Content-only page transitions + dependency security overrides
- Persistent ShellComponent hosts the router-outlet so header/footer mount once (no re-mount flash); pages nest under a shell route. page-shell is now content-only; page-layout removed. - Native withViewTransitions() cross-fades only the routed content (chrome gets stable view-transition-names); respects prefers-reduced-motion. - package.json overrides pin patched transitive dev/build deps: npm audit 16 (3 high/9 mod/4 low) -> 5 low; shipped app stays at 0 (npm audit --omit=dev). No Angular downgrade, no breaking Babel 8 bump. jsdom 28 -> 29. - README: page-transitions section + honest dependency-security note. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
12
package.json
12
package.json
@@ -28,7 +28,7 @@
|
||||
"@angular/build": "^22.0.4",
|
||||
"@angular/cli": "^22.0.4",
|
||||
"@angular/compiler-cli": "^22.0.0",
|
||||
"jsdom": "^28.0.0",
|
||||
"jsdom": "^29.0.0",
|
||||
"prettier": "^3.8.1",
|
||||
"typescript": "~6.0.2",
|
||||
"vitest": "^4.0.8",
|
||||
@@ -42,5 +42,15 @@
|
||||
"@angular-devkit/core": "^22.0.0",
|
||||
"@angular/platform-browser-dynamic": "^22.0.0",
|
||||
"@compodoc/compodoc": "^1.2.1"
|
||||
},
|
||||
"comment-overrides": "Pin patched versions of vulnerable DEV/BUILD-only transitive deps (Storybook + build chain). The shipped app already audits clean; this clears the dev-tooling advisories without downgrading Angular 22.",
|
||||
"overrides": {
|
||||
"picomatch": "^4.0.4",
|
||||
"esbuild": "^0.28.1",
|
||||
"http-proxy-middleware": "^3.0.7",
|
||||
"ajv": "^8.20.0",
|
||||
"webpack-dev-server": "^5.2.5",
|
||||
"sockjs": "^0.3.24",
|
||||
"uuid": "^11.1.1"
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user