From 1b3bb89cd8a9b0448393dbafa4f13719c870e3f6 Mon Sep 17 00:00:00 2001
From: Cristian Magherusan-Stanciu <cristi.magherusan@gmail.com>
Date: Sat, 30 May 2026 19:42:13 +0200
Subject: [PATCH] sec(frontend): pin npm deps to exact lockfile versions
 (closes #425)

Replace all 29 caret ranges (^) in package.json with the exact versions
already recorded in package-lock.json. Exact pins eliminate the window
where `npm install` (vs `npm ci`) resolves a newer minor/patch that may
carry unaudited CVEs, and make supply-chain review straightforward.

No functional change: every pinned version is the version currently
installed, so the lockfile is unchanged.
---
 frontend/package.json | 58 +++++++++++++++++++++----------------------
 1 file changed, 29 insertions(+), 29 deletions(-)

diff --git a/frontend/package.json b/frontend/package.json
index 7e08da2e..07f94483 100644
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -14,37 +14,37 @@
     "clean": "rm -rf dist"
   },
   "devDependencies": {
-    "@babel/core": "^7.23.0",
-    "@babel/preset-env": "^7.23.0",
-    "@babel/preset-typescript": "^7.23.0",
-    "@testing-library/dom": "^9.3.0",
-    "@testing-library/jest-dom": "^6.1.0",
-    "@types/chart.js": "^2.9.41",
-    "@types/jest": "^29.5.0",
-    "@types/jsdom": "^21.1.0",
-    "@typescript-eslint/eslint-plugin": "^6.0.0",
-    "@typescript-eslint/parser": "^6.0.0",
-    "babel-loader": "^9.1.0",
-    "copy-webpack-plugin": "^13.0.1",
-    "css-loader": "^6.8.0",
-    "css-minimizer-webpack-plugin": "^5.0.0",
-    "eslint": "^8.50.0",
-    "html-webpack-plugin": "^5.5.0",
-    "jest": "^29.7.0",
-    "jest-environment-jsdom": "^29.7.0",
-    "jsdom": "^22.1.0",
-    "mini-css-extract-plugin": "^2.7.0",
-    "style-loader": "^3.3.0",
-    "ts-jest": "^29.1.0",
-    "ts-loader": "^9.5.0",
-    "typescript": "^5.3.0",
-    "webpack": "^5.88.0",
-    "webpack-cli": "^5.1.0"
+    "@babel/core": "7.28.5",
+    "@babel/preset-env": "7.28.5",
+    "@babel/preset-typescript": "7.28.5",
+    "@testing-library/dom": "9.3.4",
+    "@testing-library/jest-dom": "6.9.1",
+    "@types/chart.js": "2.9.41",
+    "@types/jest": "29.5.14",
+    "@types/jsdom": "21.1.7",
+    "@typescript-eslint/eslint-plugin": "6.21.0",
+    "@typescript-eslint/parser": "6.21.0",
+    "babel-loader": "9.2.1",
+    "copy-webpack-plugin": "13.0.1",
+    "css-loader": "6.11.0",
+    "css-minimizer-webpack-plugin": "5.0.1",
+    "eslint": "8.57.1",
+    "html-webpack-plugin": "5.6.5",
+    "jest": "29.7.0",
+    "jest-environment-jsdom": "29.7.0",
+    "jsdom": "22.1.0",
+    "mini-css-extract-plugin": "2.9.4",
+    "style-loader": "3.3.4",
+    "ts-jest": "29.4.6",
+    "ts-loader": "9.5.4",
+    "typescript": "5.9.3",
+    "webpack": "5.103.0",
+    "webpack-cli": "5.1.4"
   },
   "dependencies": {
-    "@types/qrcode": "^1.5.6",
-    "chart.js": "^4.4.0",
-    "qrcode": "^1.5.4"
+    "@types/qrcode": "1.5.6",
+    "chart.js": "4.5.1",
+    "qrcode": "1.5.4"
   },
   "jest": {
     "preset": "ts-jest",