mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-07-09 16:00:59 +00:00
Bump vite ^6.4.2 to ^6.4.3 and pin patched transitives via overrides
(@babel/core ^7.29.6, js-yaml ^4.2.0). Clears 4 Dependabot alerts (2 high,
1 medium, 1 low). npm audit reports 0 vulnerabilities; npm ci, vite build,
vitest (6830 tests), and bundlesize all green.
Also gitignore stray pnpm artifacts. npm is canonical here (CI and the
production Dockerfile both use npm ci from package-lock.json); nothing
consumes pnpm. The unused pnpm-lock.yaml and pnpm-workspace.yaml were
removed separately this cycle and only ever produced Dependabot noise (13
alerts). Ignoring them stops the pair creeping back in, as happened after
the earlier cac5be2ca removal.
37 lines
No EOL
511 B
Text
37 lines
No EOL
511 B
Text
# Dependencies
|
|
node_modules
|
|
.pnp
|
|
.pnp.js
|
|
|
|
# pnpm is not used here — npm is canonical (see package-lock.json). Keep stray
|
|
# pnpm artifacts out of the tree so they don't drift or spawn Dependabot noise.
|
|
pnpm-lock.yaml
|
|
pnpm-workspace.yaml
|
|
|
|
# Testing
|
|
coverage
|
|
|
|
# Production
|
|
dist
|
|
dist-ssr
|
|
*.local
|
|
|
|
# Editor directories and files
|
|
.vscode/*
|
|
!.vscode/extensions.json
|
|
.idea
|
|
.DS_Store
|
|
*.suo
|
|
*.ntvs*
|
|
*.njsproj
|
|
*.sln
|
|
*.sw?
|
|
|
|
# Logs
|
|
logs
|
|
*.log
|
|
npm-debug.log*
|
|
yarn-debug.log*
|
|
yarn-error.log*
|
|
pnpm-debug.log*
|
|
lerna-debug.log* |