- Replace eval() with ast.literal_eval() in pdf_utils.py to fix unauthenticated remote code execution via crafted PDF uploads (reported by OX Security) - Sanitize HTML output with DOMPurify to prevent XSS - Restrict CORS origins (configurable via CORS_ORIGINS env var) - Suppress raw exception details in API error responses - Cap Image.MAX_IMAGE_PIXELS to prevent decompression bomb DoS - Add security regression test suite Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
31 lines
700 B
JSON
31 lines
700 B
JSON
{
|
|
"name": "deepseek-ocr-frontend",
|
|
"private": true,
|
|
"version": "2.0.0",
|
|
"type": "module",
|
|
"scripts": {
|
|
"dev": "vite --host",
|
|
"build": "vite build",
|
|
"preview": "vite preview"
|
|
},
|
|
"dependencies": {
|
|
"axios": "^1.6.5",
|
|
"dompurify": "^3.3.3",
|
|
"framer-motion": "^11.0.0",
|
|
"lucide-react": "^0.344.0",
|
|
"react": "^18.3.1",
|
|
"react-dom": "^18.3.1",
|
|
"react-dropzone": "^14.2.3",
|
|
"react-markdown": "^10.1.0"
|
|
},
|
|
"devDependencies": {
|
|
"@types/react": "^18.3.12",
|
|
"@types/react-dom": "^18.3.1",
|
|
"@vitejs/plugin-react": "^4.3.4",
|
|
"autoprefixer": "^10.4.17",
|
|
"postcss": "^8.4.35",
|
|
"tailwindcss": "^3.4.1",
|
|
"vite": "^5.4.11"
|
|
}
|
|
}
|