Content-only page transitions + dependency security overrides

- Persistent ShellComponent hosts the router-outlet so header/footer mount once
  (no re-mount flash); pages nest under a shell route. page-shell is now
  content-only; page-layout removed.
- Native withViewTransitions() cross-fades only the routed content (chrome gets
  stable view-transition-names); respects prefers-reduced-motion.
- package.json overrides pin patched transitive dev/build deps: npm audit 16
  (3 high/9 mod/4 low) -> 5 low; shipped app stays at 0 (npm audit --omit=dev).
  No Angular downgrade, no breaking Babel 8 bump. jsdom 28 -> 29.
- README: page-transitions section + honest dependency-security note.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Claude
2026-06-25 15:46:42 +02:00
parent f1f4f982a6
commit 4e14152758
9 changed files with 202 additions and 869 deletions

View File

@@ -28,7 +28,7 @@
"@angular/build": "^22.0.4",
"@angular/cli": "^22.0.4",
"@angular/compiler-cli": "^22.0.0",
"jsdom": "^28.0.0",
"jsdom": "^29.0.0",
"prettier": "^3.8.1",
"typescript": "~6.0.2",
"vitest": "^4.0.8",
@@ -42,5 +42,15 @@
"@angular-devkit/core": "^22.0.0",
"@angular/platform-browser-dynamic": "^22.0.0",
"@compodoc/compodoc": "^1.2.1"
},
"comment-overrides": "Pin patched versions of vulnerable DEV/BUILD-only transitive deps (Storybook + build chain). The shipped app already audits clean; this clears the dev-tooling advisories without downgrading Angular 22.",
"overrides": {
"picomatch": "^4.0.4",
"esbuild": "^0.28.1",
"http-proxy-middleware": "^3.0.7",
"ajv": "^8.20.0",
"webpack-dev-server": "^5.2.5",
"sockjs": "^0.3.24",
"uuid": "^11.1.1"
}
}