fix: pnpm lock file

fix(editor): remove unused table nodes to prevent paste bug #7617
TableNode, TableCellNode and TableRowNode were registered in editorConfig but never used — no TablePlugin was mounted and no table UI existed in the toolbar. When pasting from a spreadsheet, Lexical would deserialize the clipboard's HTML into stuck, unremovable table nodes that narrowed the text into a 75px column and could not be deleted.
2026-04-02 12:53:18 -05:00 · 2026-03-30 17:51:50 +05:30 · 2026-03-30 11:46:19 +05:30 · 2026-03-29 22:55:54 +05:30
7 changed files with 9456 additions and 16920 deletions
--- a/apps/web/modules/ui/components/editor/components/editor.tsx
+++ b/apps/web/modules/ui/components/editor/components/editor.tsx
@@ -11,7 +11,6 @@ import { ListPlugin } from "@lexical/react/LexicalListPlugin";
 import { MarkdownShortcutPlugin } from "@lexical/react/LexicalMarkdownShortcutPlugin";
 import { RichTextPlugin } from "@lexical/react/LexicalRichTextPlugin";
 import { HeadingNode, QuoteNode } from "@lexical/rich-text";
-import { TableCellNode, TableNode, TableRowNode } from "@lexical/table";
 import { type Dispatch, type SetStateAction, useRef, useState } from "react";
 import { TSurvey, TSurveyRecallItem } from "@formbricks/types/surveys/types";
 import { cn } from "@/lib/cn";
@@ -73,9 +72,6 @@ const editorConfig = {
    QuoteNode,
    CodeNode,
    CodeHighlightNode,
-    TableNode,
-    TableCellNode,
-    TableRowNode,
    AutoLinkNode,
    LinkNode,
    RecallNode,
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -41,7 +41,6 @@
    "@lexical/markdown": "0.41.0",
    "@lexical/react": "0.41.0",
    "@lexical/rich-text": "0.41.0",
-    "@lexical/table": "0.41.0",
    "@next-auth/prisma-adapter": "1.0.7",
    "@opentelemetry/auto-instrumentations-node": "0.71.0",
    "@opentelemetry/exporter-metrics-otlp-http": "0.213.0",
@@ -100,7 +99,7 @@
    "next-auth": "4.24.13",
    "next-safe-action": "8.1.8",
    "node-fetch": "3.3.2",
-    "nodemailer": "8.0.4",
+    "nodemailer": "8.0.2",
    "otplib": "12.0.1",
    "papaparse": "5.5.3",
    "posthog-js": "1.360.0",
--- a/package.json
+++ b/package.json
@@ -91,26 +91,18 @@
      "flatted": "3.4.2",
      "hono": "4.12.7",
      "@microsoft/api-extractor>minimatch": "10.2.4",
-      "minimatch@3.1.5": "file:vendor/minimatch-3.1.5",
-      "node-forge": "1.4.0",
-      "brace-expansion@5.0.4": "5.0.5",
-      "minimatch@3.1.5>brace-expansion": "5.0.5",
-      "minimatch@9.0.9": "10.2.4",
-      "lodash": "4.17.23",
-      "picomatch@2.3.1": "2.3.2",
-      "picomatch@4.0.3": "4.0.4",
+      "node-forge": ">=1.3.2",
      "qs": "6.14.2",
      "rollup": "4.59.0",
      "socket.io-parser": "4.2.6",
      "tar": ">=7.5.11",
      "typeorm": ">=0.3.26",
      "undici": "7.24.0",
-      "yaml": "2.8.3",
      "fast-xml-parser": "5.5.7",
      "diff": ">=8.0.3"
    },
    "comments": {
-      "overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: @hono/node-server/hono (Dependabot #313/#316/#317) - awaiting Prisma update | @tootallnate/once (Dependabot #305) - awaiting sqlite3/node-gyp chain update | schema-utils@3>ajv (Dependabot #287) - awaiting eslint/file-loader schema-utils update | axios (CVE-2025-58754, CVE-2026-25639) - awaiting @boxyhq/saml-jackson update | effect (Dependabot #339) - awaiting Prisma update | flatted (Dependabot #324/#338) - awaiting eslint/flat-cache update | minimatch (Dependabot #288/#294/#297) - awaiting react-email/glob update | node-forge (Dependabot #347/#348/#349/#350) - awaiting @boxyhq/saml-jackson update | brace-expansion (Dependabot #346 / npm audit) - awaiting upstream adoption of safe minimatch/brace-expansion combos in transitive tooling and @boxyhq/saml-jackson | lodash (npm audit) - awaiting @boxyhq/saml-jackson update | picomatch (Dependabot #342/#343) - awaiting Vite/Vitest/lint-staged patch adoption | qs (Dependabot #277) - awaiting googleapis/googleapis-common update | rollup (Dependabot #291) - awaiting Vite patch adoption | socket.io-parser (Dependabot #334) - awaiting react-email/socket.io update | tar (CVE-2026-23745/23950/24842/26960) - awaiting @boxyhq/saml-jackson/sqlite3 dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update | undici (Dependabot #319/#322/#323) - awaiting jsdom/vitest/isomorphic-dompurify updates | yaml (Dependabot #344) - awaiting Vite/lint-staged patch adoption | fast-xml-parser (CVE-2026-25896/26278/33036/33349) - awaiting exact upstream pin updates | diff (Dependabot #269) - awaiting upstream patch range adoption"
+      "overrides": "Security fixes for transitive dependencies. Remove when upstream packages update: @hono/node-server/hono (Dependabot #313/#316/#317) - awaiting Prisma update | @tootallnate/once (Dependabot #305) - awaiting sqlite3/node-gyp chain update | schema-utils@3>ajv (Dependabot #287) - awaiting eslint/file-loader schema-utils update | axios (CVE-2025-58754, CVE-2026-25639) - awaiting @boxyhq/saml-jackson update | effect (Dependabot #339) - awaiting Prisma update | flatted (Dependabot #324/#338) - awaiting eslint/flat-cache update | minimatch (Dependabot #288/#294/#297) - awaiting react-email/glob update | node-forge (Dependabot #230) - awaiting @boxyhq/saml-jackson update | qs (Dependabot #277) - awaiting googleapis/googleapis-common update | rollup (Dependabot #291) - awaiting Vite patch adoption | socket.io-parser (Dependabot #334) - awaiting react-email/socket.io update | tar (CVE-2026-23745/23950/24842/26960) - awaiting @boxyhq/saml-jackson/sqlite3 dependency updates | typeorm (Dependabot #223) - awaiting @boxyhq/saml-jackson update | undici (Dependabot #319/#322/#323) - awaiting jsdom/vitest/isomorphic-dompurify updates | fast-xml-parser (CVE-2026-25896/26278/33036/33349) - awaiting exact upstream pin updates | diff (Dependabot #269) - awaiting upstream patch range adoption"
    },
    "patchedDependencies": {
      "next-auth@4.24.13": "patches/next-auth@4.24.13.patch"
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/vendor/minimatch-3.1.5/LICENSE
+++ b/vendor/minimatch-3.1.5/LICENSE
@@ -1,15 +0,0 @@
-The ISC License
-
-Copyright (c) Isaac Z. Schlueter and Contributors
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--- a/vendor/minimatch-3.1.5/minimatch.js
+++ b/vendor/minimatch-3.1.5/minimatch.js
--- a/vendor/minimatch-3.1.5/package.json
+++ b/vendor/minimatch-3.1.5/package.json
@@ -1,28 +0,0 @@
-{
-  "author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me)",
-  "name": "minimatch",
-  "description": "a glob matcher in javascript",
-  "version": "3.1.5",
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/isaacs/minimatch.git"
-  },
-  "main": "minimatch.js",
-  "scripts": {
-    "test": "tap",
-    "preversion": "npm test"
-  },
-  "engines": {
-    "node": "*"
-  },
-  "dependencies": {
-    "brace-expansion": "5.0.5"
-  },
-  "devDependencies": {
-    "tap": "^15.1.6"
-  },
-  "license": "ISC",
-  "files": [
-    "minimatch.js"
-  ]
-}