From 3a749a57ada3c75622046be3223e72f50108e89d Mon Sep 17 00:00:00 2001
From: "heecheol.park" <heecheol.park@linecorp.com>
Date: Wed, 1 Apr 2026 20:11:30 +0900
Subject: [PATCH] fix: publish npm-shrinkwrap.json to pin transitive
 dependencies

Convert package-lock.json to npm-shrinkwrap.json so that published
installs resolve the exact dependency versions tested in CI, preventing
supply-chain drift such as the recent malicious axios incident.

Closes #86
---
 package-lock.json => npm-shrinkwrap.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename package-lock.json => npm-shrinkwrap.json (99%)

diff --git a/package-lock.json b/npm-shrinkwrap.json
similarity index 99%
rename from package-lock.json
rename to npm-shrinkwrap.json
index 11a6bad..c288796 100644
--- a/package-lock.json
+++ b/npm-shrinkwrap.json
@@ -1,12 +1,12 @@
 {
   "name": "confluence-cli",
-  "version": "1.17.0",
+  "version": "1.27.6",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "confluence-cli",
-      "version": "1.17.0",
+      "version": "1.27.6",
       "license": "MIT",
       "dependencies": {
         "axios": "^1.12.0",