super-productivity/packages/plugin-dev/clickup-issue-provider/package.json
Johannes Millan 54671f87be
chore(deps): resolve 30 Dependabot security alerts (dev/build tooling) (#7960)
* chore(deps): bump plugin-dev dev tooling to patch security alerts

Update vite, vitest, postcss, glob, and minimatch across the
packages/plugin-dev/* sample plugins to clear 26 Dependabot alerts.
These are dev/build tooling for the example plugins and are not
shipped to end users.

- vite >=7.3.2, vitest 4.1.x, postcss 8.5.15, glob 10.5.0,
  minimatch 9.0.9/5.1.9 (all within declared semver ranges)
- clickup-issue-provider: vitest ^3.2.1 -> ^4.1.0 (only manifest change)

Verified test suites pass: clickup (28), automations (109).

* chore(deps): bump minimatch + webpack-dev-server overrides for security

Resolve the remaining root-lockfile Dependabot alerts in build/dev
tooling (not shipped to end users):

- minimatch: the existing `app-builder-lib` override pinned minimatch to
  10.1.1, which npm cascades across electron-builder's entire subtree
  (@electron/asar, @electron/universal, dir-compare, filelist, temp).
  Bump the override to 10.2.5 (within app-builder-lib's ^10.0.3); the
  vulnerable nested copies dedupe to the patched top-level. Clears
  Dependabot #341, #372, #373 (minimatch ReDoS).
- webpack-dev-server: add override to 5.2.4. Clears #593.

Note: electron-builder `npm run dist` packaging not run in this env;
the minimatch bump is a patch within range so impact is expected nil.
2026-06-02 19:44:21 +02:00

20 lines
476 B
JSON

{
"name": "clickup-issue-provider",
"version": "1.0.0",
"description": "ClickUp issue provider plugin",
"scripts": {
"build": "node scripts/build.js",
"typecheck": "tsc --noEmit",
"lint": "tsc --noEmit",
"test": "vitest run",
"test:watch": "vitest"
},
"devDependencies": {
"esbuild": "^0.25.11",
"typescript": "^5.8.3",
"vitest": "^4.1.0"
},
"dependencies": {
"@super-productivity/plugin-api": "file:../../plugin-api"
}
}