mirror of
https://github.com/InvoiceShelf/InvoiceShelf.git
synced 2026-07-16 13:55:21 +00:00
npm advisories Dependabot surfaced on 3.x once it scanned the pnpm lock: - marked 18.0.0 -> 18.0.5 (high) - dompurify 3.3.3 -> 3.4.9 (4 advisories) - postcss 8.5.8 -> 8.5.15 (transitive — added a pnpm override, like brace-expansion) Lockfile + version-floor bumps; no app code changes.
15 lines
589 B
YAML
15 lines
589 B
YAML
# Flat, hoisted node_modules (npm/yarn-like) so the migration is a drop-in and
|
|
# transitive packages imported directly (e.g. flatpickr via vue-flatpickr-component)
|
|
# keep resolving. pnpm 11 reads these here, not from .npmrc.
|
|
nodeLinker: hoisted
|
|
|
|
# Build-script allow-listing (replaces package.json "pnpm.onlyBuiltDependencies").
|
|
# vue-demi needs its postinstall to select the Vue 3 entry; it is a trusted Vue-core shim.
|
|
allowBuilds:
|
|
vue-demi: true
|
|
|
|
# Replaces the dead package.json "resolutions" field (npm/pnpm read "overrides").
|
|
overrides:
|
|
brace-expansion: ^5.0.6
|
|
postcss: ^8.5.10
|