Skip to content

fix: align Vue runtime, patch UnoCSS scrollbar, update deps, fix Windows/Docker builds#1829

Closed
shahboura wants to merge 36 commits into
CorentinTh:mainfrom
shahboura:fix/deps-alignment-and-unocss-scrollbar
Closed

fix: align Vue runtime, patch UnoCSS scrollbar, update deps, fix Windows/Docker builds#1829
shahboura wants to merge 36 commits into
CorentinTh:mainfrom
shahboura:fix/deps-alignment-and-unocss-scrollbar

Conversation

@shahboura

Copy link
Copy Markdown

What

Fixes two critical runtime errors introduced by Dependabot dep bumps, plus build/CI hygiene.

Fixes

🔴 Vue 3.5.34 / @vue/runtime-dom 3.5.39 mismatch

Dependabot bumped @vue/runtime-dom to 3.5.39 without bumping vue (stuck at 3.5.34). Caused Uncaught ReferenceError: init_runtime_dom_esm_bundler is not defined in browser.
→ Bumped vue to ^3.5.39 to match.

🟡 UnoCSS unmatched utility on scrollbar shortcuts

unocss-preset-scrollbar v4.0.0 has a bug: the scrollbar shortcut references scrollbar-width-auto and scrollbar-color-[...] utilities that are only registered when compatible: true.
→ Set presetScrollbar({ compatible: true }).

🟡 Windows + Docker build failures

  • Windows: NODE_OPTIONS=… inline syntax is POSIX-only → added cross-env.
  • Docker: pnpm v11 requires allowBuilds in pnpm-workspace.yaml for esbuild native binaries → created config + switched Dockerfile to corepack enable.

Deps Updated

Package From To
@tiptap/pm 3.23.5 3.27.1
@tiptap/starter-kit 3.23.5 3.27.1
@tiptap/vue-3 3.23.5 3.27.1
@types/node ^25.9.1 ^26.1.0
unplugin-vue-markdown ^30.0.0 ^32.0.0
cross-env (new) ^10.0.0

CI

  • Node version: 22 → 24 (both LTS, 22 EOL Oct 2026)
  • Docker base: nginx:stable-alpinenginx:stable-alpine-slim

Verified

  • pnpm dev — zero UnoCSS warnings
  • pnpm build — passes on Windows (cross-env) and Linux

shahboura and others added 30 commits May 21, 2026 05:13
## Dependency Upgrades
- Update all packages to latest via pnpm update --latest
  - vue 3.3.4 -> 3.5.34, vite 4.4.9 -> 8.0.13, pinia 2.0.34 -> 3.0.4
  - vue-router 4.1.6 -> 5.0.7, vue-i18n 9.9.1 -> 11.4.4
  - typescript 5.2 -> 6.0, eslint 8.47 -> 10.4, vitest 0.34 -> 4.1
  - unocss 0.65 -> 66.6, @playwright/test 1.32 -> 1.60, etc.
- Remove deprecated stub type packages (@types/bcryptjs, @types/dompurify, @types/uuid)
- Remove plausible-tracker (deprecated npm package)
- Replace figue with native import.meta.env (v3 is broken - infinite recursion)
- Migrate vite-plugin-vue-markdown -> unplugin-vue-markdown

## Breaking Change Fixes
- Pinia: convert style.store.ts from options API to setup() pattern (pinia v3)
- Vue-router: update catch-all syntax /:pathMatch(.*)* -> /:pathMatch(.*) (v5)
- change-case: headerCase/paramCase removed, use kebabCase + local headerCase
- jwt-decode: default import -> named { jwtDecode } (v4)
- PWA: increase maximumFileSizeToCacheInBytes to 10MB for Monaco workers

## Docker & CI
- nginx.conf: listen on port 8080 instead of 80
- Dockerfile: EXPOSE 8080, fix ENV key=value format
- ci.yml: add Docker build job (build-only validation on PRs/push)
- Update all Docker targets to shahboura/it-tools (Docker Hub + GHCR)

## ESLint Migration
- Migrate .eslintrc.cjs -> eslint.config.mjs (ESLint 10 flat config)
- Disable overzealous regexp rules that break working ISO 8601/Unicode regexes
- Add unused-imports/no-unused-vars with _ prefix ignore
- Auto-fix 599 formatting issues (import ordering, trailing commas, indentation)

## I18n
- Add missing translation keys for 8 tools (ascii-text-drawer, email-normalizer,
  json-to-xml, markdown-to-html, regex-memo, regex-tester, safelink-decoder, xml-to-json)
- Update all locale YAML files with new keys

## Test & Build
- Vitest: add environment: 'jsdom' to config (vitest 4.x requirement)
- All 138 tests pass, 0 lint errors, build succeeds
…-fixes

refactor: upgrade all deps, add Docker CI, fix breaking changes (vue 3.5, pinia 3, vite 8, eslint 10)
…tion

- Pin Dockerfile build stage to --platform=\ to avoid QEMU
  emulation for Vite/Rolldown (Rust native binaries) on arm64
- Re-enable linux/amd64,linux/arm64 in both docker-nightly-release and
  releases workflows
- Add VITE_VERCEL_GIT_COMMIT_SHA build arg so commit SHA link works in
  Docker-built containers
- Remove buy-me-a-coffee navbar button and home page promotional banner
- Remove home.support, home.buyMeACoffee, home.follow keys and
  sponsorship text from all 9 locale files
- Remove showBanner config entry
- Replace config.app.version with config.app.releaseTag sourced from VITE_RELEASE_TAG
- Footer shows tag (e.g. v1.1.0) with commit SHA fallback for nightly builds
- Add VITE_RELEASE_TAG build arg to Dockerfile and releases workflow
- No longer dependent on stale date-based package.json version
Bumps the npm_and_yarn group with 1 update in the / directory: [dompurify](https://github.com/cure53/DOMPurify).


Updates `dompurify` from 3.4.5 to 3.4.11
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.5...3.4.11)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.11
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps the npm_and_yarn group with 1 update in the / directory: [markdown-it](https://github.com/markdown-it/markdown-it).


Updates `markdown-it` from 14.1.1 to 14.2.0
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@14.1.1...14.2.0)

---
updated-dependencies:
- dependency-name: markdown-it
  dependency-version: 14.2.0
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
…yarn-2a4837647d

chore(deps): bump markdown-it from 14.1.1 to 14.2.0 in the npm_and_yarn group across 1 directory
…yarn-360cad5ee5

chore(deps): bump dompurify from 3.4.5 to 3.4.11 in the npm_and_yarn group across 1 directory
Bumps [cronstrue](https://github.com/bradymholt/cRonstrue) from 3.14.0 to 3.24.0.
- [Release notes](https://github.com/bradymholt/cRonstrue/releases)
- [Changelog](https://github.com/bradymholt/cRonstrue/blob/main/CHANGELOG.md)
- [Commits](bradymholt/cRonstrue@v3.14.0...v3.24.0)

---
updated-dependencies:
- dependency-name: cronstrue
  dependency-version: 3.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@vue/runtime-dom](https://github.com/vuejs/core/tree/HEAD/packages/runtime-dom) from 3.5.34 to 3.5.39.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/commits/v3.5.39/packages/runtime-dom)

---
updated-dependencies:
- dependency-name: "@vue/runtime-dom"
  dependency-version: 3.5.39
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…e-3.24.0

chore(deps): bump cronstrue from 3.14.0 to 3.24.0
Bumps [uuid](https://github.com/uuidjs/uuid) from 14.0.0 to 14.0.1.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v14.0.0...v14.0.1)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [vue-router](https://github.com/vuejs/router) from 5.0.7 to 5.1.0.
- [Release notes](https://github.com/vuejs/router/releases)
- [Commits](vuejs/router@v5.0.7...v5.1.0)

---
updated-dependencies:
- dependency-name: vue-router
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…ime-dom-3.5.39

chore(deps-dev): bump @vue/runtime-dom from 3.5.34 to 3.5.39
chore(deps): bump uuid from 14.0.0 to 14.0.1
…er-5.1.0

chore(deps): bump vue-router from 5.0.7 to 5.1.0
Bumps [js-base64](https://github.com/dankogai/js-base64) from 3.7.8 to 3.8.0.
- [Commits](dankogai/js-base64@3.7.8...3.8.0)

---
updated-dependencies:
- dependency-name: js-base64
  dependency-version: 3.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…dates

Bumps the npm_and_yarn group with 2 updates in the / directory: [ua-parser-js](https://github.com/faisalman/ua-parser-js) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `ua-parser-js` from 2.0.9 to 2.0.10
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md)
- [Commits](faisalman/ua-parser-js@2.0.9...2.0.10)

Updates `vite` from 8.0.13 to 8.0.16
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v8.0.16/packages/vite)

---
updated-dependencies:
- dependency-name: ua-parser-js
  dependency-version: 2.0.10
  dependency-type: direct:production
- dependency-name: vite
  dependency-version: 8.0.16
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
This workflow file sets up CodeQL analysis for the repository, defining triggers for pushes and pull requests to the main branch, as well as a scheduled run. It includes a matrix for analyzing multiple languages and initializes CodeQL tools for scanning.
…yarn-9912ce0f69

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates
Bumps [@intlify/unplugin-vue-i18n](https://github.com/intlify/bundle-tools/tree/HEAD/packages/unplugin-vue-i18n) from 11.2.3 to 11.2.4.
- [Release notes](https://github.com/intlify/bundle-tools/releases)
- [Changelog](https://github.com/intlify/bundle-tools/blob/main/packages/unplugin-vue-i18n/CHANGELOG.md)
- [Commits](https://github.com/intlify/bundle-tools/commits/v11.2.4/packages/unplugin-vue-i18n)

---
updated-dependencies:
- dependency-name: "@intlify/unplugin-vue-i18n"
  dependency-version: 11.2.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…64-3.8.0

chore(deps): bump js-base64 from 3.7.8 to 3.8.0
shahboura and others added 6 commits July 5, 2026 19:32
…/unplugin-vue-i18n-11.2.4

chore(deps-dev): bump @intlify/unplugin-vue-i18n from 11.2.3 to 11.2.4
Bumps [@vue/compiler-sfc](https://github.com/vuejs/core/tree/HEAD/packages/compiler-sfc) from 3.5.34 to 3.5.39.
- [Release notes](https://github.com/vuejs/core/releases)
- [Changelog](https://github.com/vuejs/core/blob/main/CHANGELOG.md)
- [Commits](https://github.com/vuejs/core/commits/v3.5.39/packages/compiler-sfc)

---
updated-dependencies:
- dependency-name: "@vue/compiler-sfc"
  dependency-version: 3.5.39
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…piler-sfc-3.5.39

chore(deps-dev): bump @vue/compiler-sfc from 3.5.34 to 3.5.39
Bumps [@antfu/eslint-config](https://github.com/antfu/eslint-config) from 9.0.0 to 9.1.0.
- [Release notes](https://github.com/antfu/eslint-config/releases)
- [Commits](antfu/eslint-config@v9.0.0...v9.1.0)

---
updated-dependencies:
- dependency-name: "@antfu/eslint-config"
  dependency-version: 9.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
…lint-config-9.1.0

chore(deps-dev): bump @antfu/eslint-config from 9.0.0 to 9.1.0
…ows/Docker builds

- fix: bump vue to 3.5.39 to match @vue/runtime-dom (fixes init_runtime_dom_esm_bundler)
- fix: add compatible:true to presetScrollbar (fixes unmatched scrollbar-color/width utilities)
- fix: add cross-env for cross-platform NODE_OPTIONS in build script
- fix: use corepack enable in Dockerfile (pins pnpm to packageManager version)
- fix: add pnpm-workspace.yaml with allowBuilds:esbuild (pnpm v11 requirement)
- chore: bump @tiptap/* to 3.27.1, @types/node to ^26, unplugin-vue-markdown to ^32
- chore: bump CI node-version 22->24, Docker nginx to alpine-slim
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.


expect(token).toHaveLength(256);
expect(token).toMatch(/^[.,;:!?./\-"'#{([-|\\@)\]=}*+]+$/);
expect(token).toMatch(/^[.,;:!?/\-"'#([-|@)=}*+]+$/);
@sonarqubecloud

sonarqubecloud Bot commented Jul 5, 2026

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
C Security Rating on New Code (required ≥ A)
C Reliability Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE


- name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6

- name: Build and push
uses: docker/build-push-action@v5
uses: docker/build-push-action@v6

- name: Create Release
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@v2

permissions:
contents: read
packages: write
- 'v*.*.*'

permissions:
contents: write

permissions:
contents: write
packages: write
Comment thread Dockerfile

# production stage
FROM nginx:stable-alpine AS production-stage
FROM nginx:stable-alpine-slim AS production-stage
@shahboura shahboura closed this Jul 5, 2026
@shahboura shahboura deleted the fix/deps-alignment-and-unocss-scrollbar branch July 5, 2026 12:53
@shahboura shahboura restored the fix/deps-alignment-and-unocss-scrollbar branch July 5, 2026 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants