sharang
c051ae0626
trivy fs scan failed the M0.2 CI gate on the skeleton commit because
next 15.0.3 has 9 known vulns (CRITICAL CVE-2025-29927 auth bypass in
middleware, plus 7 HIGH advisories). 16.2.6 is current latest and
covers every fixed-version range trivy listed.
Side effects of the major bump:
- next 16 dropped 'next lint' — switched the lint script to call eslint
directly ('eslint . --max-warnings 0').
- eslint-config-next 16 ships flat-config exports natively, so
eslint.config.mjs imports core-web-vitals + typescript directly
(no FlatCompat shim, no @eslint/eslintrc dep).
- Typed vi.fn<typeof fetch>() in tenant-registry.test to satisfy
stricter tuple inference under the new types.
All 4 gates green locally:
pnpm lint / typecheck / test --coverage (100% on src/lib) / build
Refs: M5.1 (skeleton)
36 lines
883 B
JSON
36 lines
883 B
JSON
{
|
|
"name": "@breakpilot/portal",
|
|
"version": "0.0.0",
|
|
"private": true,
|
|
"description": "Customer-facing portal + platform-staff backstage. Next.js + Auth.js v5.",
|
|
"license": "UNLICENSED",
|
|
"engines": {
|
|
"node": ">=20",
|
|
"pnpm": ">=9"
|
|
},
|
|
"scripts": {
|
|
"dev": "next dev --port 3000",
|
|
"build": "next build",
|
|
"start": "next start --port 3000",
|
|
"lint": "eslint . --max-warnings 0",
|
|
"typecheck": "tsc --noEmit",
|
|
"test": "vitest run --coverage"
|
|
},
|
|
"dependencies": {
|
|
"next": "16.2.6",
|
|
"next-auth": "5.0.0-beta.25",
|
|
"react": "19.0.0",
|
|
"react-dom": "19.0.0"
|
|
},
|
|
"devDependencies": {
|
|
"@types/node": "20.16.10",
|
|
"@types/react": "19.0.1",
|
|
"@types/react-dom": "19.0.1",
|
|
"@vitest/coverage-v8": "2.1.8",
|
|
"eslint": "9.15.0",
|
|
"eslint-config-next": "16.2.6",
|
|
"typescript": "5.7.2",
|
|
"vitest": "2.1.8"
|
|
}
|
|
}
|