fix: script portability and npm security updates
Scripts: - stop.sh: replace Linux-only fuser with cross-platform lsof fallback - start.sh: parameterize port (APP_PORT) and container name (dynamic lookup) - app-dev-start.sh: cross-platform stat (GNU -c / BSD -f) and setpriv/su fallback - deploy-compose.sh: parameterize Docker registry via DOCKER_REGISTRY env var - harden-postgres.sh: make DB_USER and DB_NAME configurable via env vars NPM security: - next: 15.5.12 → 15.5.15 (fixes HTTP request smuggling CVE) - nodemailer: 8.0.1 → 8.0.5 (fixes SMTP command injection CVEs) - lodash-es: add pnpm override to force >=4.18.0 (fixes code injection + prototype pollution) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -18,7 +18,7 @@
|
||||
"@capakraken/db": "workspace:*",
|
||||
"@capakraken/engine": "workspace:*",
|
||||
"@capakraken/shared": "workspace:*",
|
||||
"@dnd-kit/core": "^6.3.1",
|
||||
"@dnd-kit/core": "^6.3.1",
|
||||
"@dnd-kit/sortable": "^10.0.0",
|
||||
"@dnd-kit/utilities": "^3.2.2",
|
||||
"@node-rs/argon2": "^2.0.2",
|
||||
@@ -34,7 +34,7 @@
|
||||
"dompurify": "^3.3.3",
|
||||
"exceljs": "^4.4.0",
|
||||
"framer-motion": "^12.38.0",
|
||||
"next": "^15.1.7",
|
||||
"next": "^15.5.15",
|
||||
"next-auth": "^5.0.0-beta.25",
|
||||
"otpauth": "^9.5.0",
|
||||
"qrcode": "^1.5.4",
|
||||
|
||||
Reference in New Issue
Block a user