sharang
c051ae0626
trivy fs scan failed the M0.2 CI gate on the skeleton commit because
next 15.0.3 has 9 known vulns (CRITICAL CVE-2025-29927 auth bypass in
middleware, plus 7 HIGH advisories). 16.2.6 is current latest and
covers every fixed-version range trivy listed.
Side effects of the major bump:
- next 16 dropped 'next lint' — switched the lint script to call eslint
directly ('eslint . --max-warnings 0').
- eslint-config-next 16 ships flat-config exports natively, so
eslint.config.mjs imports core-web-vitals + typescript directly
(no FlatCompat shim, no @eslint/eslintrc dep).
- Typed vi.fn<typeof fetch>() in tenant-registry.test to satisfy
stricter tuple inference under the new types.
All 4 gates green locally:
pnpm lint / typecheck / test --coverage (100% on src/lib) / build
Refs: M5.1 (skeleton)
30 lines
840 B
Markdown
30 lines
840 B
Markdown
# Changelog
|
|
|
|
All notable changes to this repo. Format: [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
|
Generated section is appended on release tag via `git-cliff` (see `.gitea/workflows/release.yaml`).
|
|
|
|
## [Unreleased]
|
|
|
|
### Added
|
|
- chore(deps): bump next + eslint-config-next to 16.2.6 to clear trivy CVEs (CVE-2025-29927 critical + 7 highs in next 15.0.3)
|
|
- feat(app): Next.js 16 + Auth.js v5 skeleton with host→slug middleware, tenant context layout, OIDC sign-in flow
|
|
-
|
|
|
|
### Changed
|
|
- chore(domain): yourplatform.com → breakpilot.com
|
|
-
|
|
|
|
### Fixed
|
|
- ci: rework workflow for Gitea Actions (bash commitlint, inline gitleaks binary, per-stack jobs gated on real code)
|
|
-
|
|
|
|
### Removed
|
|
-
|
|
|
|
### Security
|
|
-
|
|
|
|
---
|
|
|
|
<!-- Released versions appear below this line, newest first. Don't edit by hand once the release workflow has run. -->
|