maximus/simpl-liste
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases 18 Packages Wiki Activity Actions

Compare commits

base: maximus:issue-90-themetoggle-lint-disable
Branches Tags
maximus:master
maximus:issue-90-themetoggle-lint-disable
maximus:chore/web-lint-cleanup
maximus:issue-70-harmonize-display-name
maximus:issue-87-align-expo-sdk-patches
maximus:fix/vuln-postcss-override
maximus:fix/vuln-C-verification
maximus:fix/vuln-B-uuid-override
maximus:fix/vuln-A-xmldom-override
maximus:issue-71-widget-expand-perf
maximus:issue-61-refresh-button-toolbar
maximus:issue-65-widget-sync-refresh
maximus:issue-60-fix-duplicate-inbox
maximus:fix/simpl-liste-32-widget-subtask-toggle
maximus:issue-29-widget-expand-perf
maximus:issue-25-edit-delete-subtasks
maximus:fix/simpl-liste-26-vulnerable-deps
maximus:fix/simpl-liste-23-widget-task-count
maximus:fix/simpl-liste-21-save-button-navigation
maximus:fix/simpl-liste-19-widget-add-button
maximus:fix/simpl-liste-11-widget-scroll
maximus:fix/simpl-liste-12-subtasks-completed-last
maximus:v1.6.4
maximus:v1.6.3
maximus:v1.6.2
maximus:v1.6.1
maximus:v1.6.0
maximus:v1.5.2
maximus:v1.5.1
maximus:v1.5.0
maximus:v1.4.0
maximus:v1.3.0
maximus:v1.2.5
maximus:v1.2.4
maximus:v1.2.3
maximus:v1.2.2
maximus:v1.2.1
maximus:v1.2.0
maximus:v1.1.0
maximus:v1.0.1
maximus:v1.0.0
..
compare: maximus:master
Branches Tags
maximus:master
maximus:issue-90-themetoggle-lint-disable
maximus:chore/web-lint-cleanup
maximus:issue-70-harmonize-display-name
maximus:issue-87-align-expo-sdk-patches
maximus:fix/vuln-postcss-override
maximus:fix/vuln-C-verification
maximus:fix/vuln-B-uuid-override
maximus:fix/vuln-A-xmldom-override
maximus:issue-71-widget-expand-perf
maximus:issue-61-refresh-button-toolbar
maximus:issue-65-widget-sync-refresh
maximus:issue-60-fix-duplicate-inbox
maximus:fix/simpl-liste-32-widget-subtask-toggle
maximus:issue-29-widget-expand-perf
maximus:issue-25-edit-delete-subtasks
maximus:fix/simpl-liste-26-vulnerable-deps
maximus:fix/simpl-liste-23-widget-task-count
maximus:fix/simpl-liste-21-save-button-navigation
maximus:fix/simpl-liste-19-widget-add-button
maximus:fix/simpl-liste-11-widget-scroll
maximus:fix/simpl-liste-12-subtasks-completed-last
maximus:v1.6.4
maximus:v1.6.3
maximus:v1.6.2
maximus:v1.6.1
maximus:v1.6.0
maximus:v1.5.2
maximus:v1.5.1
maximus:v1.5.0
maximus:v1.4.0
maximus:v1.3.0
maximus:v1.2.5
maximus:v1.2.4
maximus:v1.2.3
maximus:v1.2.2
maximus:v1.2.1
maximus:v1.2.0
maximus:v1.1.0
maximus:v1.0.1
maximus:v1.0.0

4 commits
issue-90-t ... master

Author SHA1 Message Date
maximus
158204b938 Merge pull request 'fix(security): override @expo/cli ws to ^8.20.1 (GHSA-58qx-3vcg-4xpx) (#92)' (#94) from issue-92-ws-override into master 2026-05-31 19:21:22 +00:00
le king fu
483030081c state: sync after #90 + web deploy 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-05-30 15:46:07 -04:00
maximus
51429045e6 Merge pull request 'chore(web): document set-state-in-effect on ThemeToggle localStorage read (#90)' (#93) from issue-90-themetoggle-lint-disable into master 2026-05-30 19:25:20 +00:00
le king fu
9ee5372404 fix(security): override @expo/cli ws to ^8.20.1 (GHSA-58qx-3vcg-4xpx) (#92) 
npm audit flagged ws 8.0.0-8.20.0 (moderate, uninitialized memory
disclosure) pulled in via expo > @expo/cli > ws@8.20.0. Scope the
override to @expo/cli so only the vulnerable 8.x instance is bumped
(resolved to 8.21.0); metro's ws@7.5.10 and react-native's ws@6.2.3
stay on their majors to avoid breaking the Metro dev server.

All ws here is dev/build tooling (Expo CLI, Metro, react-devtools),
absent from the shipped APK, so this was not exploitable in production
- but the override clears npm audit and stops the Defenseur re-flagging.

npm audit: 0 vulnerabilities. Root smoke green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-05-30 15:05:10 -04:00
3 changed files with 15 additions and 7 deletions
Show stats Expand all files Collapse all files

7
STATE.md
View file

@ -1,6 +1,6 @@
# STATE — simpl-liste
> Derniere MAJ : 2026-05-30 (par fix-issue #70)
> Derniere MAJ : 2026-05-30 (deploy web liste.lacompagnie + #90)
## Position actuelle
@ -9,8 +9,13 @@ via overrides `@xmldom/xmldom@^0.8.13` et `uuid@^11.0.0` dans `package.json`
(overnight 2026-04-24). 4 CVE HIGH xmldom nettoyees ; 1 advisory uuid residuelle
non-exploitable en pratique (details dans `SECURITY.md`).
Companion web `liste.lacompagniemaximus.com` : deploye **manuellement** (docker-compose
standalone `/data/simpl-liste-web` sur le VPS, build depuis `source/` rsync — PAS une app
Coolify malgre la spec). Procedure en memoire `simpl-liste-web-deploy`.
## Decisions recentes
- 2026-05-30 : #90 merged (PR #93, ThemeToggle eslint-disable) + premier deploy web depuis 7 sem (rsync source/ + docker compose --build sur VPS) — #70 et #90 live sur liste.lacompagniemaximus.com.
- 2026-05-30 : PR #89 merged — display name web resolu via userInfo (ordre fallback de la vitrine), fix #70.
- 2026-05-30 : nettoyage lint web/ (PR #91, 2 prefer-const + import inutilise) ; #90 analyse (ThemeToggle set-state-in-effect, decision : eslint-disable documente).
- 2026-05-10 : Aligne 6 patches Expo SDK 54 via expo install --fix — expo-doctor 17/17 (ref #87)

10
package-lock.json generated
View file

@ -1,12 +1,12 @@
{
"name": "simpl-liste",
"version": "1.6.3",
"version": "1.6.4",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "simpl-liste",
"version": "1.6.3",
"version": "1.6.4",
"dependencies": {
"@expo-google-fonts/inter": "^0.4.2",
"@expo/ngrok": "^4.1.3",
@ -6464,9 +6464,9 @@
}
},
"node_modules/expo/node_modules/ws": {
"version": "8.20.0",
"resolved": "https://registry.npmjs.org/ws/-/ws-8.20.0.tgz",
"integrity": "sha512-sAt8BhgNbzCtgGbt2OxmpuryO63ZoDk/sqaB/znQm94T4fCEsy/yV+7CdC1kJhOU9lboAEU7R3kquuycDoibVA==",
"version": "8.21.0",
"resolved": "https://registry.npmjs.org/ws/-/ws-8.21.0.tgz",
"integrity": "sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==",
"license": "MIT",
"engines": {
"node": ">=10.0.0"

5
package.json
View file

@ -68,7 +68,10 @@
"esbuild": "^0.25.0",
"@xmldom/xmldom": "^0.8.13",
"uuid": "^11.1.1",
"postcss": "^8.5.10"
"postcss": "^8.5.10",
"@expo/cli": {
"ws": "^8.20.1"
}
},
"private": true
}