Skip to content
This repository was archived by the owner on May 29, 2026. It is now read-only.

Commit f2d3a2f

Browse files
Jocsclaude
andauthored
chore(deps): fix Dependabot security alerts (#101)
* chore(deps): fix Dependabot security alerts Resolves 6 open advisories: - vite ^5.0.0 → ^6.4.2 — fixes GHSA-4w7w-66w2-5vf9 path traversal in optimized deps .map handling (alerts #234, #235). - postcss override <8.5.10 → ^8.5.10 — fixes GHSA-qx2v-qp2m-jg93 XSS via unescaped </style> (alert #262). Pulled in transitively by vite. - uuid override <11.1.1 → ^11.1.1 — fixes GHSA-w5hq-g745-h8pq missing buffer bounds check (alert #246). Transitive via @muyajs/core → mermaid. - lodash-es override <4.18.0 → ^4.18.0 — fixes GHSA-r5fr-rjxr-66jc (_.template code injection) and GHSA-f23m-r3pf-42rh (_.unset/_.omit prototype pollution); alerts #230, #231. Transitive via @muyajs/core → mermaid → dagre-d3-es. Vite stays on v6 because CI (.github/workflows/deploy.yml) pins Node 18, and vite 7+ requires Node 20.19+. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(lint): restore eslint config for React + TS The Vue-era .eslintrc.js was deleted in a33f339 (vue-to-react refactor) but the `lint` script in package.json still references eslint, so `pnpm lint` errored with "couldn't find a configuration file" on every run. Add a standard Vite-React-TS .eslintrc.cjs aligned with the already-installed plugins (@typescript-eslint, react, react-hooks, react-refresh). Escape two apostrophes in Sponsor.tsx that the new react/no-unescaped-entities rule flagged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 3d692cb commit f2d3a2f

4 files changed

Lines changed: 267 additions & 153 deletions

File tree

.eslintrc.cjs

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
module.exports = {
2+
root: true,
3+
env: { browser: true, es2020: true, node: true },
4+
extends: [
5+
'eslint:recommended',
6+
'plugin:@typescript-eslint/recommended',
7+
'plugin:react/recommended',
8+
'plugin:react/jsx-runtime',
9+
'plugin:react-hooks/recommended',
10+
],
11+
ignorePatterns: ['build', 'node_modules', '.eslintrc.cjs'],
12+
parser: '@typescript-eslint/parser',
13+
parserOptions: {
14+
ecmaVersion: 'latest',
15+
sourceType: 'module',
16+
ecmaFeatures: { jsx: true },
17+
},
18+
settings: {
19+
react: { version: 'detect' },
20+
},
21+
plugins: ['react-refresh'],
22+
rules: {
23+
'react-refresh/only-export-components': [
24+
'warn',
25+
{ allowConstantExport: true },
26+
],
27+
},
28+
}

package.json

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,14 @@
2828
"eslint-plugin-react-hooks": "^4.6.0",
2929
"eslint-plugin-react-refresh": "^0.4.4",
3030
"typescript": "^5.2.2",
31-
"vite": "^5.0.0",
31+
"vite": "^6.4.2",
3232
"vite-plugin-svgr": "^4.2.0"
33+
},
34+
"pnpm": {
35+
"overrides": {
36+
"postcss@<8.5.10": "^8.5.10",
37+
"uuid@<11.1.1": "^11.1.1",
38+
"lodash-es@<4.18.0": "^4.18.0"
39+
}
3340
}
3441
}

0 commit comments

Comments
 (0)