@papercraneai/cli 1.9.1-beta.0 → 1.9.1-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/dev-server.js +16 -1
- package/package.json +2 -2
package/lib/dev-server.js
CHANGED
|
@@ -331,10 +331,25 @@ export async function generateScaffolding(workspaceDir, { npmInstall = false, ke
|
|
|
331
331
|
// postcss.config.mjs — Tailwind compilation
|
|
332
332
|
await writeScaffold(path.join(workspaceDir, 'postcss.config.mjs'), POSTCSS_CONFIG);
|
|
333
333
|
|
|
334
|
+
// next.config.mjs
|
|
335
|
+
// NOTE: next is pinned to 16.1.7 in package.json. Next.js 16.2.0 introduced
|
|
336
|
+
// a cross-origin HMR block that breaks webpack-hmr over Daytona proxy domains.
|
|
337
|
+
// To upgrade past 16.1.7, add allowedDevOrigins: ['*.daytonaproxy01.net'] to
|
|
338
|
+
// the config below. A bare '*' does NOT work — Next's allowedDevOrigins only
|
|
339
|
+
// supports exact hosts or subdomain patterns like '*.domain.com' (see
|
|
340
|
+
// https://github.com/vercel/next.js/discussions/76999), so a true catch-all
|
|
341
|
+
// is not available and each preview domain must be enumerated.
|
|
342
|
+
//
|
|
343
|
+
// Security caveat for staying on 16.1.7: GHSA-q4gf-8mx6-v5v3 (CVE-2026-23869,
|
|
344
|
+
// CVSS 7.5) is a DoS in App Router Server Function deserialization that
|
|
345
|
+
// affects all 16.x < 16.2.3. The 16.1.x branch was NOT backported — only
|
|
346
|
+
// 15.5.15 and 16.2.3 are patched. Any unauthenticated POST to a Server
|
|
347
|
+
// Function endpoint can pin a worker's CPU. Acceptable for sandboxed dev
|
|
348
|
+
// environments behind Daytona proxy auth, but revisit before exposing
|
|
349
|
+
// dashboards on an untrusted network.
|
|
334
350
|
const nextConfig = `/** @type {import('next').NextConfig} */
|
|
335
351
|
const nextConfig = {
|
|
336
352
|
transpilePackages: ['@papercraneai/cli', '@papercrane/dashboard-grid'],
|
|
337
|
-
allowedDevOrigins: ['*'],
|
|
338
353
|
turbopack: {
|
|
339
354
|
root: ${JSON.stringify(workspaceDir)},
|
|
340
355
|
},
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@papercraneai/cli",
|
|
3
|
-
"version": "1.9.1-beta.
|
|
3
|
+
"version": "1.9.1-beta.1",
|
|
4
4
|
"description": "CLI tool for managing OAuth credentials for LLM integrations",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"type": "module",
|
|
@@ -76,7 +76,7 @@
|
|
|
76
76
|
"input-otp": "^1.4.2",
|
|
77
77
|
"jiti": "^2.4.2",
|
|
78
78
|
"lucide-react": "^0.559.0",
|
|
79
|
-
"next": "
|
|
79
|
+
"next": "16.1.7",
|
|
80
80
|
"next-themes": "^0.4.6",
|
|
81
81
|
"open": "^8.4.2",
|
|
82
82
|
"react": "19.2.1",
|