mirror of
https://github.com/johannesjo/super-productivity.git
synced 2026-07-18 08:56:41 +00:00
* chore(deps): bump plugin-dev dev tooling to patch security alerts Update vite, vitest, postcss, glob, and minimatch across the packages/plugin-dev/* sample plugins to clear 26 Dependabot alerts. These are dev/build tooling for the example plugins and are not shipped to end users. - vite >=7.3.2, vitest 4.1.x, postcss 8.5.15, glob 10.5.0, minimatch 9.0.9/5.1.9 (all within declared semver ranges) - clickup-issue-provider: vitest ^3.2.1 -> ^4.1.0 (only manifest change) Verified test suites pass: clickup (28), automations (109). * chore(deps): bump minimatch + webpack-dev-server overrides for security Resolve the remaining root-lockfile Dependabot alerts in build/dev tooling (not shipped to end users): - minimatch: the existing `app-builder-lib` override pinned minimatch to 10.1.1, which npm cascades across electron-builder's entire subtree (@electron/asar, @electron/universal, dir-compare, filelist, temp). Bump the override to 10.2.5 (within app-builder-lib's ^10.0.3); the vulnerable nested copies dedupe to the patched top-level. Clears Dependabot #341, #372, #373 (minimatch ReDoS). - webpack-dev-server: add override to 5.2.4. Clears #593. Note: electron-builder `npm run dist` packaging not run in this env; the minimatch bump is a patch within range so impact is expected nil.
20 lines
476 B
JSON
20 lines
476 B
JSON
{
|
|
"name": "clickup-issue-provider",
|
|
"version": "1.0.0",
|
|
"description": "ClickUp issue provider plugin",
|
|
"scripts": {
|
|
"build": "node scripts/build.js",
|
|
"typecheck": "tsc --noEmit",
|
|
"lint": "tsc --noEmit",
|
|
"test": "vitest run",
|
|
"test:watch": "vitest"
|
|
},
|
|
"devDependencies": {
|
|
"esbuild": "^0.25.11",
|
|
"typescript": "^5.8.3",
|
|
"vitest": "^4.1.0"
|
|
},
|
|
"dependencies": {
|
|
"@super-productivity/plugin-api": "file:../../plugin-api"
|
|
}
|
|
}
|