forked from microsoft/FluidFramework
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpackage.json
More file actions
124 lines (124 loc) · 5.06 KB
/
package.json
File metadata and controls
124 lines (124 loc) · 5.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
{
"name": "historian-release-group-root",
"version": "0.0.1",
"private": true,
"homepage": "https://fluidframework.com",
"repository": {
"type": "git",
"url": "https://github.com/microsoft/FluidFramework.git",
"directory": "server/historian"
},
"license": "MIT",
"author": "Microsoft and contributors",
"scripts": {
"build": "npm run build:compile && npm run lint",
"build:compile": "pnpm run -r --stream build:compile",
"build:docker": "docker build . --build-context root=../..",
"ci:build": "pnpm run -r --stream build:compile",
"ci:eslint": "pnpm run -r --no-sort --stream --no-bail eslint",
"clean": "rimraf --glob dist \"**/*.tsbuildinfo\" \"**/*.build.log\"",
"format": "npm run prettier:fix",
"preinstall": "node scripts/only-pnpm.cjs",
"lint": "npm run prettier && npm run ci:eslint",
"lint:fix": "npm run prettier:fix && pnpm run -r --stream --no-sort lint:fix",
"policy-check": "cd ../.. && npm run policy-check",
"policy-check:asserts": "cd ../.. && npm run policy-check:asserts",
"policy-check:fix": "cd ../.. && npm run policy-check:fix",
"prettier": "prettier --check . --cache --ignore-path ./.prettierignore",
"prettier:fix": "prettier --write . --cache --ignore-path ./.prettierignore",
"start": "node packages/historian/dist/www.js",
"test": "pnpm run -r --stream --no-bail --no-sort test",
"tsc": "pnpm run -r --stream tsc"
},
"c8": {
"all": true,
"cache-dir": "nyc/.cache",
"exclude": [],
"include": [],
"report-dir": "nyc/report",
"reporter": [
"cobertura",
"html",
"text"
],
"temp-directory": "nyc/.nyc_output"
},
"devDependencies": {
"@fluid-tools/build-cli": "^0.64.0",
"@fluidframework/build-common": "^2.0.3",
"@fluidframework/build-tools": "^0.64.0",
"@fluidframework/eslint-config-fluid": "^9.0.0",
"@types/compression": "0.0.36",
"@types/cors": "^2.8.4",
"@types/debug": "^4.1.5",
"@types/lodash": "^4.14.119",
"@types/nconf": "0.0.37",
"@types/redis": "^2.8.10",
"@types/supertest": "^2.0.7",
"async": "^3.2.2",
"eslint": "~9.39.2",
"jiti": "^2.6.1",
"prettier": "~3.0.3",
"rimraf": "^6.1.3",
"run-script-os": "^1.1.5",
"supertest": "^3.3.0",
"typescript": "~5.1.6"
},
"packageManager": "pnpm@10.33.0+sha512.10568bb4a6afb58c9eb3630da90cc9516417abebd3fabbe6739f0ae795728da1491e9db5a544c76ad8eb7570f5c4bb3d6c637b2cb41bfdcdb47fa823c8649319",
"pnpm": {
"commentsOverrides": [
"sharp <0.32.6 has a vulnerability that Component Governance flags (https://github.com/advisories/GHSA-54xq-cgqr-rpm3). It's a transitive dependency through jssm-viz-cli, which hasn't updated to a version with the fix",
"mongodb>@aws-sdk/credential-providers: not needed and brings in a large transitive dependency tree (including fast-xml-parser). Dropped with '-'.",
"oclif includes some AWS-related features, but we don't use them, so we drop those dependencies with '-'. This helps reduce lockfile churn since the deps release very frequently.",
"eslint is overridden to v9 for flat config support across all packages",
"qs: overridden to ^6.15.0 to resolve a known vulnerability in older versions.",
"js-yaml: overridden to fix a known vulnerability (prototype pollution via merge keys).",
"simple-git: overridden to ^3.32.3 to resolve a CG alert.",
"diff: overridden to patched versions to resolve a known ReDoS vulnerability. diff@7.x has no fix so it is bumped to 8.0.3.",
"tar: overridden to ^7.5.11 to resolve multiple security vulnerabilities in tar 6.x (EOL, no backport).",
"minimatch: overridden to patched versions to resolve known security vulnerabilities across all major version ranges.",
"serialize-javascript: overridden to ^7.0.4 to resolve GHSA-5c6j-r48x-rmvq. No 6.x fix exists; 7.x is API-compatible (only drops Node <20 support).",
"express: overridden to ^4.22.1 to resolve a known vulnerability in express 4.21.2.",
"picomatch: overridden to patched versions to resolve a known security vulnerability.",
"zookeeper: pinned to 7.x since earlier versions fail to compile on Node 22 due to deprecated NAN APIs, and may be brought in transitively."
],
"overrides": {
"express@>=4 <5": "^4.22.1",
"diff@>=5 <6": "^5.2.2",
"diff@>=7 <8": "^8.0.3",
"diff@>=8 <9": "^8.0.3",
"@types/node": "~22.19.17",
"eslint": "~9.39.2",
"jws": "^3.2.3",
"mongodb>@aws-sdk/credential-providers": "-",
"nanoid": "^3.3.9",
"oclif>@aws-sdk/client-cloudfront": "-",
"oclif>@aws-sdk/client-s3": "-",
"js-yaml@<4": "^3.14.2",
"js-yaml@>=4": "^4.1.1",
"qs": "^6.15.0",
"simple-git": "^3.32.3",
"socket.io-parser": "^4.2.6",
"tar": "^7.5.11",
"sharp": "^0.33.2",
"minimatch@>=3 <4": "^3.1.5",
"minimatch@>=5 <6": "^5.1.9",
"minimatch@>=6 <7": "^6.2.3",
"minimatch@>=7 <8": "^7.4.9",
"minimatch@>=8 <9": "^8.0.7",
"minimatch@>=9 <10": "^9.0.9",
"minimatch@>=10 <11": "^10.2.4",
"serialize-javascript@>=6 <7": "^7.0.4",
"picomatch@>=2 <3": "^2.3.2",
"picomatch@>=4 <5": "^4.0.4",
"zookeeper": "^7.2.0"
},
"onlyBuiltDependencies": [
"core-js",
"node-rdkafka",
"snappy",
"unrs-resolver",
"zookeeper"
]
}
}