mirror of
https://github.com/toeverything/AFFiNE.git
synced 2026-02-04 08:38:34 +00:00
4a943d854e
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@vitest/browser](https://redirect.github.com/vitest-dev/vitest/tree/main/packages/browser#readme) ([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/browser)) | [`3.0.2` -> `3.0.4`](https://renovatebot.com/diffs/npm/@vitest%2fbrowser/3.0.2/3.0.4) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-24963](https://redirect.github.com/vitest-dev/vitest/security/advisories/GHSA-8gvc-j273-4wm5) ### Summary `__screenshot-error` handler on the browser mode HTTP server that responds any file on the file system. Especially if the server is exposed on the network by [`browser.api.host: true`](https://vitest.dev/guide/browser/config.html#browser-api), an attacker can send a request to that handler from remote to get the content of arbitrary files. ### Details This `__screenshot-error` handler on the browser mode HTTP server responds any file on the file system.f17918a799/packages/browser/src/node/plugin.ts (L88-L130)This code was added by2d62051f13. ### PoC 1. Create a directory and change the current directory to that directory 1. Run `npx vitest init browser` 1. Run `npm run test:browser` 2. Run `curl http://localhost:63315/__screenshot-error?file=/path/to/any/file` ### Impact Users explicitly exposing the browser mode server to the network by [`browser.api.host: true`](https://vitest.dev/guide/browser/config.html#browser-api) may get any files exposed. --- ### Release Notes <details> <summary>vitest-dev/vitest (@​vitest/browser)</summary> ### [`v3.0.4`](https://redirect.github.com/vitest-dev/vitest/releases/tag/v3.0.4) [Compare Source](https://redirect.github.com/vitest-dev/vitest/compare/v3.0.3...v3.0.4) ##### 🐞 Bug Fixes - Filter projects eagerly during config resolution - by [@​sheremet-va](https://redirect.github.com/sheremet-va) and [@​AriPerkkio](https://redirect.github.com/AriPerkkio) in [https://github.com/vitest-dev/vitest/issues/7313](https://redirect.github.com/vitest-dev/vitest/issues/7313) [<samp>(dff44)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/dff4406d) - Apply `development|production` condition on Vites 6 by [@​hi-ogawa](https://redirect.github.com/hi-ogawa) and [@​sheremet-va](https://redirect.github.com/sheremet-va) ([#​7301](https://redirect.github.com/vitest-dev/vitest/issues/7301)) [<samp>(ef146)</samp>](ef1464fc7b) - **browser**: Restrict served files from `/__screenshot-error` - by [@​hi-ogawa](https://redirect.github.com/hi-ogawa) in [https://github.com/vitest-dev/vitest/issues/7340](https://redirect.github.com/vitest-dev/vitest/issues/7340) [<samp>(ed9ae)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/ed9aeba2) - **deps**: Update all non-major dependencies - by [@​sheremet-va](https://redirect.github.com/sheremet-va) in [https://github.com/vitest-dev/vitest/issues/7297](https://redirect.github.com/vitest-dev/vitest/issues/7297) [<samp>(38ea8)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/38ea8eae) - **runner**: Timeout long sync hook - by [@​hi-ogawa](https://redirect.github.com/hi-ogawa) in [https://github.com/vitest-dev/vitest/issues/7289](https://redirect.github.com/vitest-dev/vitest/issues/7289) [<samp>(c60ee)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c60ee27c) - **typechecking**: Support typechecking parsing with Vite 6 - by [@​sheremet-va](https://redirect.github.com/sheremet-va) in [https://github.com/vitest-dev/vitest/issues/7335](https://redirect.github.com/vitest-dev/vitest/issues/7335) [<samp>(bff70)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/bff70be9) - **types**: Fix public types - by [@​mrginglymus](https://redirect.github.com/mrginglymus) and [@​sheremet-va](https://redirect.github.com/sheremet-va) in [https://github.com/vitest-dev/vitest/issues/7328](https://redirect.github.com/vitest-dev/vitest/issues/7328) [<samp>(ce6af)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/ce6af70c) ##### [View changes on GitHub](https://redirect.github.com/vitest-dev/vitest/compare/v3.0.3...v3.0.4) ### [`v3.0.3`](https://redirect.github.com/vitest-dev/vitest/releases/tag/v3.0.3) [Compare Source](https://redirect.github.com/vitest-dev/vitest/compare/v3.0.2...v3.0.3) ##### 🐞 Bug Fixes - **browser**: - Don't throw a validation error if v8 coverage is used with filtered instances - by [@​sheremet-va](https://redirect.github.com/sheremet-va) in [https://github.com/vitest-dev/vitest/issues/7306](https://redirect.github.com/vitest-dev/vitest/issues/7306) [<samp>(fa463)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/fa4634b2) - Don't fail when running --browser.headless if the browser projest is part of the workspace - by [@​sheremet-va](https://redirect.github.com/sheremet-va) in [https://github.com/vitest-dev/vitest/issues/7311](https://redirect.github.com/vitest-dev/vitest/issues/7311) [<samp>(e43a8)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e43a8f56) ##### 🏎 Performance - **reporters**: Update summary only when needed - by [@​AriPerkkio](https://redirect.github.com/AriPerkkio) in [https://github.com/vitest-dev/vitest/issues/7291](https://redirect.github.com/vitest-dev/vitest/issues/7291) [<samp>(7f36b)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7f36b6f9) ##### [View changes on GitHub](https://redirect.github.com/vitest-dev/vitest/compare/v3.0.2...v3.0.3) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNDUuMCIsInVwZGF0ZWRJblZlciI6IjM5LjE0NS4wIiwidGFyZ2V0QnJhbmNoIjoiY2FuYXJ5IiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==-->
160 lines
7.1 KiB
JSON
160 lines
7.1 KiB
JSON
{
|
|
"name": "@affine/monorepo",
|
|
"version": "0.19.0",
|
|
"private": true,
|
|
"author": "toeverything",
|
|
"license": "MIT",
|
|
"workspaces": [
|
|
".",
|
|
"blocksuite/**/*",
|
|
"packages/*/*",
|
|
"packages/frontend/apps/*",
|
|
"tools/*",
|
|
"docs/reference",
|
|
"tools/@types/*",
|
|
"tests/*"
|
|
],
|
|
"engines": {
|
|
"node": "<23.0.0"
|
|
},
|
|
"scripts": {
|
|
"affine": "r affine.ts",
|
|
"af": "r affine.ts",
|
|
"dev": "yarn affine dev",
|
|
"build": "yarn affine build",
|
|
"lint:eslint": "cross-env NODE_OPTIONS=\"--max-old-space-size=8192\" eslint --report-unused-disable-directives-severity=off . --cache",
|
|
"lint:eslint:fix": "yarn lint:eslint --fix --fix-type problem,suggestion,layout",
|
|
"lint:prettier": "prettier --ignore-unknown --cache --check .",
|
|
"lint:prettier:fix": "prettier --ignore-unknown --cache --write .",
|
|
"lint:ox": "oxlint -c oxlint.json --deny-warnings",
|
|
"lint": "yarn lint:eslint && yarn lint:prettier",
|
|
"lint:fix": "yarn lint:eslint:fix && yarn lint:prettier:fix",
|
|
"test": "vitest --run",
|
|
"test:ui": "vitest --ui",
|
|
"test:coverage": "vitest run --coverage",
|
|
"typecheck": "tsc -b tsconfig.json --verbose",
|
|
"postinstall": "yarn affine init && yarn husky"
|
|
},
|
|
"lint-staged": {
|
|
"*": "prettier --write --ignore-unknown --cache",
|
|
"*.{ts,tsx,mjs,js,jsx}": [
|
|
"prettier --ignore-unknown --write",
|
|
"cross-env NODE_OPTIONS=\"--max-old-space-size=8192\" eslint --cache --fix"
|
|
],
|
|
"*.toml": [
|
|
"taplo format"
|
|
],
|
|
"*.rs": [
|
|
"cargo fmt --"
|
|
]
|
|
},
|
|
"devDependencies": {
|
|
"@affine-tools/cli": "workspace:*",
|
|
"@capacitor/cli": "^7.0.0",
|
|
"@eslint/js": "^9.16.0",
|
|
"@faker-js/faker": "^9.3.0",
|
|
"@istanbuljs/schema": "^0.1.3",
|
|
"@magic-works/i18n-codegen": "^0.6.1",
|
|
"@playwright/test": "=1.49.1",
|
|
"@smarttools/eslint-plugin-rxjs": "^1.0.8",
|
|
"@swc/core": "^1.10.1",
|
|
"@taplo/cli": "^0.7.0",
|
|
"@toeverything/infra": "workspace:*",
|
|
"@types/eslint": "^9.6.1",
|
|
"@types/node": "^22.0.0",
|
|
"@typescript-eslint/parser": "^8.18.0",
|
|
"@vanilla-extract/vite-plugin": "^5.0.0",
|
|
"@vitest/browser": "3.0.4",
|
|
"@vitest/coverage-istanbul": "3.0.2",
|
|
"@vitest/ui": "3.0.2",
|
|
"cross-env": "^7.0.3",
|
|
"electron": "^34.0.0",
|
|
"eslint": "^9.16.0",
|
|
"eslint-config-prettier": "^10.0.0",
|
|
"eslint-import-resolver-typescript": "^3.7.0",
|
|
"eslint-plugin-import-x": "^4.5.0",
|
|
"eslint-plugin-react": "^7.37.2",
|
|
"eslint-plugin-react-hooks": "^5.1.0",
|
|
"eslint-plugin-simple-import-sort": "^12.1.1",
|
|
"eslint-plugin-sonarjs": "^3.0.1",
|
|
"eslint-plugin-unicorn": "^56.0.1",
|
|
"happy-dom": "^16.0.0",
|
|
"husky": "^9.1.7",
|
|
"lint-staged": "^15.2.11",
|
|
"msw": "^2.6.8",
|
|
"oxlint": "0.15.9",
|
|
"prettier": "^3.4.2",
|
|
"semver": "^7.6.3",
|
|
"serve": "^14.2.4",
|
|
"typescript": "^5.7.2",
|
|
"typescript-eslint": "^8.18.0",
|
|
"unplugin-swc": "^1.5.1",
|
|
"vite": "^6.0.3",
|
|
"vitest": "3.0.5"
|
|
},
|
|
"packageManager": "yarn@4.6.0",
|
|
"resolutions": {
|
|
"array-buffer-byte-length": "npm:@nolyfill/array-buffer-byte-length@latest",
|
|
"array-includes": "npm:@nolyfill/array-includes@latest",
|
|
"array.prototype.flat": "npm:@nolyfill/array.prototype.flat@latest",
|
|
"array.prototype.flatmap": "npm:@nolyfill/array.prototype.flatmap@latest",
|
|
"array.prototype.tosorted": "npm:@nolyfill/array.prototype.tosorted@latest",
|
|
"arraybuffer.prototype.slice": "npm:@nolyfill/arraybuffer.prototype.slice@latest",
|
|
"asynciterator.prototype": "npm:@nolyfill/asynciterator.prototype@latest",
|
|
"available-typed-arrays": "npm:@nolyfill/available-typed-arrays@latest",
|
|
"deep-equal": "npm:@nolyfill/deep-equal@latest",
|
|
"define-properties": "npm:@nolyfill/define-properties@latest",
|
|
"es-iterator-helpers": "npm:@nolyfill/es-iterator-helpers@latest",
|
|
"es-set-tostringtag": "npm:@nolyfill/es-set-tostringtag@latest",
|
|
"function-bind": "npm:@nolyfill/function-bind@latest",
|
|
"function.prototype.name": "npm:@nolyfill/function.prototype.name@latest",
|
|
"get-symbol-description": "npm:@nolyfill/get-symbol-description@latest",
|
|
"globalthis": "npm:@nolyfill/globalthis@latest",
|
|
"gopd": "npm:@nolyfill/gopd@latest",
|
|
"has": "npm:@nolyfill/has@latest",
|
|
"has-property-descriptors": "npm:@nolyfill/has-property-descriptors@latest",
|
|
"has-proto": "npm:@nolyfill/has-proto@latest",
|
|
"has-symbols": "npm:@nolyfill/has-symbols@latest",
|
|
"has-tostringtag": "npm:@nolyfill/has-tostringtag@latest",
|
|
"is-arguments": "npm:@nolyfill/is-arguments@latest",
|
|
"is-array-buffer": "npm:@nolyfill/is-array-buffer@latest",
|
|
"is-date-object": "npm:@nolyfill/is-date-object@latest",
|
|
"is-generator-function": "npm:@nolyfill/is-generator-function@latest",
|
|
"is-regex": "npm:@nolyfill/is-regex@latest",
|
|
"is-shared-array-buffer": "npm:@nolyfill/is-shared-array-buffer@latest",
|
|
"is-string": "npm:@nolyfill/is-string@latest",
|
|
"is-symbol": "npm:@nolyfill/is-symbol@latest",
|
|
"is-weakref": "npm:@nolyfill/is-weakref@latest",
|
|
"iterator.prototype": "npm:@nolyfill/iterator.prototype@latest",
|
|
"object-is": "npm:@nolyfill/object-is@latest",
|
|
"object-keys": "npm:@nolyfill/object-keys@latest",
|
|
"object.assign": "npm:@nolyfill/object.assign@latest",
|
|
"object.entries": "npm:@nolyfill/object.entries@latest",
|
|
"object.fromentries": "npm:@nolyfill/object.fromentries@latest",
|
|
"object.hasown": "npm:@nolyfill/object.hasown@latest",
|
|
"object.values": "npm:@nolyfill/object.values@latest",
|
|
"reflect.getprototypeof": "npm:@nolyfill/reflect.getprototypeof@latest",
|
|
"regexp.prototype.flags": "npm:@nolyfill/regexp.prototype.flags@latest",
|
|
"safe-array-concat": "npm:@nolyfill/safe-array-concat@latest",
|
|
"safe-regex-test": "npm:@nolyfill/safe-regex-test@latest",
|
|
"side-channel": "npm:@nolyfill/side-channel@latest",
|
|
"string.prototype.matchall": "npm:@nolyfill/string.prototype.matchall@latest",
|
|
"string.prototype.trim": "npm:@nolyfill/string.prototype.trim@latest",
|
|
"string.prototype.trimend": "npm:@nolyfill/string.prototype.trimend@latest",
|
|
"string.prototype.trimstart": "npm:@nolyfill/string.prototype.trimstart@latest",
|
|
"typed-array-buffer": "npm:@nolyfill/typed-array-buffer@latest",
|
|
"typed-array-byte-length": "npm:@nolyfill/typed-array-byte-length@latest",
|
|
"typed-array-byte-offset": "npm:@nolyfill/typed-array-byte-offset@latest",
|
|
"typed-array-length": "npm:@nolyfill/typed-array-length@latest",
|
|
"unbox-primitive": "npm:@nolyfill/unbox-primitive@latest",
|
|
"which-boxed-primitive": "npm:@nolyfill/which-boxed-primitive@latest",
|
|
"which-typed-array": "npm:@nolyfill/which-typed-array@latest",
|
|
"macos-alias": "npm:@napi-rs/macos-alias@0.0.4",
|
|
"fs-xattr": "npm:@napi-rs/xattr@latest",
|
|
"vite": "6.0.9",
|
|
"decode-named-character-reference@npm:^1.0.0": "patch:decode-named-character-reference@npm%3A1.0.2#~/.yarn/patches/decode-named-character-reference-npm-1.0.2-db17a755fd.patch",
|
|
"@atlaskit/pragmatic-drag-and-drop": "patch:@atlaskit/pragmatic-drag-and-drop@npm%3A1.4.0#~/.yarn/patches/@atlaskit-pragmatic-drag-and-drop-npm-1.4.0-75c45f52d3.patch",
|
|
"yjs": "patch:yjs@npm%3A13.6.21#~/.yarn/patches/yjs-npm-13.6.21-c9f1f3397c.patch"
|
|
}
|
|
}
|