From f68f3d21243f197f27923935eeea1ee1c72f02fb Mon Sep 17 00:00:00 2001 From: Kevin Date: Fri, 16 Jan 2026 20:45:33 -0800 Subject: [PATCH 1/4] picomatch --- package-lock.json | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/package-lock.json b/package-lock.json index 11b8d5d..577f017 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3674,6 +3674,21 @@ } } }, + "node_modules/svelte-check/node_modules/picomatch": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", + "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", + "dev": true, + "license": "MIT", + "optional": true, + "peer": true, + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, "node_modules/svelte-eslint-parser": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/svelte-eslint-parser/-/svelte-eslint-parser-1.4.0.tgz", From 483f04b6123e3b714f88288aced4f5a4da3598fd Mon Sep 17 00:00:00 2001 From: Kevin Date: Fri, 16 Jan 2026 20:49:50 -0800 Subject: [PATCH 2/4] npm ci once again --- .github/workflows/static.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index 1db6783..6e13325 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -1,7 +1,8 @@ name: Deploy SvelteKit to GitHub Pages on: - workflow_dispatch: # allows manual trigger + push: + branches: [main] permissions: contents: read @@ -21,9 +22,10 @@ jobs: - uses: actions/setup-node@v4 with: node-version-file: .nvmrc + cache: npm # cache node_modules for faster builds - name: Install dependencies - run: npm i + run: npm ci # install dependencies using lock file # Build the SvelteKit project - name: Build project From 6427831633436b25b844466071ceec89416b7781 Mon Sep 17 00:00:00 2001 From: Kevin Date: Sat, 17 Jan 2026 10:02:59 -0800 Subject: [PATCH 3/4] run tests and npm audit as part of build --- .github/workflows/static.yml | 9 +++++++++ README.md | 6 ++++-- playwright.config.ts | 11 ++++++----- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index 6e13325..57a170f 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -27,6 +27,15 @@ jobs: - name: Install dependencies run: npm ci # install dependencies using lock file + - name: Security audit + run: npm audit --audit-level=high # low and moderate vulnerabilities wont fail CI + + - name: Install Playwright browsers for e2e tests + run: npx playwright install --with-deps + + - name: Run tests + run: npm test + # Build the SvelteKit project - name: Build project run: npm run build diff --git a/README.md b/README.md index 67b78e1..e7e8794 100644 --- a/README.md +++ b/README.md @@ -58,8 +58,10 @@ There is a variety of reusable components in `./src/lib/components/*.svelte` There are automated tests using Playwright. -- run this the first time, to install Playwright dependencies: `npx playwright install` -- `npm run test` to run tests +Don't run local stack (`npm run dev`), the test runner will start a dev server. + +- **first time only** install Playwright dependencies: `npx playwright install` +- `npm run test` ## Production build diff --git a/playwright.config.ts b/playwright.config.ts index e6dce8f..7436353 100644 --- a/playwright.config.ts +++ b/playwright.config.ts @@ -1,12 +1,13 @@ import { defineConfig } from '@playwright/test'; export default defineConfig({ - // webServer: { - // command: 'npm run build && npm run preview', - // port: 4173 - // }, + webServer: { + command: 'npm run build && npm run preview', + port: 4173, + reuseExistingServer: false + }, use: { - baseURL: "http://localhost:5173" + baseURL: 'http://localhost:4173' }, testDir: 'e2e' }); From d52887c75483f33cfdd4e996e50b9bdf04b816dc Mon Sep 17 00:00:00 2001 From: Kevin Date: Sat, 17 Jan 2026 10:03:07 -0800 Subject: [PATCH 4/4] npm audit fix --- package-lock.json | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index 577f017..6086f88 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1196,9 +1196,9 @@ } }, "node_modules/@sveltejs/kit": { - "version": "2.49.2", - "resolved": "https://registry.npmjs.org/@sveltejs/kit/-/kit-2.49.2.tgz", - "integrity": "sha512-Vp3zX/qlwerQmHMP6x0Ry1oY7eKKRcOWGc2P59srOp4zcqyn+etJyQpELgOi4+ZSUgteX8Y387NuwruLgGXLUQ==", + "version": "2.50.0", + "resolved": "https://registry.npmjs.org/@sveltejs/kit/-/kit-2.50.0.tgz", + "integrity": "sha512-Hj8sR8O27p2zshFEIJzsvfhLzxga/hWw6tRLnBjMYw70m1aS9BSYCqAUtzDBjRREtX1EvLMYgaC0mYE3Hz4KWA==", "dev": true, "license": "MIT", "dependencies": { @@ -1207,7 +1207,7 @@ "@types/cookie": "^0.6.0", "acorn": "^8.14.1", "cookie": "^0.6.0", - "devalue": "^5.3.2", + "devalue": "^5.6.2", "esm-env": "^1.2.2", "kleur": "^4.1.5", "magic-string": "^0.30.5", @@ -1226,11 +1226,15 @@ "@opentelemetry/api": "^1.0.0", "@sveltejs/vite-plugin-svelte": "^3.0.0 || ^4.0.0-next.1 || ^5.0.0 || ^6.0.0-next.0", "svelte": "^4.0.0 || ^5.0.0-next.0", + "typescript": "^5.3.3", "vite": "^5.0.3 || ^6.0.0 || ^7.0.0-beta.0" }, "peerDependenciesMeta": { "@opentelemetry/api": { "optional": true + }, + "typescript": { + "optional": true } } }, @@ -1897,9 +1901,9 @@ } }, "node_modules/devalue": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/devalue/-/devalue-5.5.0.tgz", - "integrity": "sha512-69sM5yrHfFLJt0AZ9QqZXGCPfJ7fQjvpln3Rq5+PS03LD32Ost1Q9N+eEnaQwGRIriKkMImXD56ocjQmfjbV3w==", + "version": "5.6.2", + "resolved": "https://registry.npmjs.org/devalue/-/devalue-5.6.2.tgz", + "integrity": "sha512-nPRkjWzzDQlsejL1WVifk5rvcFi/y1onBRxjaFMjZeR9mFpqu2gmAZ9xUB9/IEanEP/vBtGeGganC/GO1fmufg==", "dev": true, "license": "MIT" },