Simon/romm
1
0
Fork 0
mirror of https://github.com/rommapp/romm.git synced 2026-06-28 14:56:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7d4579540825e42c03bd5f66d080e8ccd42e904e
romm/frontend/package.json
Claude 23dbffd17a fix(deps): bump dependencies to patch reported vulnerabilities 
Address vulnerabilities flagged by the security scanner:

Backend (pyproject.toml / uv.lock):
- cryptography 46.0.5 -> 49.0.0 (CVE-2026-39892, memory buffer)
- mako 1.3.10 -> 1.3.12 (CVE-2026-41205/44307, path traversal)
- gunicorn 23.0.0 -> 26.0.0 (HTTP request smuggling hardening)
- yarl 1.20.1 -> 1.24.2 (SSRF via host parsing)

Frontend (package.json / package-lock.json):
- axios ^1.16.0 -> ^1.18.1 (sensitive data exposure)
- form-data pinned to ^4.0.6 via override (CVE-2026-12143, CRLF injection)

starlette is already on 1.0.1, which is the patched release for the
BadHost advisory (CVE-2026-48710), so no change is needed there.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W5nnYmsCNdUjNpuwRxqUiR
2026-06-24 17:45:22 +00:00

106 lines
3.0 KiB
JSON
Raw Blame History

{
"name": "romm",
"private": true,
"version": "0.0.1",
"author": "Zurdi <https://github.com/zurdi15>",
"description": "A beautiful, powerful, self-hosted ROM manager",
"license": "AGPL-3.0-only",
"homepage": "https://github.com/rommapp/romm",
"repository": {
"type": "git",
"url": "git+github.com/rommapp/romm.git"
},
"bugs": {
"url": "https://github.com/rommapp/romm/issues"
},
"keywords": [
"rom",
"manager",
"emulation"
],
"type": "module",
"scripts": {
"build:tokens": "tsx scripts/build-tokens.ts",
"predev": "npm run build:tokens",
"prebuild": "npm run build:tokens",
"dev": "vite --host",
"build": "vite build",
"preview": "vite preview",
"typecheck": "vue-tsc --noEmit",
"generate": "openapi --input http://127.0.0.1:3000/openapi.json --output ./src/__generated__ --client axios --useOptions --useUnionTypes --exportServices false --exportSchemas false --exportCore false",
"test": "vitest run",
"test:watch": "vitest",
"test:ui": "vitest --ui",
"storybook": "storybook dev -p 6006",
"storybook:build": "storybook build",
"storybook:test": "vitest run test/storybook.test.ts"
},
"dependencies": {
"@floating-ui/vue": "^1.1.11",
"@mdi/font": "7.4.47",
"@vueuse/core": "^13.7.0",
"axios": "^1.18.1",
"bowser": "^2.14.1",
"cronstrue": "^2.57.0",
"date-fns": "^4.1.0",
"js-cookie": "^3.0.7",
"lodash": "^4.18.1",
"md-editor-v3": "^5.8.4",
"mitt": "^3.0.1",
"pinia": "^3.0.1",
"qrcode": "^1.5.4",
"semver": "^7.6.2",
"socket.io-client": "^4.7.5",
"tailwindcss": "^4.0.0",
"vanilla-tilt": "^1.8.1",
"vue": "^3.4.27",
"vue-i18n": "^11.1.10",
"vue-router": "^4.3.2",
"vue3-pdf-app": "^1.0.3",
"vuetify": "^3.9.2"
},
"devDependencies": {
"@eslint/js": "^10.0.1",
"@storybook/addon-a11y": "^10.2.19",
"@storybook/addon-docs": "^10.2.19",
"@storybook/addon-themes": "^10.2.19",
"@storybook/vue3-vite": "^10.2.19",
"@tailwindcss/vite": "^4.3.1",
"@types/js-cookie": "^3.0.6",
"@types/lodash": "^4.17.16",
"@types/node": "^22.13.14",
"@types/qrcode": "^1.5.5",
"@types/semver": "^7.7.0",
"@vitejs/plugin-vue": "^6.0.7",
"@vitest/ui": "^4.1.5",
"@vue/test-utils": "^2.4.9",
"@vue/tsconfig": "^0.7.0",
"eslint": "^10.0.3",
"eslint-plugin-vue": "^10.8.0",
"eslint-plugin-vuejs-accessibility": "^2.5.0",
"globals": "^16.0.0",
"happy-dom": "^20.9.0",
"openapi-typescript-codegen": "^0.29.0",
"storybook": "^10.2.19",
"tsx": "^4.21.0",
"typescript": "^5.7.3",
"typescript-eslint": "^8.56.1",
"vite": "^8.0.16",
"vite-plugin-mkcert": "^1.17.8",
"vite-plugin-pwa": "^1.3.0",
"vite-plugin-vuetify": "^2.0.4",
"vitest": "^4.1.5",
"vue-tsc": "^2.2.8"
},
"overrides": {
"rolldown": "1.0.1",
"esbuild": "^0.28.1",
"form-data": "^4.0.6"
},
"engines": {
"node": "24",
"npm": ">=11.10"
},
"packageManager": "npm@11.13.0"
}
Reference in New Issue View Git Blame Copy Permalink