mirror of
https://github.com/johannesjo/super-productivity.git
synced 2026-07-18 00:46:45 +00:00
* chore(deps): bump lodash from 4.17.23 to 4.18.1 Cherry-pick from Dependabot PR #7218. Fixes prototype pollution via constructor/prototype path traversal in _.unset/_.omit (GHSA-f23m-r3pf-42rh) and code injection via _.template imports keys (GHSA-r5fr-rjxr-66jc). https://claude.ai/code/session_01NbP8MQuSHm7p4Z4uUCRqeg * chore(deps): fix security vulnerabilities via npm audit fix Updates transitive dependencies to resolve security advisories: - follow-redirects 1.15.11 -> 1.16.0 (GHSA-r4q5-vmmm-2653) - path-to-regexp 8.3.0 -> 8.4.2 and 0.1.12 -> 0.1.13 (ReDoS fixes) - picomatch: updated nested copies to 4.0.4 (GHSA-3v7f-55p6-f55p, GHSA-c2c7-rcm5-vvqj) - minimatch: updated app-builder-lib override from vulnerable 10.1.1 to 10.2.5 Remaining items blocked on upstream releases: - picomatch 4.0.3 (top-level, needs @angular-devkit update) - undici 7.22.0 (needs @angular/build update) - vite 7.3.1 (needs @angular/build update) - minimatch 10.1.1 in glob (needs glob update) All vulnerabilities are in dev/build tooling only — none affect production. https://claude.ai/code/session_01NbP8MQuSHm7p4Z4uUCRqeg --------- Co-authored-by: Claude <noreply@anthropic.com>
18 lines
406 B
JSON
18 lines
406 B
JSON
{
|
|
"name": "@super-productivity/vite-plugin",
|
|
"version": "1.0.0",
|
|
"description": "Vite plugin for Super Productivity plugins",
|
|
"main": "dist/index.js",
|
|
"types": "dist/index.d.ts",
|
|
"scripts": {
|
|
"build": "tsc"
|
|
},
|
|
"peerDependencies": {
|
|
"vite": "^5.0.0 || ^6.0.0 || ^7.0.0"
|
|
},
|
|
"devDependencies": {
|
|
"@types/node": "^22.0.0",
|
|
"typescript": "^5.0.0",
|
|
"vite": "^7.3.2"
|
|
}
|
|
}
|