@codyswann/lisa 1.43.0 → 1.43.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/expo/package-lisa/package.lisa.json +5 -3
  2. package/nestjs/copy-overwrite/knip.json +2 -2
  3. package/package.json +6 -2
  4. package/typescript/copy-contents/.husky/pre-push +7 -1
  5. package/typescript/copy-overwrite/.github/workflows/quality.yml +7 -1
  6. package/typescript/package-lisa/package.lisa.json +4 -0
package/expo/package-lisa/package.lisa.json CHANGED
@@ -105,7 +105,7 @@
105
105
  "react-native-svg": "^15.15.1",
106
106
  "react-native-web": "^0.21.2",
107
107
  "tailwindcss": "^3.4.7",
108
- "tar": "^7.5.7",
108
+ "tar": "^7.5.8",
109
109
  "text-encoding-polyfill": "^0.6.7",
110
110
  "usehooks-ts": "^3.1.1",
111
111
  "zod": "^4.3.5"
@@ -148,13 +148,15 @@
148
148
  "resolutions": {
149
149
  "@isaacs/brace-expansion": "^5.0.1",
150
150
  "eslint-plugin-react-hooks": "^7.0.0",
151
- "tar": "^7.5.7"
151
+ "fast-xml-parser": "^5.3.6",
152
+ "tar": "^7.5.8"
152
153
  },
153
154
  "overrides": {
154
155
  "@isaacs/brace-expansion": "^5.0.1",
155
156
  "eslint-plugin-react-hooks": "^7.0.0",
157
+ "fast-xml-parser": "^5.3.6",
156
158
  "zod-validation-error": "^4.0.0",
157
- "tar": "^7.5.7"
159
+ "tar": "^7.5.8"
158
160
  }
159
161
  }
160
162
  }
package/nestjs/copy-overwrite/knip.json CHANGED
@@ -52,10 +52,10 @@
52
52
  "graphql-subscriptions",
53
53
  "graphql-ws",
54
54
  "lodash",
55
- "reflect-metadata",
56
- "rxjs",
57
55
  "ioredis",
58
56
  "pg",
57
+ "reflect-metadata",
58
+ "rxjs",
59
59
  "typeorm",
60
60
  "typeorm-naming-strategies"
61
61
  ],
package/package.json CHANGED
@@ -90,8 +90,12 @@
90
90
  "@isaacs/brace-expansion": "^5.0.1",
91
91
  "axios": ">=1.13.5"
92
92
  },
93
+ "overrides": {
94
+ "@isaacs/brace-expansion": "^5.0.1",
95
+ "axios": ">=1.13.5"
96
+ },
93
97
  "name": "@codyswann/lisa",
94
- "version": "1.43.0",
98
+ "version": "1.43.2",
95
99
  "description": "Claude Code governance framework that applies guardrails, guidance, and automated enforcement to projects",
96
100
  "main": "dist/index.js",
97
101
  "bin": {
@@ -119,7 +123,7 @@
119
123
  "commander": "^12.0.0",
120
124
  "fs-extra": "^11.0.0",
121
125
  "lodash.merge": "^4.6.2",
122
- "minimatch": "^10.1.1",
126
+ "minimatch": "^10.2.1",
123
127
  "picocolors": "^1.0.0"
124
128
  },
125
129
  "type": "module"
package/typescript/copy-contents/.husky/pre-push CHANGED
@@ -85,7 +85,13 @@ elif [ "$PACKAGE_MANAGER" = "bun" ]; then
85
85
  # Parent packages pin ^4.4.1; fix requires major version 5.x (incompatible)
86
86
  # Risk: None - CLI build tool, not a production runtime dependency
87
87
 
88
- if ! bun audit --audit-level=high --ignore GHSA-5j98-mcp5-4vw2 --ignore GHSA-8qq5-rm4j-mr97 --ignore GHSA-37qj-frw5-hhjh; then
88
+ # Excluding GHSA-3ppc-4f35-3m26: minimatch ReDoS via repeated wildcards
89
+ # Transitive dependency in devDependencies (eslint, jest, nodemon, ts-morph, etc.)
90
+ # Fix requires minimatch v10 which changes export shape (object vs function),
91
+ # breaking test-exclude (used by Jest coverage). No production code path is affected.
92
+ # Risk: None - only devDependency tooling, never processes untrusted user input
93
+
94
+ if ! bun audit --audit-level=high --ignore GHSA-5j98-mcp5-4vw2 --ignore GHSA-8qq5-rm4j-mr97 --ignore GHSA-37qj-frw5-hhjh --ignore GHSA-3ppc-4f35-3m26; then
89
95
  echo "⚠️ Security audit failed. Please fix high/critical vulnerabilities before pushing."
90
96
  exit 1
91
97
  fi
package/typescript/copy-overwrite/.github/workflows/quality.yml CHANGED
@@ -1015,7 +1015,13 @@ jobs:
1015
1015
  # Parent packages pin ^4.4.1; fix requires major version 5.x (incompatible)
1016
1016
  # Risk: None - CLI build tool, not a production runtime dependency
1017
1017
 
1018
- if ! bun audit --audit-level=high --ignore GHSA-5j98-mcp5-4vw2 --ignore GHSA-8qq5-rm4j-mr97 --ignore GHSA-37qj-frw5-hhjh; then
1018
+ # Excluding GHSA-3ppc-4f35-3m26: minimatch ReDoS via repeated wildcards
1019
+ # Transitive dependency in devDependencies (eslint, jest, nodemon, ts-morph, etc.)
1020
+ # Fix requires minimatch v10 which changes export shape (object vs function),
1021
+ # breaking test-exclude (used by Jest coverage). No production code path is affected.
1022
+ # Risk: None - only devDependency tooling, never processes untrusted user input
1023
+
1024
+ if ! bun audit --audit-level=high --ignore GHSA-5j98-mcp5-4vw2 --ignore GHSA-8qq5-rm4j-mr97 --ignore GHSA-37qj-frw5-hhjh --ignore GHSA-3ppc-4f35-3m26; then
1019
1025
  echo "::warning::Found high or critical vulnerabilities"
1020
1026
  exit 1
1021
1027
  fi
package/typescript/package-lisa/package.lisa.json CHANGED
@@ -58,6 +58,10 @@
58
58
  "resolutions": {
59
59
  "@isaacs/brace-expansion": "^5.0.1",
60
60
  "axios": ">=1.13.5"
61
+ },
62
+ "overrides": {
63
+ "@isaacs/brace-expansion": "^5.0.1",
64
+ "axios": ">=1.13.5"
61
65
  }
62
66
  },
63
67
  "defaults": {