Skip to content

Sub categories fixes#26

Merged
florianjs merged 4 commits into
florianjs:mainfrom
Dim145:sub-categories-fix
Jan 8, 2026
Merged

Sub categories fixes#26
florianjs merged 4 commits into
florianjs:mainfrom
Dim145:sub-categories-fix

Conversation

@Dim145

@Dim145 Dim145 commented Jan 7, 2026

Copy link
Copy Markdown
Contributor

fix for #24

@florianjs
florianjs merged commit 25d58b3 into florianjs:main Jan 8, 2026
Dim145 added a commit to Dim145/opentracker that referenced this pull request Jun 20, 2026
…itor, nuxt

- nodemailer 8.0.7 -> ^8.0.9 (resolves 8.0.11): CRLF injection in List-* header
  comments (GHSA-268h-hp4c-crq3) + jsonTransport bypasses disableFileAccess /
  disableUrlAccess (GHSA-wqvq-jvpq-h66f), both medium. Alerts florianjs#27, florianjs#28.
- dompurify -> ^3.4.9 pnpm override (resolves 3.4.11; transitive via
  isomorphic-dompurify): multiple IN_PLACE / Trusted-Types / template
  sanitization bypasses (medium/low). Alerts florianjs#19-florianjs#25 (incl. florianjs#22, whose
  vulnerable range <=3.4.6 is below 3.4.11).
- launch-editor -> ^2.14.1 pnpm override (transitive): NTLMv2 hash disclosure
  via UNC path handling on Windows (GHSA-v6wh-96g9-6wx3, medium). Alert florianjs#26.
- nuxt 4.4.6 -> ^4.4.7 (resolves 4.4.8): dev server discloses project absolute
  path + workspace UUID via /.well-known (GHSA-rq7w-g337-39qq, low). Alert florianjs#18.

Regenerated pnpm-lock.yaml. Verified resolved: nodemailer 8.0.11, dompurify
3.4.11, launch-editor 2.14.1, nuxt 4.4.8. Nitro build + vitest (31 unit, 7
integration) green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants