Commit graph

5 commits

Author SHA1 Message Date
Michael Mayer
eb49c285d7 Frontend: Retire redundant minimatch override
The "minimatch@~3.0": "^3.1.3" override was added on 2026-04-27 to
force-patch the ReDoS chain when postcss-url's locked minimatch@3.0.8
was the active vulnerability. With postcss-url removed, no consumer
in the tree pins to ~3.0.x anymore — every remaining minimatch
request (^3.0.4 from babel-plugin-istanbul/test-exclude and
eslint-plugin-node, ^3.1.5 from the eslint family, ^9.0.4 / ^10.1.1
from modern tooling) resolves naturally to a patched version.

Verification: removing the override leaves the lockfile byte-identical
("up to date in 932ms"), npm audit reports zero vulnerabilities, and
all installed minimatch versions are 3.1.5 / 5.1.x / 9.0.9 / 10.2.5
(no <3.1.4 entry). Build and 1055 vitest tests pass.
2026-05-05 10:13:03 +00:00
Michael Mayer
aaeb5c92b8 Frontend: Bump axios to 1.15.2 and drop legacy supply-chain pins
Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-04-27 11:59:52 +02:00
Michael Mayer
ca4f063052 Frontend: Pin "axios" to v1.14.0 to mitigate supply chain attack
see https://socket.dev/blog/axios-npm-package-compromised

Signed-off-by: Michael Mayer <michael@photoprism.app>
2026-03-31 08:52:23 +02:00
Ömer Duran
87bc9b9d18 Frontend: Rename root package 2026-02-27 11:41:30 +01:00
Ömer Duran
3d628a06bc Frontend: Add npm workspaces and root ESLint config for IDE auto-detection 2026-02-27 11:41:30 +01:00