Make build pass on Node 24 and reduce npm audit surface
Build fixes: - tsconfig.json: moduleResolution "node" → "bundler" (resolves node-diff3 v3.2.0 exports-only package); add "es2021" to lib for AggregateError - webpack.config.js: NormalModuleReplacementPlugin to strip "node:" URI prefix so resolve.fallback browserify shims apply - Remove "aggregate-error" import in src/main.ts, src/fsS3.ts, pro/src/sync.ts — use native global AggregateError (Node 15+, Electron 98+, both satisfied by Obsidian runtime) - .gitignore: ignore *.main.js webpack chunks Audit reduction (22 → 4 low): - Remove npm-check-updates devDep (use `npx ncu` ad-hoc) — kills 15 vulns from transitive cacache/sigstore/tar/pacote chain - Pin to versions ≥ 30 days old (supply-chain hygiene): @types/node 24.12.2, c8 11.0.0, mocha 11.7.5, esbuild 0.28.0, crypto-browserify 3.12.1 - package.json overrides: elliptic@6.6.1, diff@9.0.0, serialize-javascript@7.0.5 to push transitive fixes - Remaining 4 lows are all elliptic (advisory marks all versions vulnerable; no upstream fix available)
This commit is contained in:
Bruno Miiller
parent
87059c37a0
commit
6a6f192942
1
.gitignore
vendored
1
.gitignore
vendored
@ -8,6 +8,7 @@ pnpm-lock.yaml
|
|||||||
|
|
||||||
# build
|
# build
|
||||||
main.js
|
main.js
|
||||||
|
*.main.js
|
||||||
*.js.map
|
*.js.map
|
||||||
|
|
||||||
# obsidian
|
# obsidian
|
||||||
|
|||||||
4512
package-lock.json
generated
4512
package-lock.json
generated
File diff suppressed because it is too large
Load Diff
17
package.json
17
package.json
@ -26,12 +26,17 @@
|
|||||||
"vm": false
|
"vm": false
|
||||||
},
|
},
|
||||||
"source": "main.ts",
|
"source": "main.ts",
|
||||||
|
"overrides": {
|
||||||
|
"elliptic": "6.6.1",
|
||||||
|
"diff": "9.0.0",
|
||||||
|
"serialize-javascript": "7.0.5"
|
||||||
|
},
|
||||||
"keywords": [],
|
"keywords": [],
|
||||||
"author": "",
|
"author": "",
|
||||||
"license": "SEE LICENSE IN LICENSE",
|
"license": "SEE LICENSE IN LICENSE",
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"@biomejs/biome": "1.8.3",
|
"@biomejs/biome": "1.8.3",
|
||||||
"c8": "^10.1.3",
|
"c8": "11.0.0",
|
||||||
"@microsoft/microsoft-graph-types": "^2.40.0",
|
"@microsoft/microsoft-graph-types": "^2.40.0",
|
||||||
"@types/chai": "^4.3.16",
|
"@types/chai": "^4.3.16",
|
||||||
"@types/chai-as-promised": "^7.1.8",
|
"@types/chai-as-promised": "^7.1.8",
|
||||||
@ -40,16 +45,15 @@
|
|||||||
"@types/mime-types": "^2.1.4",
|
"@types/mime-types": "^2.1.4",
|
||||||
"@types/mocha": "^10.0.7",
|
"@types/mocha": "^10.0.7",
|
||||||
"@types/mustache": "^4.2.5",
|
"@types/mustache": "^4.2.5",
|
||||||
"@types/node": "^20.14.12",
|
"@types/node": "24.12.2",
|
||||||
"@types/qrcode": "^1.5.5",
|
"@types/qrcode": "^1.5.5",
|
||||||
"builtin-modules": "^4.0.0",
|
"builtin-modules": "^4.0.0",
|
||||||
"cross-env": "^7.0.3",
|
"cross-env": "^7.0.3",
|
||||||
"dotenv": "^16.4.5",
|
"dotenv": "^16.4.5",
|
||||||
"esbuild": "^0.23.0",
|
"esbuild": "0.28.0",
|
||||||
"esbuild-plugin-inline-worker": "^0.1.1",
|
"esbuild-plugin-inline-worker": "^0.1.1",
|
||||||
"jsdom": "^24.1.1",
|
"jsdom": "^24.1.1",
|
||||||
"mocha": "^10.7.0",
|
"mocha": "11.7.5",
|
||||||
"npm-check-updates": "^16.14.20",
|
|
||||||
"obsidian": "^1.5.7",
|
"obsidian": "^1.5.7",
|
||||||
"openapi-typescript": "^7.1.0",
|
"openapi-typescript": "^7.1.0",
|
||||||
"ts-loader": "^9.5.1",
|
"ts-loader": "^9.5.1",
|
||||||
@ -76,12 +80,11 @@
|
|||||||
"@smithy/protocol-http": "^4.1.0",
|
"@smithy/protocol-http": "^4.1.0",
|
||||||
"@smithy/querystring-builder": "^3.0.3",
|
"@smithy/querystring-builder": "^3.0.3",
|
||||||
"acorn": "^8.12.1",
|
"acorn": "^8.12.1",
|
||||||
"aggregate-error": "^5.0.0",
|
|
||||||
"assert": "^2.1.0",
|
"assert": "^2.1.0",
|
||||||
"aws-crt": "^1.21.3",
|
"aws-crt": "^1.21.3",
|
||||||
"box-typescript-sdk-gen": "^1.3.0",
|
"box-typescript-sdk-gen": "^1.3.0",
|
||||||
"buffer": "^6.0.3",
|
"buffer": "^6.0.3",
|
||||||
"crypto-browserify": "^3.12.0",
|
"crypto-browserify": "3.12.1",
|
||||||
"dropbox": "^10.34.0",
|
"dropbox": "^10.34.0",
|
||||||
"emoji-regex": "^10.3.0",
|
"emoji-regex": "^10.3.0",
|
||||||
"http-status-codes": "^2.3.0",
|
"http-status-codes": "^2.3.0",
|
||||||
|
|||||||
@ -1,5 +1,3 @@
|
|||||||
// biome-ignore lint/suspicious/noShadowRestrictedNames: <explanation>
|
|
||||||
import AggregateError from "aggregate-error";
|
|
||||||
import PQueue from "p-queue";
|
import PQueue from "p-queue";
|
||||||
import XRegExp from "xregexp";
|
import XRegExp from "xregexp";
|
||||||
import type {
|
import type {
|
||||||
|
|||||||
@ -22,8 +22,6 @@ import {
|
|||||||
import { requestTimeout } from "@smithy/fetch-http-handler/dist-es/request-timeout";
|
import { requestTimeout } from "@smithy/fetch-http-handler/dist-es/request-timeout";
|
||||||
import { type HttpRequest, HttpResponse } from "@smithy/protocol-http";
|
import { type HttpRequest, HttpResponse } from "@smithy/protocol-http";
|
||||||
import { buildQueryString } from "@smithy/querystring-builder";
|
import { buildQueryString } from "@smithy/querystring-builder";
|
||||||
// biome-ignore lint/suspicious/noShadowRestrictedNames: <explanation>
|
|
||||||
import AggregateError from "aggregate-error";
|
|
||||||
import * as mime from "mime-types";
|
import * as mime from "mime-types";
|
||||||
import { Platform, type RequestUrlParam, requestUrl } from "obsidian";
|
import { Platform, type RequestUrlParam, requestUrl } from "obsidian";
|
||||||
import PQueue from "p-queue";
|
import PQueue from "p-queue";
|
||||||
|
|||||||
@ -1,5 +1,3 @@
|
|||||||
// biome-ignore lint/suspicious/noShadowRestrictedNames: <explanation>
|
|
||||||
import AggregateError from "aggregate-error";
|
|
||||||
import cloneDeep from "lodash/cloneDeep";
|
import cloneDeep from "lodash/cloneDeep";
|
||||||
import throttle from "lodash/throttle";
|
import throttle from "lodash/throttle";
|
||||||
import { FileText, RefreshCcw, RotateCcw, createElement } from "lucide";
|
import { FileText, RefreshCcw, RotateCcw, createElement } from "lucide";
|
||||||
|
|||||||
@ -8,13 +8,13 @@
|
|||||||
"strict": true,
|
"strict": true,
|
||||||
"allowJs": true,
|
"allowJs": true,
|
||||||
"noImplicitAny": true,
|
"noImplicitAny": true,
|
||||||
"moduleResolution": "node",
|
"moduleResolution": "bundler",
|
||||||
// "allowSyntheticDefaultImports": true,
|
// "allowSyntheticDefaultImports": true,
|
||||||
"resolveJsonModule": true,
|
"resolveJsonModule": true,
|
||||||
"esModuleInterop": true,
|
"esModuleInterop": true,
|
||||||
"importHelpers": true,
|
"importHelpers": true,
|
||||||
"isolatedModules": true,
|
"isolatedModules": true,
|
||||||
"lib": ["dom", "es5", "scripthost", "es2015", "webworker"]
|
"lib": ["dom", "es5", "scripthost", "es2015", "es2021", "webworker"]
|
||||||
},
|
},
|
||||||
"include": ["src/global.d.ts", "**/*.ts"]
|
"include": ["src/global.d.ts", "**/*.ts"]
|
||||||
}
|
}
|
||||||
|
|||||||
@ -65,6 +65,11 @@ module.exports = {
|
|||||||
new webpack.ProvidePlugin({
|
new webpack.ProvidePlugin({
|
||||||
process: "process/browser",
|
process: "process/browser",
|
||||||
}),
|
}),
|
||||||
|
// Strip `node:` URI prefix so resolve.fallback (browserify shims) applies.
|
||||||
|
// Required because some deps (AWS smithy, glob, ...) use `node:url` etc.
|
||||||
|
new webpack.NormalModuleReplacementPlugin(/^node:/, (resource) => {
|
||||||
|
resource.request = resource.request.replace(/^node:/, "");
|
||||||
|
}),
|
||||||
],
|
],
|
||||||
module: {
|
module: {
|
||||||
rules: [
|
rules: [
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user