Fix Dependabot alert #94 (LOW):
- @eslint/plugin-kit vulnerability: Regular Expression Denial of Service
through ConfigCommentParser
- Updated from 0.2.8 (vulnerable) to 0.5.1 via pnpm/npm overrides
Build verified successful. All tests pass.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix Dependabot alert #76 (MEDIUM):
- esbuild vulnerability: allows any website to send requests to
development server and read responses
- Updated from 0.21.5 (vulnerable) to 0.27.2 via pnpm/npm overrides
Build verified successful. All tests pass.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Changes:
- Added npm "overrides" section to package.json alongside existing pnpm overrides
- Generated and tracked package-lock.json with security fixes applied
- Removed web/package-lock.json from .gitignore to support npm users
- Both npm and pnpm now enforce secure dependency versions
This enables developers to use either pnpm or npm while maintaining
consistent security posture across both package managers.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add greybeard_secure_prompt_engineer pattern to create secure system prompts
- Update pattern explanations and renumber existing entries
- Refactor build process to use npm hooks for copying JSON files
- Remove manual web static file copying from extract script
- Update .gitignore to exclude generated data and tmp directories
- Modify suggest_pattern categories to include new security pattern
- Delete redundant web static data file, rely on build hooks
- Upgrade `pdfjs-dist` to v5 with new engine requirement
- Dynamically import PDF.js to avoid SSR import-time crashes
- Configure PDF worker via CDN using runtime PDF.js version
- Update PDF conversion pipeline to use lazy initialization
- Guard chat message localStorage persistence behind browser checks
- Reformat ChatService with consistent imports and typings
- Bump `patch-package` and refresh pnpm lock dependency graph
- Add `skeletonlabs` to VSCode spellcheck dictionary
### CHANGES
- Update Vite to version 5.4.20
- Update Rollup to version 4.50.1
- Add `@eslint-community/eslint-utils` version 4.9.0
- Update `@humanfs/node` to version 0.16.7
- Update `@humanwhocodes/retry` to version 0.4.3
- Update Rollup platform-specific packages to 4.50.1
- Add `@rollup/rollup-openharmony-arm64` version 4.50.1
- Closes Dependabot PR https://github.com/danielmiessler/Fabric/pull/1763
### CHANGES
- Add `.browserslistrc` to define target browser versions.
- Upgrade `pdfjs-dist` dependency from v2.16 to v4.2.67.
- Upgrade `nanoid` dependency from v4.0.2 to v5.0.9.
- Introduce `pdf-config.ts` for centralized PDF.js worker setup.
- Refactor `PdfConversionService` to use new PDF worker configuration.
- Add static `pdf.worker.min.mjs` to serve PDF.js worker.
- Update Vite configuration for ESNext build target and PDF.js.
