Barcode Betty 6722b0e796 fix(deps): add npm overrides to pin patched versions of defu, kysely, picomatch (CAR-1446) ...

Grype found 3 HIGH-severity CVEs in transitive npm deps that npm audit
missed (different advisory DB):
- GHSA-737v-mqg7-c878: defu 6.1.4 → 6.1.5+
- GHSA-pv5w-4p9q-p3v2: kysely 0.28.14 → 0.28.17
- GHSA-c2c7-rcm5-vvqj: picomatch 4.0.3 → 4.0.4

All three are transitive deps of better-auth. Adding npm overrides
forces the patched versions. Grype scan passes at --fail-on high
after these overrides are applied.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-06-23 03:42:45 +00:00

.gitea/workflows

ci(auth): update CAR-1446 comment with empirical OCI referrers proof

2026-06-23 02:50:37 +00:00

src

Add *.farh.net origins back to trustedOrigins

2026-05-25 09:43:43 +00:00

.env.example

feat(auth): enable email verification with Resend

2026-04-15 03:30:44 +00:00

.grype.yaml

Add CI workflow and Grype CVE ignores

2026-04-19 12:57:52 +00:00

.mcp.json

Add .mcp.json

2026-05-25 21:45:18 +00:00

Dockerfile

fix: remediate high-severity CVEs in Docker images

2026-04-14 23:51:42 +00:00

package-lock.json

feat(auth): enable email verification with Resend

2026-04-15 03:30:44 +00:00

package.json

fix(deps): add npm overrides to pin patched versions of defu, kysely, picomatch (CAR-1446)

2026-06-23 03:42:45 +00:00

tsconfig.json

feat: migrate authentication to Better-Auth (Phase 1)

2026-03-28 04:46:10 +00:00

S

Description

CartSnitch auth service — Better-Auth session management

109 KiB

Languages

TypeScript 90.9%

Dockerfile 9.1%