renovate[bot]
49ac0348e4
chore(deps): update dev-dependencies
2026-04-22 06:31:37 +00:00
renovate[bot]
0b2b5b580d
chore(deps): update dev-dependencies
2026-04-21 18:38:21 +00:00
renovate[bot]
9d25864b25
chore(deps): pin dependency otplib to 12.0.1
2026-04-21 11:14:41 +00:00
kolaente
3b7c098c84
test(e2e): add otplib dev dep for TOTP tests
2026-04-21 10:50:09 +00:00
renovate[bot]
73a597345a
chore(deps): update dev-dependencies to v4.2.3
2026-04-21 07:41:56 +00:00
renovate[bot]
5a1db90103
chore(deps): update dev-dependencies to v8.59.0
2026-04-20 19:28:55 +00:00
renovate[bot]
326874d94c
chore(deps): update dev-dependencies
2026-04-20 06:18:12 +00:00
dependabot[bot]
10ec3b55b0
chore(deps): bump dompurify from 3.3.2 to 3.4.0 in /frontend
...
Bumps [dompurify](https://github.com/cure53/DOMPurify ) from 3.3.2 to 3.4.0.
- [Release notes](https://github.com/cure53/DOMPurify/releases )
- [Commits](https://github.com/cure53/DOMPurify/compare/3.3.2...3.4.0 )
---
updated-dependencies:
- dependency-name: dompurify
dependency-version: 3.4.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-04-16 13:01:57 +00:00
renovate[bot]
2ae194e943
chore(deps): update dependency postcss to v8.5.10
2026-04-15 16:25:26 +00:00
renovate[bot]
85dbef8330
chore(deps): update dependency stylelint to v17.8.0
2026-04-15 15:49:30 +00:00
kolaente
a1fbc277be
fix(deps): patch follow-redirects and basic-ftp security vulnerabilities
...
Update follow-redirects to 1.16.0 (fixes auth header leak on cross-domain
redirects) and basic-ftp to 5.2.2 (fixes CRLF injection in FTP commands).
2026-04-14 20:49:42 +02:00
renovate[bot]
c68649faf4
chore(deps): update dev-dependencies
2026-04-14 10:51:01 +00:00
renovate[bot]
a3ac01346a
chore(deps): update dev-dependencies
2026-04-13 10:14:34 +00:00
renovate[bot]
160495b84e
chore(deps): update dependency stylelint to v17.7.0
2026-04-12 14:42:19 +00:00
renovate[bot]
df7a5c645c
chore(deps): update dependency wait-on to v9.0.5
2026-04-10 22:57:21 +00:00
dependabot[bot]
e8c20b1244
chore(deps): bump axios from 1.13.5 to 1.15.0 in /frontend
...
Bumps [axios](https://github.com/axios/axios ) from 1.13.5 to 1.15.0.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.13.5...v1.15.0 )
---
updated-dependencies:
- dependency-name: axios
dependency-version: 1.15.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-04-10 09:58:30 +00:00
kolaente
27a88dd17a
fix(deps): bump basic-ftp override to 5.2.1 to patch CRLF injection
...
Resolves Dependabot alert #183 (high severity): basic-ftp 5.2.0 is
vulnerable to FTP command injection via CRLF. The package is pulled in
as a dev-only transitive dependency by @histoire/plugin-screenshot.
2026-04-09 15:34:00 +02:00
renovate[bot]
4415485675
chore(deps): update dependency vitest to v4.1.4
2026-04-09 08:59:51 +00:00
renovate[bot]
e898c01e3d
chore(deps): update dev-dependencies
2026-04-08 08:03:18 +00:00
kolaente
8a8d187065
chore(frontend): deduplicate pnpm dependencies
2026-04-07 14:22:04 +00:00
renovate[bot]
11299d773f
chore(deps): update dependency vitest to v4.1.3
2026-04-07 13:43:01 +00:00
kolaente
b20df2ef63
fix(deps): update brace-expansion to 5.0.5
...
Fixes zero-step sequence causing process hang and memory
exhaustion (Dependabot #168 ).
2026-04-07 15:39:33 +02:00
kolaente
efc9b41349
fix(deps): update lodash to 4.18.1
...
Fixes code injection via _.template (Dependabot #176 , #178 ) and
prototype pollution via _.unset/_.omit (Dependabot #175 , #177 ).
2026-04-07 15:38:52 +02:00
kolaente
f40eddd4e3
fix(deps): update defu to 6.1.7
...
Fixes prototype pollution via __proto__ key (Dependabot #180 ).
2026-04-07 15:38:17 +02:00
renovate[bot]
33886d2e3c
chore(deps): update dev-dependencies
2026-04-06 16:23:31 +00:00
kolaente
0834d19f9c
feat: remove flexsearch dependency and replace with simple string filtering ( #2542 )
2026-04-04 21:41:25 +02:00
renovate[bot]
33d607714d
chore(deps): update dependency caniuse-lite to v1.0.30001785
2026-04-04 18:38:07 +00:00
renovate[bot]
12ba9ff985
chore(deps): update dev-dependencies
2026-04-03 17:52:24 +00:00
renovate[bot]
ea54f3eb85
chore(deps): update dependency ws to v8.20.0
2026-04-03 16:57:34 +00:00
renovate[bot]
b69564a77c
chore(deps): pin dependencies
2026-04-03 16:16:07 +00:00
kolaente
4cd79088d1
test: add WebSocket e2e tests
...
Add comprehensive end-to-end tests for the WebSocket system:
- Protocol tests: auth (valid/invalid token, timeout, double auth),
subscriptions (valid/invalid event, auth required, unsubscribe),
message delivery (notification on team add, doer exclusion,
multi-connection)
- Frontend integration tests: notification badge update, dropdown
rendering, and logout cleanup via browser-level Playwright tests
- Comment notification test: full flow where user B mentions user A
in a task comment and user A receives real-time WebSocket notification
Includes ws test dependency, shared test helper utilities, and
cascade-truncation of notifications when truncating users to prevent
test pollution.
2026-04-02 16:30:23 +00:00
renovate[bot]
d73222e4a7
chore(deps): update dependency esbuild to v0.27.5
2026-04-02 08:23:19 +00:00
renovate[bot]
59ebfa3b2c
chore(deps): update dependency caniuse-lite to v1.0.30001784
2026-04-01 09:17:36 +00:00
renovate[bot]
020aa899f8
chore(deps): update dependency browserslist to v4.28.2
2026-03-31 21:21:12 +00:00
renovate[bot]
167380a01e
chore(deps): update dependency @typescript-eslint/parser to v8.58.0
2026-03-30 20:13:08 +00:00
renovate[bot]
1a3a18e42b
chore(deps): update dependency @typescript-eslint/eslint-plugin to v8.58.0
2026-03-30 19:12:16 +00:00
renovate[bot]
1c0513de10
chore(deps): update dev-dependencies
2026-03-30 10:24:04 +00:00
dependabot[bot]
21a450b21f
chore(deps): bump serialize-javascript from 7.0.3 to 7.0.5 in /frontend
...
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript ) from 7.0.3 to 7.0.5.
- [Release notes](https://github.com/yahoo/serialize-javascript/releases )
- [Commits](https://github.com/yahoo/serialize-javascript/compare/v7.0.3...v7.0.5 )
---
updated-dependencies:
- dependency-name: serialize-javascript
dependency-version: 7.0.5
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-03-28 23:35:34 +00:00
renovate[bot]
8d958aef62
chore(deps): update dev-dependencies
2026-03-27 23:06:28 +00:00
renovate[bot]
9d8c6a0a72
chore(deps): update dev-dependencies
2026-03-26 09:02:42 +00:00
kolaente
98ac119f44
fix(deps): update yaml to fix stack overflow vulnerability
...
Updates yaml from 2.5.0 to 2.8.3 in the frontend workspace to
address stack overflow via deeply nested YAML collections.
2026-03-25 23:33:56 +01:00
kolaente
d60e2f6685
fix(deps): update picomatch to fix ReDoS and method injection vulnerabilities
...
Updates picomatch to 2.3.2 and 4.0.4 in the frontend workspace to
address CVE for ReDoS via extglob quantifiers and method injection
in POSIX character classes.
2026-03-25 23:31:28 +01:00
renovate[bot]
4b16d72e28
chore(deps): update dev-dependencies
2026-03-24 15:14:31 +00:00
renovate[bot]
2c1104ca86
chore(deps): update dev-dependencies to v8.57.2
2026-03-23 18:30:13 +00:00
renovate[bot]
36bd716e04
chore(deps): update dev-dependencies
2026-03-23 16:33:59 +00:00
kolaente
1d45b385a5
fix(deps): update flatted to 3.4.2 to fix prototype pollution vulnerability
2026-03-23 12:53:13 +01:00
renovate[bot]
8bf450b98f
chore(deps): update dependency caniuse-lite to v1.0.30001781
2026-03-23 10:28:55 +00:00
renovate[bot]
79f807f4c2
chore(deps): update dependency rollup to v4.60.0
2026-03-22 14:23:41 +00:00
renovate[bot]
9c3fa8e91b
chore(deps): update dependency stylelint to v17.5.0
2026-03-20 10:17:24 +01:00
renovate[bot]
aed93b9389
chore(deps): update dev-dependencies to v4.2.2
2026-03-18 17:57:57 +01:00