صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
wiki
/
weseek__growi
mirrorاز https://github.com/weseek/growi
2
0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی
درخت: v7.5.5
شاخه‌ها تگ‌ها
weseek__growi
/
pnpm-workspace.yaml

pnpm-workspace.yaml 2.3 KB
لینک دائمی تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 
  1. packages:
    2. 

  2.   - 'apps/*'
    3. 

  3.   - 'packages/*'
    4. 

  4. 

  5. overrides:
    6. 

  6.   # flat v6 is provided only by ESM, but @lykmapipo/common requires CommonJS version
    7. 

  7.   '@lykmapipo/common>flat': 5.0.2
    8. 

  8.   # mime v4 is provided only by ESM, but @lykmapipo/common requires CommonJS version
    9. 

  9.   '@lykmapipo/common>mime': 3.0.0
    10. 

  10.   # parse-json v6 is provided only by ESM, but @lykmapipo/common requires CommonJS version
    11. 

  11.   '@lykmapipo/common>parse-json': 5.2.0
    12. 

  12.   # CVE-2025-XXXXX: CRLF Injection + Prototype Pollution combo leads to HTTP Request Smuggling (CVSS 10.0).
    13. 

  13.   # All versions < 1.15.0 are vulnerable.
    14. 

  14.   axios: ^1.15.0
    15. 

  15.   # Dedupe @codemirror/commands to a single version. <= 6.10.2 has a bug where
    16. 

  16.   # Shift+Arrow selection gets stuck on soft-wrapped lines (growilabs/growi#11093);
    17. 

  17.   # fixed in 6.10.3. Without this, transitive consumers (@uiw/*, codemirror) keep
    18. 

  18.   # pulling 6.8.0 alongside our direct 6.10.3.
    19. 

  19.   '@codemirror/commands': ^6.10.3
    20. 

  20. 

  21. packageExtensions:
    22. 

  22.   # @orval/core bundles @stoplight/json-ref-resolver which requires lodash/get at runtime,
    23. 

  23.   # but @orval/core does not declare lodash as a dependency.
    24. 

  24.   '@orval/core':
    25. 

  25.     dependencies:
    26. 

  26.       lodash: '*'
    27. 

  27. 

  28. patchedDependencies:
    29. 

  29.   # The patch excludes mathjax-full from the dependency graph of Marp Core.
    30. 

  30.   '@marp-team/marp-core': packages/presentation/patches/@marp-team__marp-core.patch
    31. 

  31. 

  32. # pnpm v11+ unified allowlist: true=run install scripts, false=skip them.
    33. 

  33. # Migrated from onlyBuiltDependencies (true) and ignoredBuiltDependencies (false).
    34. 

  34. allowBuilds:
    35. 

  35.   lefthook: true
    36. 

  36.   '@swc/core': false
    37. 

  37.   core-js: false
    38. 

  38.   esbuild: false
    39. 

  39.   leveldown: false
    40. 

  40.   protobufjs: false
    41. 

  41.   puppeteer: false
    42. 

  42.   ttf2woff2: false
    43. 

  43.   # Prisma: apps/app's `postinstall: prisma generate` covers the work that these
    44. 

  44.   # packages' install scripts would do. In particular, `prisma generate` itself
    45. 

  45.   # downloads the engine binary on demand (verified by removing
    46. 

  46.   # libquery_engine-*.so.node and re-running `prisma generate` — the binary is
    47. 

  47.   # restored byte-for-byte), so `@prisma/engines`' postinstall is redundant here.
    48. 

  48.   '@prisma/client': false
    49. 

  49.   '@prisma/engines': false
    50. 

  50.   prisma: false
    51. 

  51.   # sharp ships platform-specific prebuilt binaries via optional dependencies
    52. 

  52.   # (e.g. @img/sharp-linux-x64, @img/sharp-libvips-linux-x64), so its install
    53. 

  53.   # script (which would build libvips from source as a fallback) is not needed.
    54. 

  54.   sharp: false
    55.