Compare commits

..

1 Commits

Author SHA1 Message Date
Savannah Savings ed5ed0a35c fix: update better-auth to 1.6.11 to resolve GHSA-wxw3-q3m9-c3jr
CI / audit (pull_request) Failing after 10s
CI / e2e (pull_request) Successful in 40s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
CI / lighthouse (pull_request) Failing after 1m12s
CI / lint (pull_request) Successful in 14s
CI / test (pull_request) Successful in 12s
Resolves moderate severity OAuth state mismatch vulnerability in better-auth.
Updated package-lock.json to reflect patched transitive dependencies.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-21 19:58:31 +00:00
4 changed files with 859 additions and 811 deletions
+31 -15
View File
@@ -87,17 +87,8 @@ jobs:
npx playwright install --with-deps chromium npx playwright install --with-deps chromium
- name: Start preview server - name: Start preview server
run: | run: |
npm run preview -- --port 4173 & npm run preview &
for i in $(seq 1 30); do npx wait-on http://localhost:4173/ --timeout 30000
if curl -s http://localhost:4173/ > /dev/null 2>&1; then
echo "Server ready on http://localhost:4173/"
exit 0
fi
echo "Waiting for server... ($i/30)"
sleep 2
done
echo "Server failed to start"
exit 1
- name: Run Lighthouse CI - name: Run Lighthouse CI
run: | run: |
CHROME_PATH=$(find /home/runner/.cache/ms-playwright -name chrome -type f 2>/dev/null | head -1) CHROME_PATH=$(find /home/runner/.cache/ms-playwright -name chrome -type f 2>/dev/null | head -1)
@@ -158,7 +149,33 @@ jobs:
type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }} type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }} type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
- name: Build and push Docker image - name: Build Docker image
uses: docker/build-push-action@v6
with:
context: .
load: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
target: prod
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Scan frontend image for vulnerabilities
uses: anchore/scan-action@v5
id: scan
env:
GRYPE_CONFIG: .grype.yaml
with:
image: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}"
fail-build: true
severity-cutoff: high
only-fixed: "true"
output-format: sarif
- name: Push Docker image
if: github.event_name == 'push'
uses: docker/build-push-action@v6 uses: docker/build-push-action@v6
with: with:
context: . context: .
@@ -167,7 +184,6 @@ jobs:
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
target: prod target: prod
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max
- name: Create git tag - name: Create git tag
if: github.event_name == 'push' && github.ref == 'refs/heads/main' if: github.event_name == 'push' && github.ref == 'refs/heads/main'
@@ -184,7 +200,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
repository: cartsnitch/infra repository: cartsnitch/infra
token: ${{ secrets.GITEA_DEPLOY_KEY }} token: ${{ secrets.GITEA_TOKEN }}
ref: main ref: main
path: infra path: infra
@@ -228,7 +244,7 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
repository: cartsnitch/infra repository: cartsnitch/infra
token: ${{ secrets.GITEA_DEPLOY_KEY }} token: ${{ secrets.GITEA_TOKEN }}
ref: main ref: main
path: infra path: infra
+826 -792
View File
File diff suppressed because it is too large Load Diff
+1 -3
View File
@@ -48,12 +48,10 @@
"vitest": "^3.2.4" "vitest": "^3.2.4"
}, },
"overrides": { "overrides": {
"@babel/plugin-transform-modules-systemjs": ">=7.29.4",
"@rollup/pluginutils": "5.3.0", "@rollup/pluginutils": "5.3.0",
"brace-expansion": ">=1.1.15",
"fast-uri": ">=3.1.2",
"flatted": "^3.4.2", "flatted": "^3.4.2",
"serialize-javascript": "7.0.5", "serialize-javascript": "7.0.5",
"brace-expansion": ">=1.1.13",
"lodash": ">=4.17.24", "lodash": ">=4.17.24",
"minimatch": "^10.2.4" "minimatch": "^10.2.4"
} }
+1 -1
View File
@@ -16,7 +16,7 @@ export function VerifyEmail() {
const callbackURL = searchParams.get("callbackURL") || "/"; const callbackURL = searchParams.get("callbackURL") || "/";
if (!token) { if (!token) {
queueMicrotask(() => setStatus("error")); setStatus("error");
return; return;
} }