Lukas
a97ffe5ed1
Bumps vite ^8.0.5 → ^8.0.16 (GHSA-fx2h-pf6j-xcff, server.fs.deny bypass on Windows) and jsdom ^29.0.1 → ^29.1.1 to unblock the pre-commit audit gate. The existing >=7.24.0 undici override was floating to 8.x, which broke jsdom (it reaches into undici 7's private module layout). Tightened to ~7.24.0 to keep jsdom working. That leaves GHSA-vmh5-mc38-953g (undici SOCKS5 ProxyAgent TLS bypass) open — patched in 7.28+ but we can't move there until jsdom updates its pin. We never use a SOCKS5 proxy in tests, so the vulnerable code path is unreachable. Added an auditConfig.ignoreGhsas entry with a note explaining the rationale and the condition for removing it.
35 lines
822 B
JSON
35 lines
822 B
JSON
{
|
|
"name": "web",
|
|
"version": "0.0.0",
|
|
"private": true,
|
|
"type": "module",
|
|
"scripts": {
|
|
"dev": "vite",
|
|
"build": "tsc --build && vite build",
|
|
"preview": "vite preview"
|
|
},
|
|
"dependencies": {
|
|
"@initiative/application": "workspace:*",
|
|
"@initiative/domain": "workspace:*",
|
|
"class-variance-authority": "^0.7.1",
|
|
"clsx": "^2.1.1",
|
|
"idb": "^8.0.3",
|
|
"lucide-react": "^0.577.0",
|
|
"react": "^19.0.0",
|
|
"react-dom": "^19.0.0",
|
|
"tailwind-merge": "^3.5.0"
|
|
},
|
|
"devDependencies": {
|
|
"@tailwindcss/vite": "^4.2.2",
|
|
"@testing-library/jest-dom": "^6.9.1",
|
|
"@testing-library/react": "^16.3.2",
|
|
"@testing-library/user-event": "^14.6.1",
|
|
"@types/react": "^19.0.0",
|
|
"@types/react-dom": "^19.0.0",
|
|
"@vitejs/plugin-react": "^6.0.1",
|
|
"jsdom": "^29.1.1",
|
|
"tailwindcss": "^4.2.2",
|
|
"vite": "^8.0.16"
|
|
}
|
|
}
|