Julien Gautier 15da7a5778
CI / commits (pull_request) Successful in 3m0s
CI / scan (pull_request) Successful in 3m19s
CI / check (pull_request) Successful in 4m17s
CI / a11y (pull_request) Successful in 2m32s
Docs site / build (pull_request) Successful in 4m0s
CI / perf (pull_request) Successful in 7m24s
fix(deps): bump uuid to >=11.1.1 via pnpm.overrides (GHSA-w5hq-g745-h8pq)
pnpm audit was failing ci:audit at moderate severity:

  uuid@<11.1.1 — missing buffer bounds check in v3/v5/v6 when buf
  is provided (GHSA-w5hq-g745-h8pq).
  Path: . > @lhci/cli@0.15.1 > uuid@8.3.2

@lhci/cli pulls in uuid@8.3.2 (uses only uuid.v4()); the advisory
flags the v3/v5/v6 code paths so our usage is technically not at
risk, but the audit gate is set to moderate and any flagged
advisory blocks CI per ADR-0015.

The override matches the pattern already in use for axios / ajv /
brace-expansion / esbuild / follow-redirects / ip-address /
protobufjs / tmp / ws / yaml — force the transitive dep to a
patched range. uuid@14 is the resolved version (latest), already
in the tree via mermaid; consolidating everything onto a single
major also removes the dedup warning.

Compatibility: uuid@14 is ESM-only (`type: module` + conditional
exports). @lhci/cli does `const uuid = require('uuid')` which
works on Node >= 22.12 via the stable `require(esm)` capability.
The workspace pins Node 24 (.nvmrc), so the CJS consumer is fine.
Verified by loading @lhci/cli's node-runner module under the new
resolution — no exception.

Test plan:
- pnpm ci:audit: clean ("No known vulnerabilities found").
- pnpm ci:check: 13 projects green.
2026-05-24 00:25:59 +02:00

Documentation index

This is the entry point to all project documentation. It is maintained automatically: any addition, rename, or removal of a .md file under docs/ must be reflected here in the same change.

Conventions

  • Documentation is written in English.
  • One topic per file. Group related files into a folder when there are three or more.
  • Cross-reference with relative links so they keep working in GitHub, IDEs, and exported sites.
  • For architectural decisions, do not add them here — they belong in decisions/ as MADR 4.0.0 ADRs.

Sections

Daily development

  • development.md — repo layout, prerequisites, initial setup, daily commands, observability dev-loop (Jaeger UI, log ↔ trace correlation), dependency updates (Renovate), conventional commit cycle. Day-to-day reference for working on the project.

Architecture

  • architecture.md — cross-cutting Mermaid diagrams: C4 system context, C4 containers, Nx module boundaries, CI/CD pipeline. Single-decision diagrams (auth sequence, ERD, etc.) live inline in their ADR.

Onboarding & environment

Setup guides for new contributors:

Operations & runbooks

Empty — to be populated when we deploy.

Security, performance, accessibility

Empty — placeholders to be filled with rationale docs alongside their corresponding ADRs.

S
Description
No description provided
Readme 42 MiB
Languages
TypeScript 85.3%
JavaScript 5.4%
SCSS 4.3%
HTML 3.9%
Shell 0.8%
Other 0.3%