renovate[bot]
7d1372ece3
chore(deps): update dev-dependencies
2026-05-27 21:18:08 +00:00
kolaente
7be5026113
fix(deps): bump tmp to >=0.2.6 to fix path traversal vulnerability
...
Adds a pnpm override for `tmp` in both the `frontend` and `desktop`
workspaces to force the patched version (0.2.6). The previous transitive
resolutions (`tmp@0.0.33` via external-editor in frontend, `tmp@0.2.3`
via tmp-promise in desktop) are vulnerable to a path traversal via
unsanitized prefix/postfix that enables directory escape.
Addresses Dependabot alerts #234 (desktop) and #235 (frontend).
2026-05-27 11:09:20 +02:00
renovate[bot]
dc85d2e3cb
chore(deps): update dev-dependencies
2026-05-26 18:36:03 +00:00
kolaente
46dbeb5784
feat(editor): preserve comment-id on blockquotes
...
Extend the default Blockquote with a `commentId` attribute that
round-trips through HTML as `data-comment-id`. This single attribute
is the canonical record of a reply: it survives TipTap serialize /
parse so the backend listener and the in-app renderer can both find
the parent comment without a separate schema field.
2026-05-20 21:02:14 +00:00
kolaente
1fd1427fed
fix(deps): bump postcss to >=8.5.10 to fix XSS via unescaped </style>
...
Adds a pnpm override to force postcss to a patched version (>=8.5.10),
removing the vulnerable postcss@7.0.39 pulled in transitively by
postcss-easing-gradients. Resolves GHSA / Dependabot alert #197 .
2026-05-19 16:58:25 +02:00
kolaente
a5dc85b5d3
fix(deps): bump ip-address to 10.2.0
...
Adds a pnpm override to pull ip-address >=10.1.1, resolving the XSS
vulnerability in Address6 HTML-emitting methods (GHSA, dev-only
transitive dependency via puppeteer/socks).
2026-05-19 16:56:07 +02:00
renovate[bot]
faeeebe661
chore(deps): update dev-dependencies to v8.59.4
2026-05-18 19:01:32 +00:00
renovate[bot]
ad457488fd
chore(deps): update dependency vue-tsc to v3.3.0
2026-05-18 18:13:13 +00:00
renovate[bot]
d4e186a024
chore(deps): update dependency caniuse-lite to v1.0.30001793
2026-05-17 14:51:39 +00:00
renovate[bot]
c371ca7196
chore(deps): update dev-dependencies
2026-05-15 13:57:32 +00:00
renovate[bot]
7caaa9a16a
chore(deps): update dev-dependencies
2026-05-15 10:28:16 +00:00
renovate[bot]
57a0b8fee4
chore(deps): update dev-dependencies to v4.3.0
2026-05-11 21:21:39 +00:00
renovate[bot]
572edd431d
chore(deps): update dev-dependencies
2026-05-11 06:05:06 +00:00
renovate[bot]
812fa11b9b
chore(deps): update dependency vite to v7.3.3
2026-05-07 07:38:48 +00:00
dependabot[bot]
fc9a9a6c71
chore(deps): bump axios from 1.15.0 to 1.15.2 in /frontend
...
Bumps [axios](https://github.com/axios/axios ) from 1.15.0 to 1.15.2.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.15.0...v1.15.2 )
---
updated-dependencies:
- dependency-name: axios
dependency-version: 1.15.2
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-06 12:37:48 +00:00
renovate[bot]
4754230ef0
chore(deps): update dev-dependencies
2026-05-06 12:37:26 +00:00
kolaente
926e163089
chore(deps): bump workbox-precaching to 7.4.1 to match workbox-cli
2026-05-05 08:31:42 +00:00
renovate[bot]
7ed0e3ecd6
chore(deps): update dev-dependencies
2026-05-05 08:31:42 +00:00
renovate[bot]
55e96018f3
chore(deps): update dev-dependencies
2026-05-04 10:55:46 +00:00
renovate[bot]
0f1bf6fab2
chore(deps): update dev-dependencies
2026-05-04 10:21:25 +00:00
kolaente
9852aff4ee
fix(frontend): add postcss-html as explicit devDependency
...
Stylelint 17.9.0 resolves customSyntax modules relative to the
stylelint package, so the transitive postcss-html pulled in via
stylelint-config-recommended-vue is no longer reachable and lint
fails with "Could not find postcss-html".
2026-04-27 09:22:01 +00:00
renovate[bot]
519b65b96e
chore(deps): update dev-dependencies
2026-04-27 09:22:01 +00:00
renovate[bot]
71c2e01366
chore(deps): update dependency caniuse-lite to v1.0.30001790
2026-04-22 10:18:08 +00:00
renovate[bot]
49ac0348e4
chore(deps): update dev-dependencies
2026-04-22 06:31:37 +00:00
renovate[bot]
0b2b5b580d
chore(deps): update dev-dependencies
2026-04-21 18:38:21 +00:00
renovate[bot]
9d25864b25
chore(deps): pin dependency otplib to 12.0.1
2026-04-21 11:14:41 +00:00
kolaente
3b7c098c84
test(e2e): add otplib dev dep for TOTP tests
2026-04-21 10:50:09 +00:00
renovate[bot]
73a597345a
chore(deps): update dev-dependencies to v4.2.3
2026-04-21 07:41:56 +00:00
renovate[bot]
5a1db90103
chore(deps): update dev-dependencies to v8.59.0
2026-04-20 19:28:55 +00:00
renovate[bot]
326874d94c
chore(deps): update dev-dependencies
2026-04-20 06:18:12 +00:00
dependabot[bot]
10ec3b55b0
chore(deps): bump dompurify from 3.3.2 to 3.4.0 in /frontend
...
Bumps [dompurify](https://github.com/cure53/DOMPurify ) from 3.3.2 to 3.4.0.
- [Release notes](https://github.com/cure53/DOMPurify/releases )
- [Commits](https://github.com/cure53/DOMPurify/compare/3.3.2...3.4.0 )
---
updated-dependencies:
- dependency-name: dompurify
dependency-version: 3.4.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-04-16 13:01:57 +00:00
renovate[bot]
2ae194e943
chore(deps): update dependency postcss to v8.5.10
2026-04-15 16:25:26 +00:00
renovate[bot]
85dbef8330
chore(deps): update dependency stylelint to v17.8.0
2026-04-15 15:49:30 +00:00
kolaente
a1fbc277be
fix(deps): patch follow-redirects and basic-ftp security vulnerabilities
...
Update follow-redirects to 1.16.0 (fixes auth header leak on cross-domain
redirects) and basic-ftp to 5.2.2 (fixes CRLF injection in FTP commands).
2026-04-14 20:49:42 +02:00
renovate[bot]
c68649faf4
chore(deps): update dev-dependencies
2026-04-14 10:51:01 +00:00
renovate[bot]
a3ac01346a
chore(deps): update dev-dependencies
2026-04-13 10:14:34 +00:00
renovate[bot]
160495b84e
chore(deps): update dependency stylelint to v17.7.0
2026-04-12 14:42:19 +00:00
renovate[bot]
df7a5c645c
chore(deps): update dependency wait-on to v9.0.5
2026-04-10 22:57:21 +00:00
dependabot[bot]
e8c20b1244
chore(deps): bump axios from 1.13.5 to 1.15.0 in /frontend
...
Bumps [axios](https://github.com/axios/axios ) from 1.13.5 to 1.15.0.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.13.5...v1.15.0 )
---
updated-dependencies:
- dependency-name: axios
dependency-version: 1.15.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-04-10 09:58:30 +00:00
kolaente
28b537837f
chore: v2.3.0 release preparations
2026-04-09 20:43:40 +02:00
kolaente
27a88dd17a
fix(deps): bump basic-ftp override to 5.2.1 to patch CRLF injection
...
Resolves Dependabot alert #183 (high severity): basic-ftp 5.2.0 is
vulnerable to FTP command injection via CRLF. The package is pulled in
as a dev-only transitive dependency by @histoire/plugin-screenshot.
2026-04-09 15:34:00 +02:00
renovate[bot]
4415485675
chore(deps): update dependency vitest to v4.1.4
2026-04-09 08:59:51 +00:00
renovate[bot]
e898c01e3d
chore(deps): update dev-dependencies
2026-04-08 08:03:18 +00:00
renovate[bot]
11299d773f
chore(deps): update dependency vitest to v4.1.3
2026-04-07 13:43:01 +00:00
renovate[bot]
33886d2e3c
chore(deps): update dev-dependencies
2026-04-06 16:23:31 +00:00
kolaente
0834d19f9c
feat: remove flexsearch dependency and replace with simple string filtering ( #2542 )
2026-04-04 21:41:25 +02:00
renovate[bot]
33d607714d
chore(deps): update dependency caniuse-lite to v1.0.30001785
2026-04-04 18:38:07 +00:00
renovate[bot]
12ba9ff985
chore(deps): update dev-dependencies
2026-04-03 17:52:24 +00:00
renovate[bot]
ea54f3eb85
chore(deps): update dependency ws to v8.20.0
2026-04-03 16:57:34 +00:00
renovate[bot]
b69564a77c
chore(deps): pin dependencies
2026-04-03 16:16:07 +00:00