dotenv v17: Added quiet option to suppress new default logging.
p-limit v7 and p-queue v9: No code changes needed (only dropped older Node).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
cron v4: No code changes needed (positional constructor args still supported).
ical-generator v10: Removed `new` keyword (now a factory function) and
switched from `attachments` property to `createAttachment()` method.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jsonpath v1.2.1 (published Feb 2025) fixed the security vulnerability
that prompted the switch to jsonpath-plus. Reverting to the original
package simplifies the code by removing the jsonpathQuery/jsonpathApply
wrapper functions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace JS config (tailwind.config.js) with CSS @theme block in base.css
- Switch from PostCSS to @tailwindcss/vite plugin
- Convert all bg-opacity-*/border-opacity-* to slash syntax (e.g. bg-zinc-900/70)
- Add @custom-variant for mobile and ss variants
- Add @reference to Vue scoped styles using @apply
- Rename v3 utilities: rounded→rounded-sm, backdrop-blur-sm→backdrop-blur-xs,
drop-shadow→drop-shadow-sm, rotate-[25deg]→rotate-25
- Delete obsolete tailwind.config.js and postcss.config.js
- Rename vite.config.js to .mjs for ESM compatibility
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
vue-i18n: 9.10.2 → 11.2.8
Resolves XSS and prototype pollution vulnerabilities in vue-i18n v9.
Total vulnerabilities now down to 1 (axios in threads-api transitive
dependency).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- vite: 3.2.8 → 6.4.1
- @vitejs/plugin-vue: 3.2.0 → 5.2.4
- Replaced @intlify/vite-plugin-vue-i18n with @intlify/unplugin-vue-i18n
- Narrowed i18n include pattern to *.json to avoid parsing .mjs files
This resolves the esbuild moderate severity vulnerability that was
present in Vite <=6.1.6.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- @atproto/api (Bluesky): 0.11.2 → 0.18.21
- masto (Mastodon): 6.7.0 → 7.10.1
- twitter-api-v2: 1.18.1 → 1.29.0
threads-api left at 1.6.3 (no newer version available; vulnerable
axios dependency is a transitive issue in that package).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@sentry/node: 7.107.0 → 10.38.0
The project uses only Sentry.init() and Sentry.captureException(),
which are compatible across versions.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Updated transitive dependencies to resolve 31 security vulnerabilities
including critical, high, and moderate severity issues. Remaining 9
vulnerabilities require breaking major version updates (vue-i18n, vite,
threads-api) which will be addressed separately. Also updated the
browserslist database.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
