fix(deps): 修复多个安全漏洞

升级直接依赖:
- @google/genai: 1.19.0 → 1.32.0 (修复 jws HMAC 签名验证漏洞)
- vite: 6.x → 7.2.7 (修复 3 个安全漏洞)
- electron: 37.1.0 → 39.2.6 (修复 ASAR 完整性绕过)
- electron-builder: 24.13.3 → 26.0.12
- electron-builder-squirrel-windows: 新增 26.0.12
- electron-updater: 6.3.9 → 6.6.2
- vue-i18n: 10.0.6 → 11.2.2 (修复 XSS 漏洞)
- @modelcontextprotocol/sdk: 1.16.0 → 1.24.3 (修复 DNS 重绑定)
- element-plus: 2.10.2 → 2.12.0 (修复 el-link href 验证)
- @typescript-eslint/*: 6.21.0 → 8.49.0 (支持 TypeScript 5.8.3)

自动修复的传递依赖:
- jws: 4.0.1, form-data: 4.0.5, tmp: 0.2.5
- body-parser: 2.2.1, @eslint/plugin-kit: 0.3.5

其他:
- 修复 lint 错误 (未使用的 catch 变量添加 _ 前缀)

Author: linshenkx

package.json

@@ -49,11 +49,11 @@
     "kill:dev": "node scripts/kill-dev.js"
   },
   "devDependencies": {
-    "@intlify/unplugin-vue-i18n": "^6.0.3",
+    "@intlify/unplugin-vue-i18n": "^11.0.1",
     "@playwright/test": "^1.56.1",
     "concurrently": "^8.2.2",
     "cross-env": "^7.0.3",
-    "electron": "^37.1.0",
+    "electron": "^39.2.6",
     "i18next": "^24.2.2",
     "i18next-browser-languagedetector": "^8.0.4",
     "lodash-unified": "^1.0.3",
@@ -81,7 +81,7 @@
     "lodash-es": "^4.17.21",
     "memoize-one": "^6.0.0",
     "normalize-wheel-es": "^1.2.0",
-    "vue-i18n": "^10.0.6"
+    "vue-i18n": "^11.2.2"
   },
   "keywords": [],
   "author": "",

packages/core/package.json

@@ -31,7 +31,7 @@
   },
   "dependencies": {
     "@anthropic-ai/sdk": "^0.65.0",
-    "@google/genai": "^1.0.0",
+    "@google/genai": "^1.32.0",
     "@types/mustache": "^4.2.5",
     "dexie": "^4.0.11",
     "diff": "^8.0.2",

packages/desktop/package.json

@@ -17,14 +17,15 @@
   },
   "devDependencies": {
     "cross-env": "^7.0.3",
-    "electron": "^37.1.0",
-    "electron-builder": "^24.0.0"
+    "electron": "^39.2.6",
+    "electron-builder": "^26.0.12",
+    "electron-builder-squirrel-windows": "^26.0.12"
   },
   "dependencies": {
     "@prompt-optimizer/core": "workspace:*",
     "dotenv": "^16.0.0",
     "electron-log": "^5.4.1",
-    "electron-updater": "6.3.9",
+    "electron-updater": "6.6.2",
     "node-fetch": "^2.7.0",
     "undici": "^6.19.8"
   },

packages/extension/package.json

@@ -12,7 +12,7 @@
   },
   "dependencies": {
     "@prompt-optimizer/ui": "workspace:*",
-    "element-plus": "^2.9.3",
+    "element-plus": "^2.12.0",
     "uuid": "^11.0.5",
     "vue": "^3.5.13"
   },
@@ -22,16 +22,16 @@
     "@tsconfig/node18": "^18.2.4",
     "@types/node": "^22.13.4",
     "@types/uuid": "^10.0.0",
-    "@vitejs/plugin-basic-ssl": "^1.2.0",
-    "@vitejs/plugin-vue": "^5.2.1",
+    "@vitejs/plugin-basic-ssl": "^2.1.0",
+    "@vitejs/plugin-vue": "^6.0.2",
     "@vue/tsconfig": "^0.5.1",
     "autoprefixer": "^10.4.20",
+    "dotenv": "^16.4.7",
+    "js-yaml": "^4.1.0",
     "postcss": "^8.5.1",
     "tailwindcss": "^3.4.17",
     "typescript": "^5.0.0",
-    "vite": "^6.0.7",
-    "vitest": "^3.0.2",
-    "dotenv": "^16.4.7",
-    "js-yaml": "^4.1.0"
+    "vite": "^7.2.7",
+    "vitest": "^3.0.2"
   }
 }

packages/mcp-server/package.json

@@ -26,7 +26,7 @@
   "author": "Prompt Optimizer Team",
   "license": "AGPL-3.0-only",
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.16.0",
+    "@modelcontextprotocol/sdk": "^1.24.3",
     "@prompt-optimizer/core": "workspace:*",
     "debug": "^4.4.1",
     "dotenv": "^16.4.7",
@@ -36,8 +36,8 @@
     "@types/debug": "^4.1.12",
     "@types/express": "^4.17.23",
     "@types/node": "^20.11.0",
-    "@typescript-eslint/eslint-plugin": "^6.21.0",
-    "@typescript-eslint/parser": "^6.21.0",
+    "@typescript-eslint/eslint-plugin": "^8.49.0",
+    "@typescript-eslint/parser": "^8.49.0",
     "eslint": "^8.57.0",
     "tsup": "^8.0.2",
     "typescript": "^5.3.3",

packages/ui/package.json

@@ -48,16 +48,16 @@
   "devDependencies": {
     "@types/node": "^22.13.10",
     "@types/uuid": "^10.0.0",
-    "@typescript-eslint/eslint-plugin": "^6.21.0",
-    "@typescript-eslint/parser": "^6.21.0",
-    "@vitejs/plugin-vue": "^5.2.1",
+    "@typescript-eslint/eslint-plugin": "^8.49.0",
+    "@typescript-eslint/parser": "^8.49.0",
+    "@vitejs/plugin-vue": "^6.0.2",
     "@vue/test-utils": "^2.4.5",
     "@vue/tsconfig": "^0.5.1",
     "eslint": "^8.57.0",
     "eslint-plugin-vue": "^10.4.0",
     "jsdom": "^26.0.0",
     "typescript": "^5.8.2",
-    "vite": "^6.2.0",
+    "vite": "^7.2.7",
     "vite-plugin-dts": "^4.5.3",
     "vitest": "^3.0.7"
   }

packages/ui/src/components/DataManager.vue

@@ -458,7 +458,7 @@ const handleContextImportFromFile = async (file: File) => {
     let importData: unknown
     try {
       importData = JSON.parse(content)
-    } catch (parseError) {
+    } catch (_parseError) {
       toast.error('无效的JSON格式，请检查文件内容')
       return
     }
@@ -520,7 +520,7 @@ const handleContextImportFromClipboard = async () => {
     let importData: unknown
     try {
       importData = JSON.parse(clipboardContent)
-    } catch (parseError) {
+    } catch (_parseError) {
       toast.error('无效的JSON格式，请检查数据格式')
       return
     }

packages/ui/src/components/ImageModelEditModal.vue

@@ -403,7 +403,7 @@ const refreshModels = async () => {
       count: models.value.length
     }
     toast.success(t('image.model.refreshSuccess'))
-  } catch (error) {
+  } catch (_error) {
     modelLoadingStatus.value = { type: 'error', messageKey: 'image.model.refreshError' }
     toast.error(t('image.model.refreshError'))
   } finally {
@@ -425,7 +425,7 @@ const save = async () => {
     toast.success(isEditing.value ? t('image.config.updateSuccess') : t('image.config.createSuccess'))
     emit('saved')
     close()
-  } catch (error) {
+  } catch (_error) {
     console.error('保存配置失败:', error)
     toast.error(t('image.config.saveFailed'))
   }

packages/ui/src/components/variable/VariableImporter.vue

@@ -352,7 +352,7 @@ const handleFile = (file: File) => {
     try {
       const variables = parseVariables(content, textFormat.value)
       previewVariables.value = variables
-    } catch (err) {
+    } catch (_err) {
       error.value = err instanceof Error ? err.message : t('variables.importer.errors.parseError')
       previewVariables.value = {}
     }
@@ -427,7 +427,7 @@ watch([importText, textFormat], () => {
       const variables = parseVariables(importText.value, textFormat.value)
       previewVariables.value = variables
       error.value = ''
-    } catch (err) {
+    } catch (_err) {
       previewVariables.value = {}
       // 不立即显示错误，等用户完成输入
     }

packages/web/package.json

@@ -21,16 +21,16 @@
     "@pinia/testing": "^0.1.7",
     "@tailwindcss/forms": "^0.5.10",
     "@tailwindcss/typography": "^0.5.16",
-    "@vitejs/plugin-basic-ssl": "^1.2.0",
-    "@vitejs/plugin-vue": "^5.2.1",
+    "@vitejs/plugin-basic-ssl": "^2.1.0",
+    "@vitejs/plugin-vue": "^6.0.2",
     "@vue/test-utils": "^2.4.6",
     "autoprefixer": "^10.4.20",
+    "dotenv": "^16.4.7",
+    "js-yaml": "^4.1.0",
     "jsdom": "^26.0.0",
     "postcss": "^8.5.1",
     "tailwindcss": "^3.4.17",
-    "vite": "^6.0.7",
-    "vitest": "^3.0.2",
-    "dotenv": "^16.4.7",
-    "js-yaml": "^4.1.0"
+    "vite": "^7.2.7",
+    "vitest": "^3.0.2"
   }
-} 
+}