Fix security issues in dev environment reported by dependbot

chrome-extension/vite.config.mts

@@ -19,6 +19,15 @@ export default defineConfig({
     conditions: ['browser', 'module', 'import', 'default'],
     mainFields: ['browser', 'module', 'main']
   },
+  server: {
+    // Restrict CORS to only allow localhost
+    cors: {
+      origin: ['http://localhost:5173', 'http://localhost:3000'],
+      methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+      credentials: true
+    },
+    host: 'localhost',
+  },
   plugins: [
     libAssetsPlugin({
       outputPath: outDir,

package.json

@@ -43,25 +43,25 @@
     "@typescript-eslint/parser": "^7.18.0",
     "autoprefixer": "^10.4.20",
     "cross-env": "^7.0.3",
-    "esbuild": "^0.23.0",
+    "esbuild": "^0.25.1",
     "eslint": "8.57.0",
     "eslint-config-airbnb-typescript": "18.0.0",
     "eslint-config-prettier": "9.1.0",
     "eslint-plugin-import": "2.29.1",
     "eslint-plugin-jsx-a11y": "6.9.0",
-    "eslint-plugin-prettier": "5.2.1",
-    "eslint-plugin-react": "7.35.0",
+    "eslint-plugin-prettier": "5.2.4",
+    "eslint-plugin-react": "7.35.2",
     "eslint-plugin-react-hooks": "4.6.2",
     "husky": "^9.1.4",
     "lint-staged": "^15.2.7",
     "postcss": "^8.4.47",
     "prettier": "^3.3.3",
     "rimraf": "^6.0.1",
-    "tailwindcss": "^3.4.14",
+    "tailwindcss": "^3.4.17",
     "tslib": "^2.6.3",
     "typescript": "5.5.4",
     "turbo": "^2.3.3",
-    "vite": "6.0.5",
+    "vite": "6.0.12",
     "run-script-os": "^1.1.6"
   },
   "lint-staged": {
@@ -72,5 +72,10 @@
   "packageManager": "pnpm@9.15.1",
   "engines": {
     "node": ">=22.12.0"
+  },
+  "pnpm": {
+    "overrides": {
+      "cross-spawn": "^7.0.5"
+    }
   }
 }