maximunited / yomu / 26062661366
84%

DEFAULT BRANCH: master
Ran
Jobs 1
Files 50
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 86.57%. Remained the same
26062661366

push

github

web-flow 
fix(security): upgrade Next.js to 16.2.6 and enforce PostCSS 8.5.10+ (#39)

* fix(security): upgrade Next.js to 16.2.6 and enforce PostCSS 8.5.10+

Fixes 2 moderate severity vulnerabilities:
- Next.js: Multiple security issues including DoS, XSS, SSRF, and auth bypass (13 CVEs)
- PostCSS: XSS via unescaped </style> in CSS stringify output (GHSA-qx2v-qp2m-jg93)

Changes:
- Upgrade Next.js from 16.2.4 to 16.2.6
- Add package override to enforce postcss ^8.5.10 (fixes transitive dependency)

Verification:
- npm audit: 0 vulnerabilities (down from 2 moderate)
- All 481 unit tests passing
- Production build successful
- Linting clean (warnings only, no errors)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: address Qodo review findings for security upgrade

Fixes 2 bugs identified by Qodo code review:

1. Yarn ignores PostCSS override (Security)
   - Added "resolutions" field to package.json for Yarn compatibility
   - Mirrors "overrides" field to ensure Yarn enforces postcss >=8.5.10
   - Both npm and Yarn now properly enforce security requirements

2. Node requirement mismatch (Reliability)
   - Updated README.md: Node.js 18+ → Node.js 20.9.0+
   - Added "engines" field to package.json to enforce Node >=20.9.0
   - Aligns with Next.js 16.2.6 actual requirement and CI configuration

Both package managers (npm/yarn) now enforce security patches,
and developers are informed of correct Node version requirement.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: remove unsupported 'resolutions' field causing npm ci failure

The 'resolutions' field is Yarn-specific and not supported by npm.
When npm ci encounters this field, it fails with:
"Cannot read property '@headlessui/react' of undefined"

Changes:
- Removed 'resolutions' field from package.json
- Kept 'overrides' field (npm's equivalent)
- Updated README to clarify npm-only support

This fixes CI failures in GitHub Actions where npm ci is used.
The 'overrides' field al... (continued)

682 of 961 branches covered (70.97%)

Branch coverage included in aggregate %.

9993 of 11370 relevant lines covered (87.89%)

33.84 hits per line

Jobs
ID Job ID Ran Files Coverage
1 26062661366.1 50
86.57
 GitHub Action Run
Source Files on build 26062661366