Files
InvoiceShelf/pnpm-workspace.yaml
Darko Gjorgjijoski c13aba948d fix(deps): bump marked, dompurify, postcss to patched versions (#680)
npm advisories Dependabot surfaced on 3.x once it scanned the pnpm lock:
- marked 18.0.0 -> 18.0.5 (high)
- dompurify 3.3.3 -> 3.4.9 (4 advisories)
- postcss 8.5.8 -> 8.5.15 (transitive — added a pnpm override, like brace-expansion)

Lockfile + version-floor bumps; no app code changes.
2026-06-12 14:22:29 +02:00

15 lines
589 B
YAML

# Flat, hoisted node_modules (npm/yarn-like) so the migration is a drop-in and
# transitive packages imported directly (e.g. flatpickr via vue-flatpickr-component)
# keep resolving. pnpm 11 reads these here, not from .npmrc.
nodeLinker: hoisted
# Build-script allow-listing (replaces package.json "pnpm.onlyBuiltDependencies").
# vue-demi needs its postinstall to select the Vue 3 entry; it is a trusted Vue-core shim.
allowBuilds:
vue-demi: true
# Replaces the dead package.json "resolutions" field (npm/pnpm read "overrides").
overrides:
brace-expansion: ^5.0.6
postcss: ^8.5.10