muneebs](https://github.com/muneebs)! - fix: resolve high/moderate severity vulnerabilities in transitive dependencies
+
+  Added pnpm overrides to force patched versions of `lodash` (>=4.18.0) and `defu` (>=6.1.5), which were pulled in transitively through the nuxt dependency chain. Addresses GHSA-r5fr-rjxr-66jc (lodash code injection), GHSA-f23m-r3pf-42rh (lodash prototype pollution), and GHSA-737v-mqg7-c878 (defu prototype pollution).
+
 ## 1.2.1
 
 ### Patch Changes
diff --git a/packages/core/package.json b/packages/core/package.json
index 393b131..ef94939 100644
--- a/packages/core/package.json
+++ b/packages/core/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@csrf-armor/core",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "description": "Framework-agnostic CSRF protection core functionality",
   "type": "module",
   "main": "./dist/index.mjs",
diff --git a/packages/express/CHANGELOG.md b/packages/express/CHANGELOG.md
index f800016..2aa3d99 100644
--- a/packages/express/CHANGELOG.md
+++ b/packages/express/CHANGELOG.md
@@ -1,5 +1,16 @@
 # @csrf-armor/express
 
+## 1.2.2
+
+### Patch Changes
+
+- [#46](https://github.com/muneebs/csrf-armor/pull/46) [`2eded88`](https://github.com/muneebs/csrf-armor/commit/2eded88f07c8c199fb16fd84ea13149c8864f56f) Thanks [@muneebs](https://github.com/muneebs)! - fix: resolve high/moderate severity vulnerabilities in transitive dependencies
+
+  Added pnpm overrides to force patched versions of `lodash` (>=4.18.0) and `defu` (>=6.1.5), which were pulled in transitively through the nuxt dependency chain. Addresses GHSA-r5fr-rjxr-66jc (lodash code injection), GHSA-f23m-r3pf-42rh (lodash prototype pollution), and GHSA-737v-mqg7-c878 (defu prototype pollution).
+
+- Updated dependencies [[`2eded88`](https://github.com/muneebs/csrf-armor/commit/2eded88f07c8c199fb16fd84ea13149c8864f56f)]:
+  - @csrf-armor/core@1.2.2
+
 ## 1.2.1
 
 ### Patch Changes
diff --git a/packages/express/package.json b/packages/express/package.json
index 3b56743..c214e7b 100644
--- a/packages/express/package.json
+++ b/packages/express/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@csrf-armor/express",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "description": "Express.js adapter for CSRF Armor - Advanced CSRF protection for Express.js applications",
   "type": "module",
   "types": "./dist/index.d.ts",
diff --git a/packages/nextjs/CHANGELOG.md b/packages/nextjs/CHANGELOG.md
index 734403f..93f2b0c 100644
--- a/packages/nextjs/CHANGELOG.md
+++ b/packages/nextjs/CHANGELOG.md
@@ -1,5 +1,16 @@
 # @csrf-armor/nextjs
 
+## 1.4.2
+
+### Patch Changes
+
+- [#46](https://github.com/muneebs/csrf-armor/pull/46) [`2eded88`](https://github.com/muneebs/csrf-armor/commit/2eded88f07c8c199fb16fd84ea13149c8864f56f) Thanks [@muneebs](https://github.com/muneebs)! - fix: resolve high/moderate severity vulnerabilities in transitive dependencies
+
+  Added pnpm overrides to force patched versions of `lodash` (>=4.18.0) and `defu` (>=6.1.5), which were pulled in transitively through the nuxt dependency chain. Addresses GHSA-r5fr-rjxr-66jc (lodash code injection), GHSA-f23m-r3pf-42rh (lodash prototype pollution), and GHSA-737v-mqg7-c878 (defu prototype pollution).
+
+- Updated dependencies [[`2eded88`](https://github.com/muneebs/csrf-armor/commit/2eded88f07c8c199fb16fd84ea13149c8864f56f)]:
+  - @csrf-armor/core@1.2.2
+
 ## 1.4.1
 
 ### Patch Changes
diff --git a/packages/nextjs/package.json b/packages/nextjs/package.json
index 47b061d..701ca5a 100644
--- a/packages/nextjs/package.json
+++ b/packages/nextjs/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@csrf-armor/nextjs",
-  "version": "1.4.1",
+  "version": "1.4.2",
   "description": "CSRF protection middleware for Next.js applications",
   "type": "module",
   "main": "./dist/index.js",
@@ -35,7 +35,10 @@
   ],
   "author": "Muneeb Samuels",
   "contributors": [
-    { "name": "Raul", "url": "https://github.com/raulcrisan" }
+    {
+      "name": "Raul",
+      "url": "https://github.com/raulcrisan"
+    }
   ],
   "license": "MIT",
   "repository": {
diff --git a/packages/nuxt/CHANGELOG.md b/packages/nuxt/CHANGELOG.md
index c9dfcff..154df05 100644
--- a/packages/nuxt/CHANGELOG.md
+++ b/packages/nuxt/CHANGELOG.md
@@ -1,5 +1,16 @@
 # @csrf-armor/nuxt
 
+## 1.1.1
+
+### Patch Changes
+
+- [#46](https://github.com/muneebs/csrf-armor/pull/46) [`2eded88`](https://github.com/muneebs/csrf-armor/commit/2eded88f07c8c199fb16fd84ea13149c8864f56f) Thanks [@muneebs](https://github.com/muneebs)! - fix: resolve high/moderate severity vulnerabilities in transitive dependencies
+
+  Added pnpm overrides to force patched versions of `lodash` (>=4.18.0) and `defu` (>=6.1.5), which were pulled in transitively through the nuxt dependency chain. Addresses GHSA-r5fr-rjxr-66jc (lodash code injection), GHSA-f23m-r3pf-42rh (lodash prototype pollution), and GHSA-737v-mqg7-c878 (defu prototype pollution).
+
+- Updated dependencies [[`2eded88`](https://github.com/muneebs/csrf-armor/commit/2eded88f07c8c199fb16fd84ea13149c8864f56f)]:
+  - @csrf-armor/core@1.2.2
+
 ## 1.1.0
 
 ### Minor Changes
diff --git a/packages/nuxt/package.json b/packages/nuxt/package.json
index 3ee858e..9894d8f 100644
--- a/packages/nuxt/package.json
+++ b/packages/nuxt/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@csrf-armor/nuxt",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "Nuxt module for CSRF protection powered by csrf-armor",
   "type": "module",
   "license": "MIT",