mirror of
https://github.com/johannesjo/super-productivity.git
synced 2026-07-18 08:56:41 +00:00
* chore(deps): bump plugin-dev dev tooling to patch security alerts Update vite, vitest, postcss, glob, and minimatch across the packages/plugin-dev/* sample plugins to clear 26 Dependabot alerts. These are dev/build tooling for the example plugins and are not shipped to end users. - vite >=7.3.2, vitest 4.1.x, postcss 8.5.15, glob 10.5.0, minimatch 9.0.9/5.1.9 (all within declared semver ranges) - clickup-issue-provider: vitest ^3.2.1 -> ^4.1.0 (only manifest change) Verified test suites pass: clickup (28), automations (109). * chore(deps): bump minimatch + webpack-dev-server overrides for security Resolve the remaining root-lockfile Dependabot alerts in build/dev tooling (not shipped to end users): - minimatch: the existing `app-builder-lib` override pinned minimatch to 10.1.1, which npm cascades across electron-builder's entire subtree (@electron/asar, @electron/universal, dir-compare, filelist, temp). Bump the override to 10.2.5 (within app-builder-lib's ^10.0.3); the vulnerable nested copies dedupe to the patched top-level. Clears Dependabot #341, #372, #373 (minimatch ReDoS). - webpack-dev-server: add override to 5.2.4. Clears #593. Note: electron-builder `npm run dist` packaging not run in this env; the minimatch bump is a patch within range so impact is expected nil. |
||
|---|---|---|
| .. | ||
| i18n | ||
| scripts | ||
| src | ||
| icon.svg | ||
| package-lock.json | ||
| package.json | ||
| tsconfig.json | ||