Commit Graph

969 Commits

Author SHA1 Message Date
renovate[bot] 4fc4125546 chore(deps): update dev-dependencies to v8.60.1 2026-06-02 06:27:20 +00:00
renovate[bot] c7e7f8dca3 chore(deps): update dev-dependencies 2026-06-01 12:30:22 +00:00
renovate[bot] e0fa2bbed4 chore(deps): update dependency vue-tsc to v3.3.3 2026-05-30 13:17:09 +00:00
dependabot[bot] f7921238e6 chore(deps): bump axios from 1.15.2 to 1.16.0 in /frontend
Bumps [axios](https://github.com/axios/axios) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.15.2...v1.16.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.16.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-30 08:48:43 +00:00
renovate[bot] 7d1372ece3 chore(deps): update dev-dependencies 2026-05-27 21:18:08 +00:00
kolaente 7be5026113
fix(deps): bump tmp to >=0.2.6 to fix path traversal vulnerability
Adds a pnpm override for `tmp` in both the `frontend` and `desktop`
workspaces to force the patched version (0.2.6). The previous transitive
resolutions (`tmp@0.0.33` via external-editor in frontend, `tmp@0.2.3`
via tmp-promise in desktop) are vulnerable to a path traversal via
unsanitized prefix/postfix that enables directory escape.

Addresses Dependabot alerts #234 (desktop) and #235 (frontend).
2026-05-27 11:09:20 +02:00
renovate[bot] dc85d2e3cb chore(deps): update dev-dependencies 2026-05-26 18:36:03 +00:00
kolaente 46dbeb5784 feat(editor): preserve comment-id on blockquotes
Extend the default Blockquote with a `commentId` attribute that
round-trips through HTML as `data-comment-id`. This single attribute
is the canonical record of a reply: it survives TipTap serialize /
parse so the backend listener and the in-app renderer can both find
the parent comment without a separate schema field.
2026-05-20 21:02:14 +00:00
kolaente 1fd1427fed
fix(deps): bump postcss to >=8.5.10 to fix XSS via unescaped </style>
Adds a pnpm override to force postcss to a patched version (>=8.5.10),
removing the vulnerable postcss@7.0.39 pulled in transitively by
postcss-easing-gradients. Resolves GHSA / Dependabot alert #197.
2026-05-19 16:58:25 +02:00
kolaente a5dc85b5d3
fix(deps): bump ip-address to 10.2.0
Adds a pnpm override to pull ip-address >=10.1.1, resolving the XSS
vulnerability in Address6 HTML-emitting methods (GHSA, dev-only
transitive dependency via puppeteer/socks).
2026-05-19 16:56:07 +02:00
renovate[bot] faeeebe661 chore(deps): update dev-dependencies to v8.59.4 2026-05-18 19:01:32 +00:00
renovate[bot] ad457488fd chore(deps): update dependency vue-tsc to v3.3.0 2026-05-18 18:13:13 +00:00
renovate[bot] d4e186a024 chore(deps): update dependency caniuse-lite to v1.0.30001793 2026-05-17 14:51:39 +00:00
renovate[bot] c371ca7196 chore(deps): update dev-dependencies 2026-05-15 13:57:32 +00:00
renovate[bot] 7caaa9a16a chore(deps): update dev-dependencies 2026-05-15 10:28:16 +00:00
renovate[bot] 57a0b8fee4 chore(deps): update dev-dependencies to v4.3.0 2026-05-11 21:21:39 +00:00
renovate[bot] 572edd431d chore(deps): update dev-dependencies 2026-05-11 06:05:06 +00:00
renovate[bot] 812fa11b9b chore(deps): update dependency vite to v7.3.3 2026-05-07 07:38:48 +00:00
dependabot[bot] fc9a9a6c71 chore(deps): bump axios from 1.15.0 to 1.15.2 in /frontend
Bumps [axios](https://github.com/axios/axios) from 1.15.0 to 1.15.2.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.15.0...v1.15.2)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.15.2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-06 12:37:48 +00:00
renovate[bot] 4754230ef0 chore(deps): update dev-dependencies 2026-05-06 12:37:26 +00:00
kolaente 926e163089 chore(deps): bump workbox-precaching to 7.4.1 to match workbox-cli 2026-05-05 08:31:42 +00:00
renovate[bot] 7ed0e3ecd6 chore(deps): update dev-dependencies 2026-05-05 08:31:42 +00:00
renovate[bot] 55e96018f3 chore(deps): update dev-dependencies 2026-05-04 10:55:46 +00:00
renovate[bot] 0f1bf6fab2 chore(deps): update dev-dependencies 2026-05-04 10:21:25 +00:00
kolaente 9852aff4ee fix(frontend): add postcss-html as explicit devDependency
Stylelint 17.9.0 resolves customSyntax modules relative to the
stylelint package, so the transitive postcss-html pulled in via
stylelint-config-recommended-vue is no longer reachable and lint
fails with "Could not find postcss-html".
2026-04-27 09:22:01 +00:00
renovate[bot] 519b65b96e chore(deps): update dev-dependencies 2026-04-27 09:22:01 +00:00
renovate[bot] 71c2e01366 chore(deps): update dependency caniuse-lite to v1.0.30001790 2026-04-22 10:18:08 +00:00
renovate[bot] 49ac0348e4 chore(deps): update dev-dependencies 2026-04-22 06:31:37 +00:00
renovate[bot] 0b2b5b580d chore(deps): update dev-dependencies 2026-04-21 18:38:21 +00:00
renovate[bot] 9d25864b25 chore(deps): pin dependency otplib to 12.0.1 2026-04-21 11:14:41 +00:00
kolaente 3b7c098c84 test(e2e): add otplib dev dep for TOTP tests 2026-04-21 10:50:09 +00:00
renovate[bot] 73a597345a chore(deps): update dev-dependencies to v4.2.3 2026-04-21 07:41:56 +00:00
renovate[bot] 5a1db90103 chore(deps): update dev-dependencies to v8.59.0 2026-04-20 19:28:55 +00:00
renovate[bot] 326874d94c chore(deps): update dev-dependencies 2026-04-20 06:18:12 +00:00
dependabot[bot] 10ec3b55b0 chore(deps): bump dompurify from 3.3.2 to 3.4.0 in /frontend
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.3.2 to 3.4.0.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.3.2...3.4.0)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-16 13:01:57 +00:00
renovate[bot] 2ae194e943 chore(deps): update dependency postcss to v8.5.10 2026-04-15 16:25:26 +00:00
renovate[bot] 85dbef8330 chore(deps): update dependency stylelint to v17.8.0 2026-04-15 15:49:30 +00:00
kolaente a1fbc277be
fix(deps): patch follow-redirects and basic-ftp security vulnerabilities
Update follow-redirects to 1.16.0 (fixes auth header leak on cross-domain
redirects) and basic-ftp to 5.2.2 (fixes CRLF injection in FTP commands).
2026-04-14 20:49:42 +02:00
renovate[bot] c68649faf4 chore(deps): update dev-dependencies 2026-04-14 10:51:01 +00:00
renovate[bot] a3ac01346a chore(deps): update dev-dependencies 2026-04-13 10:14:34 +00:00
renovate[bot] 160495b84e chore(deps): update dependency stylelint to v17.7.0 2026-04-12 14:42:19 +00:00
renovate[bot] df7a5c645c chore(deps): update dependency wait-on to v9.0.5 2026-04-10 22:57:21 +00:00
dependabot[bot] e8c20b1244 chore(deps): bump axios from 1.13.5 to 1.15.0 in /frontend
Bumps [axios](https://github.com/axios/axios) from 1.13.5 to 1.15.0.
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](https://github.com/axios/axios/compare/v1.13.5...v1.15.0)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.15.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-10 09:58:30 +00:00
kolaente 28b537837f
chore: v2.3.0 release preparations 2026-04-09 20:43:40 +02:00
kolaente 27a88dd17a
fix(deps): bump basic-ftp override to 5.2.1 to patch CRLF injection
Resolves Dependabot alert #183 (high severity): basic-ftp 5.2.0 is
vulnerable to FTP command injection via CRLF. The package is pulled in
as a dev-only transitive dependency by @histoire/plugin-screenshot.
2026-04-09 15:34:00 +02:00
renovate[bot] 4415485675 chore(deps): update dependency vitest to v4.1.4 2026-04-09 08:59:51 +00:00
renovate[bot] e898c01e3d chore(deps): update dev-dependencies 2026-04-08 08:03:18 +00:00
renovate[bot] 11299d773f chore(deps): update dependency vitest to v4.1.3 2026-04-07 13:43:01 +00:00
renovate[bot] 33886d2e3c chore(deps): update dev-dependencies 2026-04-06 16:23:31 +00:00
kolaente 0834d19f9c
feat: remove flexsearch dependency and replace with simple string filtering (#2542) 2026-04-04 21:41:25 +02:00