Skip to content

Feature/web components#153

Merged
kalevski merged 636 commits into
mainfrom
feature/web-components
Jun 24, 2026
Merged

Feature/web components#153
kalevski merged 636 commits into
mainfrom
feature/web-components

Conversation

@kalevski

Copy link
Copy Markdown
Owner

No description provided.

kalevski and others added 30 commits June 18, 2026 07:31
kalevski and others added 28 commits June 22, 2026 07:49
…etplay loopback demo to @toolcase/phaser-plus
Migrate taskforge UI to @toolcase/web-components (tc-* tags), drop the
bundled taskforge package-lock, and tidy web-components Button/react +
dashboard-layout/switch styles.

Fix all 3 npm audit advisories via root overrides without downgrading
next (npm audit fix --force wanted next 16.2.9 -> 9.3.3):
- postcss -> ^8.5.15  (XSS in stringify; forces next's bundled copy)
- tsup > esbuild -> ^0.28.1  (Windows dev-server file read; scoped to
  tsup so vite's safe 0.25.12 stays untouched)
npm audit now reports 0 vulnerabilities.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
github-token: token-only HTTPS clone (no username), suited to a token
from a social/web login (gh auth login), a PAT, or an OAuth/app token.
Sent as Authorization: Basic base64("x-access-token:<token>") via
GIT_CONFIG_*, so it never lands in argv or on disk.

ssh-key key_env: supply the private key material through an env var
instead of a key_file path. The daemon materializes it into a 0600
temp file it owns at sync time and removes it afterward — no host-side
staging or chown (the friction key_file hits in a container where the
host-uid key is unreadable by the unprivileged daemon).

Inline auth.key is a parse-time error, same as other inline secrets.
@kalevski kalevski merged commit 9afe894 into main Jun 24, 2026
2 of 4 checks passed
@kalevski kalevski deleted the feature/web-components branch June 24, 2026 00:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant