Barcode Betty
1bce947cb7
CI / test (pull_request) Successful in 11s
CI / audit (pull_request) Successful in 11s
CI / e2e (pull_request) Has been cancelled
CI / lint (pull_request) Has been cancelled
CI / deploy-dev (pull_request) Has been cancelled
CI / deploy-uat (pull_request) Has been cancelled
CI / build-and-push (pull_request) Has been cancelled
The audit job runs `npm audit --audit-level=high` after `npm ci`. Vitest 3.0.0-3.2.4 carries a critical CVE (GHSA-5xrq-8626-4rwp, CVSS 9.8) in the UI server that allows arbitrary file read and execute. The fix ships in 3.2.6 and is a patch release (no breaking changes), so the existing vitest API surface (vi.mock, vi.useFakeTimers, vi.setSystemTime) is unchanged. The audit failure is unrelated to the REGISTRY_TOKEN fix in this PR (CAR-1147) but the audit gate runs on every PR and blocks this one. The vitest bump is the smallest possible fix. Refs CAR-1335, CAR-1147. Co-Authored-By: Paperclip <noreply@paperclip.ing>
61 lines
1.6 KiB
JSON
61 lines
1.6 KiB
JSON
{
|
|
"name": "cartsnitch",
|
|
"private": true,
|
|
"version": "0.1.0",
|
|
"type": "module",
|
|
"scripts": {
|
|
"dev": "vite",
|
|
"build": "tsc -b && vite build",
|
|
"lint": "eslint .",
|
|
"preview": "vite preview",
|
|
"test": "NODE_ENV=test vitest run",
|
|
"test:watch": "NODE_ENV=test vitest",
|
|
"test:e2e": "npx playwright test"
|
|
},
|
|
"dependencies": {
|
|
"@tanstack/react-query": "^5.0.0",
|
|
"better-auth": "^1.2.0",
|
|
"picomatch": "4.0.4",
|
|
"react": "^18.3.1",
|
|
"react-dom": "^18.3.1",
|
|
"react-router-dom": "^7.0.0",
|
|
"recharts": "^3.8.0",
|
|
"zustand": "^5.0.0"
|
|
},
|
|
"devDependencies": {
|
|
"@axe-core/playwright": "^4.10.0",
|
|
"@eslint/js": "^9.39.4",
|
|
"@playwright/test": "^1.58.2",
|
|
"@tailwindcss/vite": "^4.0.0",
|
|
"@testing-library/jest-dom": "^6.6.3",
|
|
"@testing-library/react": "^16.3.2",
|
|
"@types/node": "^24.12.0",
|
|
"@types/react": "^18.3.28",
|
|
"@types/react-dom": "^18.3.7",
|
|
"@vitejs/plugin-react": "^4.7.0",
|
|
"eslint": "^9.39.4",
|
|
"eslint-plugin-react-hooks": "^7.0.1",
|
|
"eslint-plugin-react-refresh": "^0.5.2",
|
|
"globals": "^17.4.0",
|
|
"jsdom": "^25.0.1",
|
|
"msw": "^2.12.14",
|
|
"playwright": "^1.58.2",
|
|
"tailwindcss": "^4.0.0",
|
|
"typescript": "^5.7.3",
|
|
"typescript-eslint": "^8.56.1",
|
|
"vite": "^6.4.2",
|
|
"vite-plugin-pwa": "^0.21.2",
|
|
"vitest": "^3.2.6"
|
|
},
|
|
"overrides": {
|
|
"@babel/plugin-transform-modules-systemjs": ">=7.29.4",
|
|
"@rollup/pluginutils": "5.3.0",
|
|
"brace-expansion": ">=1.1.15",
|
|
"fast-uri": ">=3.1.2",
|
|
"flatted": "^3.4.2",
|
|
"serialize-javascript": "7.0.5",
|
|
"lodash": ">=4.17.24",
|
|
"minimatch": "^10.2.4"
|
|
}
|
|
}
|