Commit Graph

1012 Commits

Author SHA1 Message Date
renovate[bot] 65f10b1f0c
chore(deps): update dependency stylelint to v17.14.0 2026-06-29 19:40:49 +00:00
renovate[bot] 8f68b3f396 fix(deps): update font awesome 2026-06-29 17:55:47 +00:00
renovate[bot] 01a851ca72 fix(deps): update dependency vue-i18n to v11.4.6 2026-06-29 16:58:17 +00:00
renovate[bot] 65a498dd50 fix(deps): update dependency @sentry/vue to v10.62.0 2026-06-29 16:57:00 +00:00
renovate[bot] bb0055293b chore(deps): update pnpm to v10.34.4 2026-06-29 16:14:58 +00:00
renovate[bot] d2fcd2efa5 fix(deps): update dependency axios to v1.18.1 2026-06-29 15:22:25 +00:00
renovate[bot] 07c872eb2b fix(deps): update dependency vue to v3.5.39 2026-06-29 15:22:17 +00:00
renovate[bot] b866ba3f58 fix(deps): update dependency @intlify/unplugin-vue-i18n to v11.2.4 2026-06-29 08:16:56 +02:00
renovate[bot] b0bbfa677a chore(deps): update playwright to v1.61.1 2026-06-29 08:16:15 +02:00
renovate[bot] c72cfdf50d chore(deps): update dev-dependencies 2026-06-28 12:46:39 +00:00
renovate[bot] 12952516cf fix(deps): update dependency ufo to v1.6.4 2026-06-28 12:10:14 +00:00
renovate[bot] 9946ca9031 fix(deps): update dependency nanoid to v5.1.16 2026-06-28 12:10:03 +00:00
renovate[bot] a73761f4c5 fix(deps): update dependency sortablejs to v1.15.7 2026-06-28 09:08:08 +00:00
renovate[bot] ac9811826e fix(deps): update dependency marked to v17.0.6 2026-06-28 09:07:29 +00:00
renovate[bot] 0369b61001 fix(deps): update dependency dayjs to v1.11.21 2026-06-28 09:07:12 +00:00
renovate[bot] 59da1d9514 fix(deps): update dependency @floating-ui/dom to v1.7.6 2026-06-28 09:06:49 +00:00
renovate[bot] eed762097a fix(deps): update tiptap to v3.27.1 2026-06-27 19:39:07 +00:00
renovate[bot] 07d39b4290 chore(deps): pin dependencies 2026-06-27 18:01:23 +00:00
renovate[bot] 7a182817ee chore(deps): update dev-dependencies 2026-06-24 17:37:15 +00:00
renovate[bot] 0f3a8a7e39 chore(deps): update dev-dependencies 2026-06-22 12:33:44 +00:00
renovate[bot] ab927aa772 chore(deps): update dev-dependencies to v4.62.2 2026-06-19 17:32:00 +00:00
renovate[bot] 54fbc79a52 chore(deps): update dev-dependencies to v4.62.1 2026-06-19 16:09:04 +00:00
dependabot[bot] 1e1e733c36 chore(deps): bump dompurify from 3.4.9 to 3.4.11 in /frontend
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.4.9 to 3.4.11.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.4.9...3.4.11)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.11
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-18 21:25:47 +00:00
renovate[bot] 80bb9aadc1 chore(deps): update dev-dependencies to v20.10.6 2026-06-18 20:54:23 +00:00
renovate[bot] 434b5d9fe3 chore(deps): update dev-dependencies to v10.5.0 2026-06-17 19:14:26 +00:00
renovate[bot] ffcf92936a chore(deps): update dev-dependencies 2026-06-17 12:02:41 +00:00
renovate[bot] ea4bb09679 chore(deps): update dev-dependencies 2026-06-17 11:22:03 +00:00
renovate[bot] f851e6f959 chore(deps): update dev-dependencies 2026-06-16 11:46:40 +00:00
kolaente e13d3f537c
fix(deps): bump js-yaml to >=4.2.0 where possible
Desktop only has the v4 copy, so a plain override pins it to >=4.2.0
(resolves alert #245). The frontend also pulls js-yaml v3 via
gray-matter (histoire story tooling), which has no v4-compatible
release, so a scoped 'js-yaml@4' override bumps only the v4 copies
(eslint/cosmiconfig) and leaves gray-matter on 3.14.2. Alert #256
stays open for that dev-only, trusted-input path.
2026-06-16 08:33:16 +02:00
kolaente 9cc47a3da4
fix(deps): force @babel/core >=7.29.6
Resolves the @babel/core <=7.29.0 advisory. Transitive; pinned via
pnpm override. Dependabot alert #255 (frontend).
2026-06-16 08:32:36 +02:00
kolaente d054fb7a5b
fix(deps): force launch-editor >=2.14.1
Resolves the launch-editor <=2.14.0 advisory. Transitive (via
vite-plugin-vue-devtools); pinned via pnpm override. Dependabot
alert #257 (frontend).
2026-06-16 08:32:20 +02:00
kolaente be5858aafe
fix(deps): force markdown-it >=14.2.0 to fix ReDoS advisory
Resolves the markdown-it <=14.1.1 advisory. Transitive; pinned via
pnpm override. Dependabot alert #266 (frontend).
2026-06-16 08:31:46 +02:00
kolaente 460e8f3ab1
fix(deps): force form-data >=4.0.6 to fix unsafe boundary advisory
Resolves the form-data <4.0.6 advisory (predictable multipart
boundary). Transitive in both workspaces; pinned via pnpm overrides.
Dependabot alerts #247 (desktop) and #258 (frontend).
2026-06-16 08:30:33 +02:00
kolaente 652f61da50
fix(deps): bump dompurify to 3.4.9 to fix XSS advisories
dompurify 3.4.0 was affected by several stacked advisories (mXSS /
sanitizer bypasses). 3.4.9 is past all vulnerable ranges. Resolves
Dependabot alerts #248-#254 (package.json) and #259-#265 (lockfile).
2026-06-16 08:30:00 +02:00
kolaente b42a7fdcc4
fix(deps): force esbuild >=0.28.1 to fix transitive advisories
The frontend pins esbuild 0.28.1 directly, but vite/histoire and
@intlify/bundle-utils pulled in transitive copies (0.27.7 and 0.25.12)
still affected by GHSA-gv7w-rqvm-qjhr (RCE via missing binary integrity
verification) and GHSA-g7r4-m6w7-qqqr (dev-server file read on Windows).
A pnpm override forces all copies to the patched 0.28.1. Dependabot
alerts #239 and #241.
2026-06-16 08:18:18 +02:00
kolaente 1d6d332c18
fix(deps): bump tmp to >=0.2.7 to fix path traversal advisory
Resolves GHSA-7c78-jf6q-g5cm (type-confusion bypass of _assertPath
allowing path traversal). tmp was pinned to >=0.2.6 via pnpm overrides
in both the frontend and desktop workspaces, which resolved to the
vulnerable 0.2.6. Dependabot alerts #243 (desktop) and #244 (frontend).
2026-06-16 08:17:51 +02:00
dependabot[bot] 35bcb7ed26 chore(deps-dev): bump esbuild from 0.28.0 to 0.28.1 in /frontend
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.28.0 to 0.28.1.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.28.0...v0.28.1)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.28.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-15 17:34:06 +02:00
renovate[bot] 070ce19286 chore(deps): update dev-dependencies 2026-06-11 18:23:55 +00:00
renovate[bot] cb0d24dae1 chore(deps): update dev-dependencies to v8.61.0 2026-06-09 11:47:14 +00:00
renovate[bot] 8ff97a61de chore(deps): update dev-dependencies 2026-06-08 07:23:10 +00:00
renovate[bot] 43d6e14289 chore(deps): update dev-dependencies 2026-06-06 19:05:39 +00:00
renovate[bot] e39885682c chore(deps): update dev-dependencies 2026-06-04 18:30:29 +00:00
renovate[bot] 58b2aaa74e chore(deps): update dev-dependencies to v10.9.2 2026-06-03 13:14:33 +00:00
renovate[bot] 4fc4125546 chore(deps): update dev-dependencies to v8.60.1 2026-06-02 06:27:20 +00:00
renovate[bot] c7e7f8dca3 chore(deps): update dev-dependencies 2026-06-01 12:30:22 +00:00
renovate[bot] e0fa2bbed4 chore(deps): update dependency vue-tsc to v3.3.3 2026-05-30 13:17:09 +00:00
dependabot[bot] f7921238e6 chore(deps): bump axios from 1.15.2 to 1.16.0 in /frontend
Bumps [axios](https://github.com/axios/axios) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.15.2...v1.16.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-30 08:48:43 +00:00
renovate[bot] 7d1372ece3 chore(deps): update dev-dependencies 2026-05-27 21:18:08 +00:00
kolaente 7be5026113
fix(deps): bump tmp to >=0.2.6 to fix path traversal vulnerability
Adds a pnpm override for `tmp` in both the `frontend` and `desktop`
workspaces to force the patched version (0.2.6). The previous transitive
resolutions (`tmp@0.0.33` via external-editor in frontend, `tmp@0.2.3`
via tmp-promise in desktop) are vulnerable to a path traversal via
unsanitized prefix/postfix that enables directory escape.

Addresses Dependabot alerts #234 (desktop) and #235 (frontend).
2026-05-27 11:09:20 +02:00
renovate[bot] dc85d2e3cb chore(deps): update dev-dependencies 2026-05-26 18:36:03 +00:00