forked from molecule-ai/molecule-core
6365e94213
Closes the medium-severity dependabot alert on canvas/package-lock.json. Upstream advisory GHSA-qx2v-qp2m-jg93: "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output" — fixed in 8.5.10. We pull 8.5.12 since it's already published in the ^8.5.10 line. package.json's caret range bumps from ^8.4.0 to ^8.5.12 — wider floor prevents a future install from re-pinning below the safe version. The 8.x major-line constraint is preserved, so no breaking-change risk. Verification: full canvas vitest suite passes (1148/1148 across 78 files). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
48 lines
1.3 KiB
JSON
48 lines
1.3 KiB
JSON
{
|
|
"name": "molecule-monorepo-canvas",
|
|
"version": "0.1.0",
|
|
"private": true,
|
|
"scripts": {
|
|
"dev": "next dev --turbopack -p 3000",
|
|
"build": "next build",
|
|
"start": "next start",
|
|
"lint": "next lint",
|
|
"test": "vitest run",
|
|
"test:coverage": "vitest run --coverage"
|
|
},
|
|
"dependencies": {
|
|
"@radix-ui/react-alert-dialog": "^1.1.15",
|
|
"@radix-ui/react-dialog": "^1.1.15",
|
|
"@radix-ui/react-tabs": "^1.1.12",
|
|
"@radix-ui/react-tooltip": "^1.1.14",
|
|
"@tailwindcss/typography": "^0.5.19",
|
|
"@xterm/addon-fit": "^0.11.0",
|
|
"@xyflow/react": "^12.4.0",
|
|
"clsx": "^2.1.1",
|
|
"next": "^15.1.0",
|
|
"react": "^19.0.0",
|
|
"react-dom": "^19.0.0",
|
|
"react-markdown": "^10.1.0",
|
|
"remark-gfm": "^4.0.1",
|
|
"tailwind-merge": "^3.5.0",
|
|
"xterm": "^5.3.0",
|
|
"zustand": "^5.0.0"
|
|
},
|
|
"devDependencies": {
|
|
"@playwright/test": "^1.59.1",
|
|
"@testing-library/jest-dom": "^6.6.0",
|
|
"@testing-library/react": "^16.1.0",
|
|
"@types/node": "^22.0.0",
|
|
"@types/react": "^19.0.0",
|
|
"@types/react-dom": "^19.0.0",
|
|
"@vitejs/plugin-react": "^6.0.1",
|
|
"@vitest/coverage-v8": "^4.1.5",
|
|
"autoprefixer": "^10.4.0",
|
|
"jsdom": "^25.0.0",
|
|
"postcss": "^8.5.12",
|
|
"tailwindcss": "^3.4.0",
|
|
"typescript": "^5.7.0",
|
|
"vitest": "^4.1.2"
|
|
}
|
|
}
|