fix: add allow builds#1548
Merged
Merged
Conversation
|
🚀 Surge Preview has been successfully deployed! Preview URL: https://doocs-md-preview-pr-1548.surge.sh Built with commit 773a10f |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the repo’s pnpm workspace configuration to allow specific dependency build scripts, bumps/paches @codemirror/view to 6.43.0, and regenerates the pnpm lockfile accordingly. It also adds AI-agent guidance docs/config and a small ESLint ignore + import ordering tweak.
Changes:
- Add
allowBuildstopnpm-workspace.yamland updatepatchedDependenciesto@codemirror/view@6.43.0. - Update root dependency on
@codemirror/viewand regeneratepnpm-lock.yaml. - Add AI agent documentation/config (
CLAUDE.md,AGENTS.md,.claude/settings.local.json) and minor lint/import adjustments.
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| pnpm-workspace.yaml | Adds allowBuilds; updates patched dependency to @codemirror/view@6.43.0; removes CM overrides pins. |
| pnpm-lock.yaml | Lockfile regeneration reflecting new patch + dependency graph changes (includes some notable downgrades). |
| patches/@codemirror__view@6.43.0.patch | New patch for CM view 6.43.0 (MeasureRequest export + macOS Alt/Shift handling). |
| package.json | Updates @codemirror/view version range. |
| eslint.config.mjs | Ignores an additional example assets directory. |
| CLAUDE.md | Adds repository guidance for Claude Code (architecture, commands, dependency notes). |
| AGENTS.md | Adds brief AI-agent quickstart pointing to CLAUDE.md. |
| apps/web/src/components/editor/Footer.vue | Reorders icon imports. |
| .claude/settings.local.json | Adds Claude local permissions config. |
Comments suppressed due to low confidence (1)
patches/@codemirror__view@6.43.0.patch:25
- The patched
dist/index.jshunk drops the trailing&&after the macOS Alt-key condition and leaves&&inside a comment. That will make the generatedifcondition syntactically invalid (the next line starts with(baseName = …)without an operator), breaking builds when the patch is applied. Keep the&&as part of the expression and put the explanatory comment on its own line (or at the end of the line) so the boolean chain remains intact.
| "dependencies": { | ||
| "@codemirror/state": "6.6.0", | ||
| "@codemirror/view": "6.42.1" | ||
| "@codemirror/view": "^6.43.0" |
Comment on lines
51
to
53
| patchedDependencies: | ||
| '@codemirror/view@6.42.1': patches/@codemirror__view@6.42.1.patch | ||
| '@codemirror/view@6.43.0': patches/@codemirror__view@6.43.0.patch | ||
| juice@11.1.1: patches/juice@11.1.1.patch |
Comment on lines
+3
to
+9
| "allow": [ | ||
| "Bash(pnpm install *)", | ||
| "Bash(pnpm *)", | ||
| "Bash(git checkout *)", | ||
| "Bash(git restore *)", | ||
| "Bash(git stash *)" | ||
| ] |
Comment on lines
+5017
to
+5023
| ini@1.3.0: | ||
| resolution: {integrity: sha512-6tyfJkFAmQV64x9Li007PNZgNxqRywig4Rv8PDfzU9kgDBmURaIvjSL2wKyx45LPSIXsvDkFGbOMqMHC1PsORA==} | ||
| deprecated: Please update to ini >=1.3.6 to avoid a prototype pollution issue | ||
|
|
||
| ini@1.3.4: | ||
| resolution: {integrity: sha512-VUA7WAWNCWfm6/8f9kAb8Y6iGBWnmCfgFS5dTrv2C38LLm1KUmpY388mCVCJCsMKQomvOQ1oW8/edXdChd9ZXQ==} | ||
| deprecated: Please update to ini >=1.3.6 to avoid a prototype pollution issue |
The lockfile was generated with pnpm v11 but CI workflows were pinned to v10, causing surge and cloudflare preview builds to fail. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
🚀 Cloudflare Workers Preview has been successfully deployed! Preview URL: https://md-pr-1548.doocs.workers.dev Built with commit 5137b47 |
- Pin @codemirror/view to exact 6.43.0 to match patchedDependencies - Add @codemirror/view override in pnpm-workspace.yaml for reproducible installs - Add ini >=1.3.8 override to block prototype pollution vulnerability - Change trustPolicy from no-downgrade to audit to fix install failure - Remove .claude/settings.local.json from git and add to .gitignore Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
pnpm v11's no-downgrade trust policy blocks @webext-core/isolated-element@1.1.5 which lost its trusted publisher evidence, causing CI install failures. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Keep Docker build consistent with CI workflows and lockfile. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
🗑️ Cloudflare Workers preview deployment has been cleaned up. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.