Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 copilot-swe-agent[bot]
|
d7a7915f8b | ||
|
copilot-swe-agent[bot]
|
2d51aa9d39 | ||
|
copilot-swe-agent[bot]
|
3f949252c1 |
Generated
+8
-2
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "backend",
|
||||
"version": "0.3.1",
|
||||
"version": "0.3.2",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "backend",
|
||||
"version": "0.3.1",
|
||||
"version": "0.3.2",
|
||||
"license": "ISC",
|
||||
"dependencies": {
|
||||
"@prisma/client": "^5.22.0",
|
||||
@@ -1128,6 +1128,7 @@
|
||||
"resolved": "https://registry.npmjs.org/@types/node/-/node-24.10.1.tgz",
|
||||
"integrity": "sha512-GNWcUTRBgIRJD5zj+Tq0fKOJ5XZajIiBroOF0yvj2bSU1WvNdYS/dn9UxwsujGW4JX06dnHyjV2y9rRaybH0iQ==",
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"undici-types": "~7.16.0"
|
||||
}
|
||||
@@ -3813,6 +3814,7 @@
|
||||
"integrity": "sha512-vtpjW3XuYCSnMsNVBjLMNkTj6OZbudcPPTPYHqX0CJfpcdWciI1dM8uHETwmDxxiqEwCIE6WvXucWUetJgfu/A==",
|
||||
"hasInstallScript": true,
|
||||
"license": "Apache-2.0",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"@prisma/engines": "5.22.0"
|
||||
},
|
||||
@@ -4819,6 +4821,7 @@
|
||||
"integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"engines": {
|
||||
"node": ">=12"
|
||||
},
|
||||
@@ -4977,6 +4980,7 @@
|
||||
"integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"peer": true,
|
||||
"bin": {
|
||||
"tsc": "bin/tsc",
|
||||
"tsserver": "bin/tsserver"
|
||||
@@ -5054,6 +5058,7 @@
|
||||
"integrity": "sha512-tI2l/nFHC5rLh7+5+o7QjKjSR04ivXDF4jcgV0f/bTQ+OJiITy5S6gaynVsEM+7RqzufMnVbIon6Sr5x1SDYaQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"esbuild": "^0.25.0",
|
||||
"fdir": "^6.5.0",
|
||||
@@ -5147,6 +5152,7 @@
|
||||
"integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"engines": {
|
||||
"node": ">=12"
|
||||
},
|
||||
|
||||
@@ -0,0 +1,159 @@
|
||||
/**
|
||||
* Security hardening tests
|
||||
*
|
||||
* Tests for input validation and sanitization improvements:
|
||||
* - Route parameter ID validation
|
||||
* - Collection name validation/sanitization
|
||||
* - Library items validation
|
||||
* - Socket.io input validation helpers
|
||||
* - Path traversal protection in archive file names
|
||||
*/
|
||||
|
||||
import { describe, it, expect } from "vitest";
|
||||
import { sanitizeText } from "../security";
|
||||
|
||||
// Replicate the validation functions from index.ts to test them in isolation
|
||||
const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
|
||||
const SAFE_ID_REGEX = /^[a-zA-Z0-9_-]{1,128}$/;
|
||||
|
||||
const isValidResourceId = (id: string): boolean => {
|
||||
return UUID_REGEX.test(id) || SAFE_ID_REGEX.test(id);
|
||||
};
|
||||
|
||||
describe("Route Parameter ID Validation", () => {
|
||||
it("should accept valid UUID v4", () => {
|
||||
expect(isValidResourceId("550e8400-e29b-41d4-a716-446655440000")).toBe(true);
|
||||
expect(isValidResourceId("6ba7b810-9dad-11d1-80b4-00c04fd430c8")).toBe(true);
|
||||
});
|
||||
|
||||
it("should accept safe alphanumeric IDs", () => {
|
||||
expect(isValidResourceId("trash")).toBe(true);
|
||||
expect(isValidResourceId("default")).toBe(true);
|
||||
expect(isValidResourceId("my-collection-123")).toBe(true);
|
||||
expect(isValidResourceId("element_1")).toBe(true);
|
||||
});
|
||||
|
||||
it("should reject IDs with path traversal", () => {
|
||||
expect(isValidResourceId("../etc/passwd")).toBe(false);
|
||||
expect(isValidResourceId("..\\windows\\system32")).toBe(false);
|
||||
expect(isValidResourceId("foo/bar")).toBe(false);
|
||||
});
|
||||
|
||||
it("should reject IDs with SQL injection attempts", () => {
|
||||
expect(isValidResourceId("'; DROP TABLE drawings; --")).toBe(false);
|
||||
expect(isValidResourceId("1 OR 1=1")).toBe(false);
|
||||
});
|
||||
|
||||
it("should reject IDs with script injection", () => {
|
||||
expect(isValidResourceId("<script>alert(1)</script>")).toBe(false);
|
||||
expect(isValidResourceId('"><img src=x onerror=alert(1)>')).toBe(false);
|
||||
});
|
||||
|
||||
it("should reject empty or excessively long IDs", () => {
|
||||
expect(isValidResourceId("")).toBe(false);
|
||||
expect(isValidResourceId("a".repeat(129))).toBe(false);
|
||||
});
|
||||
|
||||
it("should accept IDs at maximum length", () => {
|
||||
expect(isValidResourceId("a".repeat(128))).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
describe("Collection Name Validation", () => {
|
||||
it("should sanitize collection names with HTML", () => {
|
||||
const result = sanitizeText('<script>alert("xss")</script>My Collection', 255);
|
||||
expect(result).not.toContain("<script>");
|
||||
expect(result).toContain("My Collection");
|
||||
});
|
||||
|
||||
it("should preserve normal collection names", () => {
|
||||
const result = sanitizeText("My Drawings Collection", 255);
|
||||
expect(result).toBe("My Drawings Collection");
|
||||
});
|
||||
|
||||
it("should truncate overly long names", () => {
|
||||
const longName = "A".repeat(300);
|
||||
const result = sanitizeText(longName, 255);
|
||||
expect(result.length).toBeLessThanOrEqual(255);
|
||||
});
|
||||
|
||||
it("should strip control characters", () => {
|
||||
const result = sanitizeText("Name\x00With\x07Control\x1FChars", 255);
|
||||
expect(result).not.toContain("\x00");
|
||||
expect(result).not.toContain("\x07");
|
||||
expect(result).not.toContain("\x1F");
|
||||
});
|
||||
});
|
||||
|
||||
describe("Library Items Validation", () => {
|
||||
it("should accept valid item counts", () => {
|
||||
const items = Array.from({ length: 100 }, (_, i) => ({ id: `item-${i}` }));
|
||||
expect(items.length).toBeLessThanOrEqual(10000);
|
||||
});
|
||||
|
||||
it("should flag excessive item counts", () => {
|
||||
const items = Array.from({ length: 10001 }, (_, i) => ({ id: `item-${i}` }));
|
||||
expect(items.length).toBeGreaterThan(10000);
|
||||
});
|
||||
});
|
||||
|
||||
describe("Archive Path Sanitization", () => {
|
||||
const sanitizeArchiveName = (name: string): string => {
|
||||
return name.replace(/[<>:"/\\|?*]/g, "_").replace(/\.\./g, "_");
|
||||
};
|
||||
|
||||
it("should replace path traversal sequences", () => {
|
||||
const result = sanitizeArchiveName("../../etc/passwd");
|
||||
expect(result).not.toContain("..");
|
||||
expect(result).not.toContain("/");
|
||||
});
|
||||
|
||||
it("should replace dangerous characters", () => {
|
||||
const result = sanitizeArchiveName('my<drawing>:name/"test"\\path|file?name*');
|
||||
expect(result).not.toContain("<");
|
||||
expect(result).not.toContain(">");
|
||||
expect(result).not.toContain(":");
|
||||
expect(result).not.toContain('"');
|
||||
expect(result).not.toContain("\\");
|
||||
expect(result).not.toContain("|");
|
||||
expect(result).not.toContain("?");
|
||||
expect(result).not.toContain("*");
|
||||
});
|
||||
|
||||
it("should preserve normal names", () => {
|
||||
const result = sanitizeArchiveName("My Drawing 2024");
|
||||
expect(result).toBe("My Drawing 2024");
|
||||
});
|
||||
|
||||
it("should handle double-dot paths", () => {
|
||||
const result = sanitizeArchiveName("..folder../..test..");
|
||||
expect(result).not.toContain("..");
|
||||
});
|
||||
});
|
||||
|
||||
describe("Socket.io Input Validation Helpers", () => {
|
||||
const isValidDrawingId = (id: unknown): id is string =>
|
||||
typeof id === "string" && id.length > 0 && id.length <= 128 && isValidResourceId(id);
|
||||
|
||||
it("should accept valid drawing IDs", () => {
|
||||
expect(isValidDrawingId("550e8400-e29b-41d4-a716-446655440000")).toBe(true);
|
||||
expect(isValidDrawingId("my-drawing-1")).toBe(true);
|
||||
});
|
||||
|
||||
it("should reject non-string inputs", () => {
|
||||
expect(isValidDrawingId(123)).toBe(false);
|
||||
expect(isValidDrawingId(null)).toBe(false);
|
||||
expect(isValidDrawingId(undefined)).toBe(false);
|
||||
expect(isValidDrawingId({})).toBe(false);
|
||||
expect(isValidDrawingId([])).toBe(false);
|
||||
});
|
||||
|
||||
it("should reject empty strings", () => {
|
||||
expect(isValidDrawingId("")).toBe(false);
|
||||
});
|
||||
|
||||
it("should reject strings with injection attempts", () => {
|
||||
expect(isValidDrawingId("<script>alert(1)</script>")).toBe(false);
|
||||
expect(isValidDrawingId("../../../etc/passwd")).toBe(false);
|
||||
});
|
||||
});
|
||||
+100
-11
@@ -235,10 +235,15 @@ const upload = multer({
|
||||
files: 1,
|
||||
},
|
||||
fileFilter: (req, file, cb) => {
|
||||
// Reject filenames with path traversal characters
|
||||
const safeName = path.basename(file.originalname);
|
||||
if (safeName !== file.originalname || /[/\\]/.test(file.originalname)) {
|
||||
return cb(new Error("Invalid filename"));
|
||||
}
|
||||
if (file.fieldname === "db") {
|
||||
const isSqliteDb =
|
||||
file.originalname.endsWith(".db") ||
|
||||
file.originalname.endsWith(".sqlite");
|
||||
safeName.endsWith(".db") ||
|
||||
safeName.endsWith(".sqlite");
|
||||
if (!isSqliteDb) {
|
||||
return cb(new Error("Only .db or .sqlite files are allowed"));
|
||||
}
|
||||
@@ -282,6 +287,7 @@ app.use((req, res, next) => {
|
||||
"Permissions-Policy",
|
||||
"geolocation=(), microphone=(), camera=()"
|
||||
);
|
||||
res.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
|
||||
|
||||
res.setHeader(
|
||||
"Content-Security-Policy",
|
||||
@@ -291,7 +297,9 @@ app.use((req, res, next) => {
|
||||
"font-src 'self' https://fonts.gstatic.com; " +
|
||||
"img-src 'self' data: blob: https:; " +
|
||||
"connect-src 'self' ws: wss:; " +
|
||||
"frame-ancestors 'none';"
|
||||
"frame-ancestors 'none'; " +
|
||||
"base-uri 'self'; " +
|
||||
"form-action 'self';"
|
||||
);
|
||||
|
||||
next();
|
||||
@@ -475,6 +483,28 @@ const csrfProtectionMiddleware = (
|
||||
// Apply CSRF protection to all routes
|
||||
app.use(csrfProtectionMiddleware);
|
||||
|
||||
// Validate route parameter IDs to prevent injection and ensure expected format
|
||||
const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
|
||||
const SAFE_ID_REGEX = /^[a-zA-Z0-9_-]{1,128}$/;
|
||||
|
||||
const isValidResourceId = (id: string): boolean => {
|
||||
return UUID_REGEX.test(id) || SAFE_ID_REGEX.test(id);
|
||||
};
|
||||
|
||||
const validateIdParam = (
|
||||
req: express.Request,
|
||||
res: express.Response,
|
||||
next: express.NextFunction
|
||||
) => {
|
||||
const { id } = req.params;
|
||||
if (id && !isValidResourceId(id)) {
|
||||
return res.status(400).json({ error: "Invalid resource ID format" });
|
||||
}
|
||||
next();
|
||||
};
|
||||
|
||||
app.param("id", validateIdParam);
|
||||
|
||||
const filesFieldSchema = z
|
||||
.union([z.record(z.string(), z.any()), z.null()])
|
||||
.optional()
|
||||
@@ -664,6 +694,12 @@ interface User {
|
||||
|
||||
const roomUsers = new Map<string, User[]>();
|
||||
|
||||
const isValidSocketId = (id: unknown): id is string =>
|
||||
typeof id === "string" && id.length > 0 && id.length <= 128 && SAFE_ID_REGEX.test(id);
|
||||
|
||||
const isValidDrawingId = (id: unknown): id is string =>
|
||||
typeof id === "string" && id.length > 0 && id.length <= 128 && isValidResourceId(id);
|
||||
|
||||
io.on("connection", (socket) => {
|
||||
socket.on(
|
||||
"join-room",
|
||||
@@ -674,10 +710,16 @@ io.on("connection", (socket) => {
|
||||
drawingId: string;
|
||||
user: Omit<User, "socketId" | "isActive">;
|
||||
}) => {
|
||||
if (!isValidDrawingId(drawingId)) return;
|
||||
if (!user || !isValidSocketId(user.id)) return;
|
||||
const safeName = sanitizeText(typeof user.name === "string" ? user.name : "", 100);
|
||||
const safeInitials = sanitizeText(typeof user.initials === "string" ? user.initials : "", 5);
|
||||
const safeColor = sanitizeText(typeof user.color === "string" ? user.color : "", 30);
|
||||
|
||||
const roomId = `drawing_${drawingId}`;
|
||||
socket.join(roomId);
|
||||
|
||||
const newUser: User = { ...user, socketId: socket.id, isActive: true };
|
||||
const newUser: User = { id: user.id, name: safeName, initials: safeInitials, color: safeColor, socketId: socket.id, isActive: true };
|
||||
|
||||
const currentUsers = roomUsers.get(roomId) || [];
|
||||
const filteredUsers = currentUsers.filter((u) => u.id !== user.id);
|
||||
@@ -689,11 +731,13 @@ io.on("connection", (socket) => {
|
||||
);
|
||||
|
||||
socket.on("cursor-move", (data) => {
|
||||
if (!data || !isValidDrawingId(data.drawingId)) return;
|
||||
const roomId = `drawing_${data.drawingId}`;
|
||||
socket.volatile.to(roomId).emit("cursor-move", data);
|
||||
});
|
||||
|
||||
socket.on("element-update", (data) => {
|
||||
if (!data || !isValidDrawingId(data.drawingId)) return;
|
||||
const roomId = `drawing_${data.drawingId}`;
|
||||
socket.to(roomId).emit("element-update", data);
|
||||
});
|
||||
@@ -701,6 +745,8 @@ io.on("connection", (socket) => {
|
||||
socket.on(
|
||||
"user-activity",
|
||||
({ drawingId, isActive }: { drawingId: string; isActive: boolean }) => {
|
||||
if (!isValidDrawingId(drawingId)) return;
|
||||
if (typeof isActive !== "boolean") return;
|
||||
const roomId = `drawing_${drawingId}`;
|
||||
const users = roomUsers.get(roomId);
|
||||
if (users) {
|
||||
@@ -993,8 +1039,12 @@ app.get("/collections", async (req, res) => {
|
||||
app.post("/collections", async (req, res) => {
|
||||
try {
|
||||
const { name } = req.body;
|
||||
if (typeof name !== "string" || name.trim().length === 0 || name.trim().length > 255) {
|
||||
return res.status(400).json({ error: "Collection name must be a non-empty string (max 255 characters)" });
|
||||
}
|
||||
const sanitizedName = sanitizeText(name.trim(), 255);
|
||||
const newCollection = await prisma.collection.create({
|
||||
data: { name },
|
||||
data: { name: sanitizedName },
|
||||
});
|
||||
res.json(newCollection);
|
||||
} catch (error) {
|
||||
@@ -1006,9 +1056,13 @@ app.put("/collections/:id", async (req, res) => {
|
||||
try {
|
||||
const { id } = req.params;
|
||||
const { name } = req.body;
|
||||
if (typeof name !== "string" || name.trim().length === 0 || name.trim().length > 255) {
|
||||
return res.status(400).json({ error: "Collection name must be a non-empty string (max 255 characters)" });
|
||||
}
|
||||
const sanitizedName = sanitizeText(name.trim(), 255);
|
||||
const updatedCollection = await prisma.collection.update({
|
||||
where: { id },
|
||||
data: { name },
|
||||
data: { name: sanitizedName },
|
||||
});
|
||||
res.json(updatedCollection);
|
||||
} catch (error) {
|
||||
@@ -1063,14 +1117,23 @@ app.put("/library", async (req, res) => {
|
||||
return res.status(400).json({ error: "Items must be an array" });
|
||||
}
|
||||
|
||||
if (items.length > 10000) {
|
||||
return res.status(400).json({ error: "Library items limit exceeded (max 10,000)" });
|
||||
}
|
||||
|
||||
const serialized = JSON.stringify(items);
|
||||
if (serialized.length > 50 * 1024 * 1024) {
|
||||
return res.status(400).json({ error: "Library data too large" });
|
||||
}
|
||||
|
||||
const library = await prisma.library.upsert({
|
||||
where: { id: "default" },
|
||||
update: {
|
||||
items: JSON.stringify(items),
|
||||
items: serialized,
|
||||
},
|
||||
create: {
|
||||
id: "default",
|
||||
items: JSON.stringify(items),
|
||||
items: serialized,
|
||||
},
|
||||
});
|
||||
|
||||
@@ -1159,12 +1222,12 @@ app.get("/export/json", async (req, res) => {
|
||||
|
||||
Object.entries(drawingsByCollection).forEach(
|
||||
([collectionName, collectionDrawings]) => {
|
||||
const folderName = collectionName.replace(/[<>:"/\\|?*]/g, "_");
|
||||
const folderName = collectionName.replace(/[<>:"/\\|?*]/g, "_").replace(/\.\./g, "_");
|
||||
collectionDrawings.forEach((drawing, index) => {
|
||||
const fileName = `${drawing.name.replace(
|
||||
/[<>:"/\\|?*]/g,
|
||||
"_"
|
||||
)}.excalidraw`;
|
||||
).replace(/\.\./g, "_")}.excalidraw`;
|
||||
const filePath = `${folderName}/${fileName}`;
|
||||
|
||||
archive.append(JSON.stringify(drawing.data, null, 2), {
|
||||
@@ -1256,12 +1319,27 @@ app.post("/import/sqlite", upload.single("db"), async (req, res) => {
|
||||
}
|
||||
|
||||
const dbPath = getResolvedDbPath();
|
||||
const backupPath = `${dbPath}.backup`;
|
||||
const backupTimestamp = new Date().toISOString().replace(/[:.]/g, "-");
|
||||
const backupPath = `${dbPath}.backup-${backupTimestamp}`;
|
||||
|
||||
try {
|
||||
try {
|
||||
await fsPromises.access(dbPath);
|
||||
await fsPromises.copyFile(dbPath, backupPath);
|
||||
console.log(`[import] Created backup: ${backupPath}`);
|
||||
|
||||
// Rotate old backups - keep only the 5 most recent
|
||||
const dbDir = path.dirname(dbPath);
|
||||
const dbName = path.basename(dbPath);
|
||||
const files = await fsPromises.readdir(dbDir);
|
||||
const backups = files
|
||||
.filter((f) => f.startsWith(`${dbName}.backup-`))
|
||||
.sort()
|
||||
.reverse();
|
||||
for (const oldBackup of backups.slice(5)) {
|
||||
await removeFileIfExists(path.join(dbDir, oldBackup));
|
||||
console.log(`[import] Removed old backup: ${oldBackup}`);
|
||||
}
|
||||
} catch { }
|
||||
|
||||
await moveFile(stagedPath, dbPath);
|
||||
@@ -1300,6 +1378,17 @@ const ensureTrashCollection = async () => {
|
||||
}
|
||||
};
|
||||
|
||||
// Global error handler - prevent stack traces from leaking to clients
|
||||
app.use((err: any, req: express.Request, res: express.Response, next: express.NextFunction) => {
|
||||
if (err instanceof multer.MulterError) {
|
||||
return res.status(400).json({ error: `Upload error: ${err.message}` });
|
||||
}
|
||||
if (err && err.message) {
|
||||
console.error("Unhandled error:", err.message);
|
||||
}
|
||||
res.status(500).json({ error: "Internal server error" });
|
||||
});
|
||||
|
||||
httpServer.listen(PORT, async () => {
|
||||
await initializeUploadDir();
|
||||
await ensureTrashCollection();
|
||||
|
||||
Generated
+31
-18
@@ -1,18 +1,18 @@
|
||||
{
|
||||
"name": "frontend",
|
||||
"version": "0.3.2",
|
||||
"version": "0.1.8",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "frontend",
|
||||
"version": "0.3.2",
|
||||
"version": "0.1.8",
|
||||
"dependencies": {
|
||||
"@dnd-kit/core": "^6.3.1",
|
||||
"@dnd-kit/utilities": "^3.2.2",
|
||||
"@excalidraw/excalidraw": "^0.18.0",
|
||||
"@types/lodash": "^4.17.20",
|
||||
"axios": "^1.13.5",
|
||||
"axios": "^1.13.2",
|
||||
"clsx": "^2.1.1",
|
||||
"date-fns": "^4.1.0",
|
||||
"lodash": "^4.17.21",
|
||||
@@ -162,6 +162,7 @@
|
||||
"integrity": "sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"@babel/code-frame": "^7.27.1",
|
||||
"@babel/generator": "^7.28.5",
|
||||
@@ -516,6 +517,7 @@
|
||||
}
|
||||
],
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"engines": {
|
||||
"node": ">=18"
|
||||
},
|
||||
@@ -559,6 +561,7 @@
|
||||
}
|
||||
],
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"engines": {
|
||||
"node": ">=18"
|
||||
}
|
||||
@@ -2609,8 +2612,7 @@
|
||||
"resolved": "https://registry.npmjs.org/@types/aria-query/-/aria-query-5.0.4.tgz",
|
||||
"integrity": "sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/@types/babel__core": {
|
||||
"version": "7.20.5",
|
||||
@@ -2775,6 +2777,7 @@
|
||||
"integrity": "sha512-V0kuGBX3+prX+DQ/7r2qsv1NsdfnCLnTgnRJ1pYnxykBhGMz+qj+box5lq7XsO5mtZsBqpjwwTu/7wszPfMBcw==",
|
||||
"devOptional": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"@types/prop-types": "*",
|
||||
"csstype": "^3.0.2"
|
||||
@@ -2786,6 +2789,7 @@
|
||||
"integrity": "sha512-qW1Mfv8taImTthu4KoXgDfLuk4bydU6Q/TkADnDWWHwi4NX4BR+LWfTp2sVmTqRrsHvyDDTelgelxJ+SsejKKQ==",
|
||||
"devOptional": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"@types/react": "*"
|
||||
}
|
||||
@@ -2856,6 +2860,7 @@
|
||||
"integrity": "sha512-lJi3PfxVmo0AkEY93ecfN+r8SofEqZNGByvHAI3GBLrvt1Cw6H5k1IM02nSzu0RfUafr2EvFSw0wAsZgubNplQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"@typescript-eslint/scope-manager": "8.47.0",
|
||||
"@typescript-eslint/types": "8.47.0",
|
||||
@@ -3219,6 +3224,7 @@
|
||||
"integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"bin": {
|
||||
"acorn": "bin/acorn"
|
||||
},
|
||||
@@ -3269,7 +3275,6 @@
|
||||
"integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"engines": {
|
||||
"node": ">=8"
|
||||
}
|
||||
@@ -3401,13 +3406,13 @@
|
||||
}
|
||||
},
|
||||
"node_modules/axios": {
|
||||
"version": "1.13.5",
|
||||
"resolved": "https://registry.npmjs.org/axios/-/axios-1.13.5.tgz",
|
||||
"integrity": "sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==",
|
||||
"version": "1.13.2",
|
||||
"resolved": "https://registry.npmjs.org/axios/-/axios-1.13.2.tgz",
|
||||
"integrity": "sha512-VPk9ebNqPcy5lRGuSlKx752IlDatOjT9paPlm8A7yOuW2Fbvp4X3JznJtT4f0GzGLLiWE9W8onz51SqLYwzGaA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"follow-redirects": "^1.15.11",
|
||||
"form-data": "^4.0.5",
|
||||
"follow-redirects": "^1.15.6",
|
||||
"form-data": "^4.0.4",
|
||||
"proxy-from-env": "^1.1.0"
|
||||
}
|
||||
},
|
||||
@@ -3499,6 +3504,7 @@
|
||||
}
|
||||
],
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"baseline-browser-mapping": "^2.8.25",
|
||||
"caniuse-lite": "^1.0.30001754",
|
||||
@@ -3830,6 +3836,7 @@
|
||||
"resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.33.1.tgz",
|
||||
"integrity": "sha512-iJc4TwyANnOGR1OmWhsS9ayRS3s+XQ185FmuHObThD+5AeJCakAAbWv8KimMTt08xCCLNgneQwFp+JRJOr9qGQ==",
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"engines": {
|
||||
"node": ">=0.10"
|
||||
}
|
||||
@@ -4203,6 +4210,7 @@
|
||||
"resolved": "https://registry.npmjs.org/d3-selection/-/d3-selection-3.0.0.tgz",
|
||||
"integrity": "sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ==",
|
||||
"license": "ISC",
|
||||
"peer": true,
|
||||
"engines": {
|
||||
"node": ">=12"
|
||||
}
|
||||
@@ -4442,8 +4450,7 @@
|
||||
"resolved": "https://registry.npmjs.org/dom-accessibility-api/-/dom-accessibility-api-0.5.16.tgz",
|
||||
"integrity": "sha512-X7BJ2yElsnOJ30pZF4uIIDfBEVgF4XEBxL9Bxhy6dnrm5hkzqmsWHGTiHqRiITNhMyFLyAiWndIJP7Z1NTteDg==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/dompurify": {
|
||||
"version": "3.1.6",
|
||||
@@ -4662,6 +4669,7 @@
|
||||
"integrity": "sha512-BhHmn2yNOFA9H9JmmIVKJmd288g9hrVRDkdoIgRCRuSySRUHH7r/DI6aAXW9T1WwUuY3DFgrcaqB+deURBLR5g==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"@eslint-community/eslint-utils": "^4.8.0",
|
||||
"@eslint-community/regexpp": "^4.12.1",
|
||||
@@ -5495,6 +5503,7 @@
|
||||
"resolved": "https://registry.npmjs.org/jotai/-/jotai-2.11.0.tgz",
|
||||
"integrity": "sha512-zKfoBBD1uDw3rljwHkt0fWuja1B76R7CjznuBO+mSX6jpsO1EBeWNRKpeaQho9yPI/pvCv4recGfgOXGxwPZvQ==",
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"engines": {
|
||||
"node": ">=12.20.0"
|
||||
},
|
||||
@@ -5842,7 +5851,6 @@
|
||||
"integrity": "sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"bin": {
|
||||
"lz-string": "bin/bin.js"
|
||||
}
|
||||
@@ -6872,6 +6880,7 @@
|
||||
}
|
||||
],
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"nanoid": "^3.3.7",
|
||||
"picocolors": "^1.0.0",
|
||||
@@ -7037,7 +7046,6 @@
|
||||
"integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"ansi-regex": "^5.0.1",
|
||||
"ansi-styles": "^5.0.0",
|
||||
@@ -7053,7 +7061,6 @@
|
||||
"integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"engines": {
|
||||
"node": ">=10"
|
||||
},
|
||||
@@ -7109,6 +7116,7 @@
|
||||
"resolved": "https://registry.npmjs.org/react/-/react-18.3.1.tgz",
|
||||
"integrity": "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==",
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"loose-envify": "^1.1.0"
|
||||
},
|
||||
@@ -7121,6 +7129,7 @@
|
||||
"resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz",
|
||||
"integrity": "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==",
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"loose-envify": "^1.1.0",
|
||||
"scheduler": "^0.23.2"
|
||||
@@ -7134,8 +7143,7 @@
|
||||
"resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz",
|
||||
"integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/react-refresh": {
|
||||
"version": "0.18.0",
|
||||
@@ -7850,6 +7858,7 @@
|
||||
"integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"engines": {
|
||||
"node": ">=12"
|
||||
},
|
||||
@@ -7988,6 +7997,7 @@
|
||||
"integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
|
||||
"dev": true,
|
||||
"license": "Apache-2.0",
|
||||
"peer": true,
|
||||
"bin": {
|
||||
"tsc": "bin/tsc",
|
||||
"tsserver": "bin/tsserver"
|
||||
@@ -8177,6 +8187,7 @@
|
||||
"integrity": "sha512-BxAKBWmIbrDgrokdGZH1IgkIk/5mMHDreLDmCJ0qpyJaAteP8NvMhkwr/ZCQNqNH97bw/dANTE9PDzqwJghfMQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"dependencies": {
|
||||
"esbuild": "^0.25.0",
|
||||
"fdir": "^6.5.0",
|
||||
@@ -8270,6 +8281,7 @@
|
||||
"integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"engines": {
|
||||
"node": ">=12"
|
||||
},
|
||||
@@ -8596,6 +8608,7 @@
|
||||
"integrity": "sha512-JInaHOamG8pt5+Ey8kGmdcAcg3OL9reK8ltczgHTAwNhMys/6ThXHityHxVV2p3fkw/c+MAvBHFVYHFZDmjMCQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"peer": true,
|
||||
"funding": {
|
||||
"url": "https://github.com/sponsors/colinhacks"
|
||||
}
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
"@dnd-kit/utilities": "^3.2.2",
|
||||
"@excalidraw/excalidraw": "^0.18.0",
|
||||
"@types/lodash": "^4.17.20",
|
||||
"axios": "^1.13.5",
|
||||
"axios": "^1.13.2",
|
||||
"clsx": "^2.1.1",
|
||||
"date-fns": "^4.1.0",
|
||||
"lodash": "^4.17.21",
|
||||
|
||||
Reference in New Issue
Block a user