[PR #35] [MERGED] Dev #92

New issue

Closed

opened 2026-05-06 12:18:40 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-06 12:18:40 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/BreizhHardware/Site-comptage-heure/pull/35
Author: @BreizhHardware
Created: 12/12/2025
Status: ✅ Merged
Merged: 12/12/2025
Merged by: @BreizhHardware

Base: main ← Head: dev

📝 Commits (5)

a39c8db feat(audit): Add security audit workflow with failure issue creation
5c7161c feat(audit): Add push trigger for security audit workflow
5eb24a5 fix: Mettre à jour les dépendances pour améliorer la sécurité et la stabilité
12ab33b fix: Supprimer les fichiers de configuration inutilisés dans le répertoire .idea
c68124b Merge pull request #34 from BreizhHardware/fix/React-CVE

📊 Changes

7 files changed (+177 additions, -168 deletions)

View changed files

➕ .github/workflows/audit.yml (+44 -0)
📝 .github/workflows/ci.yml (+1 -1)
➖ .idea/.gitignore (+0 -8)
➖ .idea/discord.xml (+0 -14)
➖ .idea/material_theme_project_new.xml (+0 -13)
📝 package.json (+4 -4)
📝 pnpm-lock.yaml (+128 -128)

📄 Description

This pull request introduces several dependency upgrades, adds a new security audit workflow, and removes some IDE-specific configuration files. The main focus is on keeping dependencies up to date for security and stability, automating security checks, and cleaning up project metadata.

Dependency upgrades:

Upgraded next from 16.0.7 to 16.0.10 in both package.json and pnpm-lock.yaml, along with all related @next/* packages. [1] [2] [3] [4] [5]
Updated @tailwindcss/postcss, tailwindcss, and all associated @tailwindcss/oxide* packages from 4.1.17 to 4.1.18 in package.json and pnpm-lock.yaml. [1] [2] [3] [4] [5] [6]
Bumped @types/node from 24.10.1 to 24.10.3 in both package.json and pnpm-lock.yaml. [1] [2] [3]
Updated caniuse-lite and enhanced-resolve to their latest versions in pnpm-lock.yaml. [1] [2]
Changed Node.js version in CI workflow from 22 to 24 for compatibility with updated dependencies.

Security and automation:

Added a new GitHub Actions workflow .github/workflows/audit.yml to run daily and on push security audits using pnpm audit. If vulnerabilities are found, an issue is automatically created.

Project cleanup:

Removed .idea/.gitignore, .idea/discord.xml, and .idea/material_theme_project_new.xml, cleaning up IDE-specific project files and metadata. [1] [2] [3]

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BreizhHardware/Site-comptage-heure/pull/35 **Author:** [@BreizhHardware](https://github.com/BreizhHardware) **Created:** 12/12/2025 **Status:** ✅ Merged **Merged:** 12/12/2025 **Merged by:** [@BreizhHardware](https://github.com/BreizhHardware) **Base:** `main` ← **Head:** `dev` --- ### 📝 Commits (5) - [`a39c8db`](https://github.com/BreizhHardware/Site-comptage-heure/commit/a39c8dbdcfdae0bc446712f9310009b5d07dbc22) feat(audit): Add security audit workflow with failure issue creation - [`5c7161c`](https://github.com/BreizhHardware/Site-comptage-heure/commit/5c7161cb555694b450f911bb259e6709b84bd9d6) feat(audit): Add push trigger for security audit workflow - [`5eb24a5`](https://github.com/BreizhHardware/Site-comptage-heure/commit/5eb24a55fda93d1505519ddf3fbd7796b186aacd) fix: Mettre à jour les dépendances pour améliorer la sécurité et la stabilité - [`12ab33b`](https://github.com/BreizhHardware/Site-comptage-heure/commit/12ab33bfcd5a8f2bee1397d77de38fd1c57cab73) fix: Supprimer les fichiers de configuration inutilisés dans le répertoire .idea - [`c68124b`](https://github.com/BreizhHardware/Site-comptage-heure/commit/c68124b7820256cd1ebcfef4751a16f5433cf29b) Merge pull request #34 from BreizhHardware/fix/React-CVE ### 📊 Changes **7 files changed** (+177 additions, -168 deletions) <details> <summary>View changed files</summary> ➕ `.github/workflows/audit.yml` (+44 -0) 📝 `.github/workflows/ci.yml` (+1 -1) ➖ `.idea/.gitignore` (+0 -8) ➖ `.idea/discord.xml` (+0 -14) ➖ `.idea/material_theme_project_new.xml` (+0 -13) 📝 `package.json` (+4 -4) 📝 `pnpm-lock.yaml` (+128 -128) </details> ### 📄 Description This pull request introduces several dependency upgrades, adds a new security audit workflow, and removes some IDE-specific configuration files. The main focus is on keeping dependencies up to date for security and stability, automating security checks, and cleaning up project metadata. **Dependency upgrades:** - Upgraded `next` from `16.0.7` to `16.0.10` in both `package.json` and `pnpm-lock.yaml`, along with all related `@next/*` packages. [[1]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L35-R35) [[2]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL70-R74) [[3]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL350-R396) [[4]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL1729-R1730) [[5]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL2477-R2500) - Updated `@tailwindcss/postcss`, `tailwindcss`, and all associated `@tailwindcss/oxide*` packages from `4.1.17` to `4.1.18` in `package.json` and `pnpm-lock.yaml`. [[1]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L50-R57) [[2]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL110-R117) [[3]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL131-R132) [[4]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL782-R840) [[5]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL851-R868) [[6]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL2124-R2125) - Bumped `@types/node` from `24.10.1` to `24.10.3` in both `package.json` and `pnpm-lock.yaml`. [[1]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L50-R57) [[2]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL110-R117) [[3]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL879-R880) - Updated `caniuse-lite` and `enhanced-resolve` to their latest versions in `pnpm-lock.yaml`. [[1]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL1044-R1045) [[2]](diffhunk://#diff-32824c984905bb02bc7ffcef96a77addd1f1602cff71a11fbbfdd7f53ee026bbL1246-R1247) - Changed Node.js version in CI workflow from `22` to `24` for compatibility with updated dependencies. **Security and automation:** - Added a new GitHub Actions workflow `.github/workflows/audit.yml` to run daily and on push security audits using `pnpm audit`. If vulnerabilities are found, an issue is automatically created. **Project cleanup:** - Removed `.idea/.gitignore`, `.idea/discord.xml`, and `.idea/material_theme_project_new.xml`, cleaning up IDE-specific project files and metadata. [[1]](diffhunk://#diff-21610973868a98feff98dd0460438a8a32cca1447bc8701537ec5048e0c5faebL1-L8) [[2]](diffhunk://#diff-036da77e0e4b2f4e042049d9b20f5cfc4a347bc1e01391bd3bf3bc8ae4601768L1-L14) [[3]](diffhunk://#diff-36c738133cb28c8c4567d8b1825298a23197d472679d924ddb81e1e18641c707L1-L13) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>