Barcode Betty 9c15e29aa9 Merge pull request 'ci(auth): add Grype scan step; document provenance/sbom OCI limitation (CAR-1446)' (#53) from dev into uat ...

ci(auth): promote CAR-1446 Grype scan + dep fix to uat (PR #53)

Merges dev→uat: adds Grype supply-chain scan between Build and Push,
documents OCI referrers limitation with HTTP 404 proof, and patches
three HIGH transitive CVEs in better-auth deps (defu, kysely) via
npm overrides.

QA APPROVED (cs_charlie, review 4846). Security reviewed (Stockboy Steve).

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-06-23 03:55:28 +00:00

.gitea

Merge pull request 'ci(auth): add Grype scan step; document provenance/sbom OCI limitation (CAR-1446)' (#53) from dev into uat

2026-06-23 03:55:28 +00:00

src

Add *.farh.net origins back to trustedOrigins

2026-05-25 09:43:43 +00:00

.env.example

feat(auth): enable email verification with Resend

2026-04-15 03:30:44 +00:00

.grype.yaml

Add CI workflow and Grype CVE ignores

2026-04-19 12:57:52 +00:00

.mcp.json

Add .mcp.json

2026-05-25 21:45:18 +00:00

Dockerfile

fix: remediate high-severity CVEs in Docker images

2026-04-14 23:51:42 +00:00

package-lock.json

fix(deps): regenerate lockfile with defu 6.1.7, kysely 0.28.17 (CAR-1446)

2026-06-23 03:43:04 +00:00

package.json

fix(deps): add npm overrides to pin patched versions of defu, kysely, picomatch (CAR-1446)

2026-06-23 03:42:45 +00:00

tsconfig.json

feat: migrate authentication to Better-Auth (Phase 1)

2026-03-28 04:46:10 +00:00

S

Description

CartSnitch auth service — Better-Auth session management

270 KiB

Languages

TypeScript 91%

Dockerfile 9%