renovate[bot]
65f10b1f0c
chore(deps): update dependency stylelint to v17.14.0
2026-06-29 19:40:49 +00:00
renovate[bot]
8f68b3f396
fix(deps): update font awesome
2026-06-29 17:55:47 +00:00
renovate[bot]
01a851ca72
fix(deps): update dependency vue-i18n to v11.4.6
2026-06-29 16:58:17 +00:00
renovate[bot]
65a498dd50
fix(deps): update dependency @sentry/vue to v10.62.0
2026-06-29 16:57:00 +00:00
renovate[bot]
bb0055293b
chore(deps): update pnpm to v10.34.4
2026-06-29 16:14:58 +00:00
renovate[bot]
d2fcd2efa5
fix(deps): update dependency axios to v1.18.1
2026-06-29 15:22:25 +00:00
renovate[bot]
07c872eb2b
fix(deps): update dependency vue to v3.5.39
2026-06-29 15:22:17 +00:00
renovate[bot]
b866ba3f58
fix(deps): update dependency @intlify/unplugin-vue-i18n to v11.2.4
2026-06-29 08:16:56 +02:00
renovate[bot]
b0bbfa677a
chore(deps): update playwright to v1.61.1
2026-06-29 08:16:15 +02:00
renovate[bot]
c72cfdf50d
chore(deps): update dev-dependencies
2026-06-28 12:46:39 +00:00
renovate[bot]
12952516cf
fix(deps): update dependency ufo to v1.6.4
2026-06-28 12:10:14 +00:00
renovate[bot]
9946ca9031
fix(deps): update dependency nanoid to v5.1.16
2026-06-28 12:10:03 +00:00
renovate[bot]
a73761f4c5
fix(deps): update dependency sortablejs to v1.15.7
2026-06-28 09:08:08 +00:00
renovate[bot]
ac9811826e
fix(deps): update dependency marked to v17.0.6
2026-06-28 09:07:29 +00:00
renovate[bot]
0369b61001
fix(deps): update dependency dayjs to v1.11.21
2026-06-28 09:07:12 +00:00
renovate[bot]
59da1d9514
fix(deps): update dependency @floating-ui/dom to v1.7.6
2026-06-28 09:06:49 +00:00
renovate[bot]
eed762097a
fix(deps): update tiptap to v3.27.1
2026-06-27 19:39:07 +00:00
renovate[bot]
07d39b4290
chore(deps): pin dependencies
2026-06-27 18:01:23 +00:00
renovate[bot]
7a182817ee
chore(deps): update dev-dependencies
2026-06-24 17:37:15 +00:00
renovate[bot]
0f3a8a7e39
chore(deps): update dev-dependencies
2026-06-22 12:33:44 +00:00
renovate[bot]
ab927aa772
chore(deps): update dev-dependencies to v4.62.2
2026-06-19 17:32:00 +00:00
renovate[bot]
54fbc79a52
chore(deps): update dev-dependencies to v4.62.1
2026-06-19 16:09:04 +00:00
dependabot[bot]
1e1e733c36
chore(deps): bump dompurify from 3.4.9 to 3.4.11 in /frontend
...
Bumps [dompurify](https://github.com/cure53/DOMPurify ) from 3.4.9 to 3.4.11.
- [Release notes](https://github.com/cure53/DOMPurify/releases )
- [Commits](https://github.com/cure53/DOMPurify/compare/3.4.9...3.4.11 )
---
updated-dependencies:
- dependency-name: dompurify
dependency-version: 3.4.11
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-06-18 21:25:47 +00:00
renovate[bot]
80bb9aadc1
chore(deps): update dev-dependencies to v20.10.6
2026-06-18 20:54:23 +00:00
renovate[bot]
434b5d9fe3
chore(deps): update dev-dependencies to v10.5.0
2026-06-17 19:14:26 +00:00
renovate[bot]
ffcf92936a
chore(deps): update dev-dependencies
2026-06-17 12:02:41 +00:00
renovate[bot]
ea4bb09679
chore(deps): update dev-dependencies
2026-06-17 11:22:03 +00:00
renovate[bot]
f851e6f959
chore(deps): update dev-dependencies
2026-06-16 11:46:40 +00:00
kolaente
e13d3f537c
fix(deps): bump js-yaml to >=4.2.0 where possible
...
Desktop only has the v4 copy, so a plain override pins it to >=4.2.0
(resolves alert #245 ). The frontend also pulls js-yaml v3 via
gray-matter (histoire story tooling), which has no v4-compatible
release, so a scoped 'js-yaml@4' override bumps only the v4 copies
(eslint/cosmiconfig) and leaves gray-matter on 3.14.2. Alert #256
stays open for that dev-only, trusted-input path.
2026-06-16 08:33:16 +02:00
kolaente
9cc47a3da4
fix(deps): force @babel/core >=7.29.6
...
Resolves the @babel/core <=7.29.0 advisory. Transitive; pinned via
pnpm override. Dependabot alert #255 (frontend).
2026-06-16 08:32:36 +02:00
kolaente
d054fb7a5b
fix(deps): force launch-editor >=2.14.1
...
Resolves the launch-editor <=2.14.0 advisory. Transitive (via
vite-plugin-vue-devtools); pinned via pnpm override. Dependabot
alert #257 (frontend).
2026-06-16 08:32:20 +02:00
kolaente
be5858aafe
fix(deps): force markdown-it >=14.2.0 to fix ReDoS advisory
...
Resolves the markdown-it <=14.1.1 advisory. Transitive; pinned via
pnpm override. Dependabot alert #266 (frontend).
2026-06-16 08:31:46 +02:00
kolaente
460e8f3ab1
fix(deps): force form-data >=4.0.6 to fix unsafe boundary advisory
...
Resolves the form-data <4.0.6 advisory (predictable multipart
boundary). Transitive in both workspaces; pinned via pnpm overrides.
Dependabot alerts #247 (desktop) and #258 (frontend).
2026-06-16 08:30:33 +02:00
kolaente
652f61da50
fix(deps): bump dompurify to 3.4.9 to fix XSS advisories
...
dompurify 3.4.0 was affected by several stacked advisories (mXSS /
sanitizer bypasses). 3.4.9 is past all vulnerable ranges. Resolves
Dependabot alerts #248-#254 (package.json) and #259-#265 (lockfile).
2026-06-16 08:30:00 +02:00
kolaente
b42a7fdcc4
fix(deps): force esbuild >=0.28.1 to fix transitive advisories
...
The frontend pins esbuild 0.28.1 directly, but vite/histoire and
@intlify/bundle-utils pulled in transitive copies (0.27.7 and 0.25.12)
still affected by GHSA-gv7w-rqvm-qjhr (RCE via missing binary integrity
verification) and GHSA-g7r4-m6w7-qqqr (dev-server file read on Windows).
A pnpm override forces all copies to the patched 0.28.1. Dependabot
alerts #239 and #241 .
2026-06-16 08:18:18 +02:00
kolaente
1d6d332c18
fix(deps): bump tmp to >=0.2.7 to fix path traversal advisory
...
Resolves GHSA-7c78-jf6q-g5cm (type-confusion bypass of _assertPath
allowing path traversal). tmp was pinned to >=0.2.6 via pnpm overrides
in both the frontend and desktop workspaces, which resolved to the
vulnerable 0.2.6. Dependabot alerts #243 (desktop) and #244 (frontend).
2026-06-16 08:17:51 +02:00
dependabot[bot]
35bcb7ed26
chore(deps-dev): bump esbuild from 0.28.0 to 0.28.1 in /frontend
...
Bumps [esbuild](https://github.com/evanw/esbuild ) from 0.28.0 to 0.28.1.
- [Release notes](https://github.com/evanw/esbuild/releases )
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md )
- [Commits](https://github.com/evanw/esbuild/compare/v0.28.0...v0.28.1 )
---
updated-dependencies:
- dependency-name: esbuild
dependency-version: 0.28.1
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-06-15 17:34:06 +02:00
renovate[bot]
070ce19286
chore(deps): update dev-dependencies
2026-06-11 18:23:55 +00:00
renovate[bot]
cb0d24dae1
chore(deps): update dev-dependencies to v8.61.0
2026-06-09 11:47:14 +00:00
renovate[bot]
8ff97a61de
chore(deps): update dev-dependencies
2026-06-08 07:23:10 +00:00
renovate[bot]
43d6e14289
chore(deps): update dev-dependencies
2026-06-06 19:05:39 +00:00
renovate[bot]
e39885682c
chore(deps): update dev-dependencies
2026-06-04 18:30:29 +00:00
renovate[bot]
58b2aaa74e
chore(deps): update dev-dependencies to v10.9.2
2026-06-03 13:14:33 +00:00
renovate[bot]
4fc4125546
chore(deps): update dev-dependencies to v8.60.1
2026-06-02 06:27:20 +00:00
renovate[bot]
c7e7f8dca3
chore(deps): update dev-dependencies
2026-06-01 12:30:22 +00:00
renovate[bot]
e0fa2bbed4
chore(deps): update dependency vue-tsc to v3.3.3
2026-05-30 13:17:09 +00:00
dependabot[bot]
f7921238e6
chore(deps): bump axios from 1.15.2 to 1.16.0 in /frontend
...
Bumps [axios](https://github.com/axios/axios ) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.15.2...v1.16.0 )
---
updated-dependencies:
- dependency-name: axios
dependency-version: 1.16.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-30 08:48:43 +00:00
renovate[bot]
7d1372ece3
chore(deps): update dev-dependencies
2026-05-27 21:18:08 +00:00
kolaente
7be5026113
fix(deps): bump tmp to >=0.2.6 to fix path traversal vulnerability
...
Adds a pnpm override for `tmp` in both the `frontend` and `desktop`
workspaces to force the patched version (0.2.6). The previous transitive
resolutions (`tmp@0.0.33` via external-editor in frontend, `tmp@0.2.3`
via tmp-promise in desktop) are vulnerable to a path traversal via
unsanitized prefix/postfix that enables directory escape.
Addresses Dependabot alerts #234 (desktop) and #235 (frontend).
2026-05-27 11:09:20 +02:00
renovate[bot]
dc85d2e3cb
chore(deps): update dev-dependencies
2026-05-26 18:36:03 +00:00