Configure Renovate#4
Closed
renovate[bot] wants to merge 9 commits into
Closed
Conversation
Contributor
Author
Renovate is disabledRenovate is disabled because there is no Renovate configuration file. To enable Renovate, you can either (a) change this PR's title to get a new onboarding PR, and merge the new onboarding PR, or (b) create a Renovate config file, and commit that file to your base branch. |
davidpoblador
added a commit
that referenced
this pull request
Apr 28, 2026
## Summary - Closes #1719 — `lint-po` rejects Babel-generated `msgid_plural` / `msgstr[N]` entries, blocking `just lint` on any locale that uses `{% trans count=… %}{% pluralize %}{% endtrans %}`. - Root cause: PyPI `lint-po` is still 0.1.4 (Nov 2022), which predates the gettext plural-form support merged upstream as `himdel/lint-po#3` and `#4` (Mar 2026). Switching to PyPI in #1609 silently regressed the feature. - Pin `lint-po` to upstream master at `efadbcaa50f84135ee4f16efa44d99d2662a74b4` via `[tool.uv.sources]` in the scaffolded `pyproject.toml`. - Switch the justfile recipe and pre-commit hook from `uvx lint-po` to `uv run --frozen lint-po` so resolution happens once at `uv sync` time instead of hitting GitHub on every invocation — also addresses the transient-failure motivation behind #1609. - A release-request issue is open upstream at himdel/lint-po#5; once a new version ships to PyPI we can drop the `[tool.uv.sources]` pin in favor of a normal version constraint. ## Test plan - [x] Reproduced #1719 locally with `uvx lint-po` against a Babel-generated plural `.po` (exit 1, "Unexpected input" warnings). - [x] Verified the pinned SHA resolves and installs via `uv lock` + `uv sync --frozen` in a smoke-test project. - [x] Verified the same plural fixture passes with `uv run --frozen lint-po` (exit 0). - [x] Verified placeholder-mismatch detection still flags a deliberately-broken `msgstr[1]` in a plural entry (exit 1). - [ ] Smoke `just lint-po` and pre-commit `lint-po` hook on a real scaffolded project after merge. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
davidpoblador
added a commit
that referenced
this pull request
May 30, 2026
## Summary Closes #1938. Smooths the four friction points the issue hit when adopting the htmx `hx-csp` extension under a strict (no `unsafe-eval`) CSP. ### 1. Re-export the extension (friction #1 + #2) - New `vibetuner-js/htmx-csp.js` + `"./htmx/csp"` export, mirroring the existing `htmx/preload`, `htmx/sse`, `htmx/live`. Projects now `import "@alltuner/vibetuner/htmx/csp";` with **no direct `htmx.org` devDependency** — which previously had to be pinned by hand and would drift from the framework's htmx the moment it bumped. - Verified the re-export bundles with bun (`htmx.registerExtension("hx-csp")` lands in the output). ### 2. `body_attrs` skeleton block (friction #4) - The `<body>` tag had no attribute hook, forcing a full skeleton override just to add the nonce. Added `{% block body_attrs %}` so projects stamp a **single inherited nonce**: `hx-nonce:inherited="{{ csp_nonce }}"`. Verified against the htmx 4 source that `:inherited` resolves `hx-nonce` from ancestors and the extension reads it via the same `attributeValue` path — so one stamp on `<body>` covers every htmx element. ### 3. `htmx_config` skeleton block (friction #3) - `htmx.config.safeEval` must be set before the extension's `init`, but ESM hoists imports so `htmx.config.safeEval = true` in `config.js` runs too late. The htmx-native fix is the `<meta name="htmx-config">` tag — **but** htmx reads that meta *synchronously when its script evaluates* (`#initHtmxConfig` in the constructor), not at DOMContentLoaded. The skeleton's `head` block renders *after* the bundle script, so it would be too late. - Added a dedicated `{% block htmx_config %}` positioned **just before** the bundle script, so a meta placed there is parsed first. Documented: ```jinja {% block htmx_config %} <meta name="htmx-config" content='extensions:"hx-csp",safeEval:true'> {% endblock htmx_config %} ``` ### 4. Docs - `development-guide.md`, `llms.txt`, `llms-full.txt` updated to the new import path, the `body_attrs` single-stamp pattern, and the `htmx_config`/meta safeEval approach. ## Testing - `test_skeleton_extension_points.py`: new `TestBodyAttrs` (renders inside `<body>`, empty by default) and `test_htmx_config_block_renders_before_bundle_js` (ordering invariant — the whole point of the block). - Full unit suite: **902 passed**. ruff, djlint, rumdl all clean (pre-commit green). `node --check` on the new JS, and a bun build of the re-export. ## Notes - Docs reference "added in 10.20.0" as the version that introduces the `@alltuner/vibetuner/htmx/csp` subpath (next minor after the just-released 10.19.0). - The existing explicit `hx-nonce` on `user/profile.html.jinja` is left as-is — harmless, and it inherits correctly whether or not a project sets `body_attrs`. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.
🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.
Detected Package Files
template/compose.dev.yml(docker-compose)template/compose.prod.yml(docker-compose)template/Dockerfile(dockerfile)template/package.json(npm)template/pyproject.toml(pep621)template/.python-version(pyenv)Configuration Summary
Based on the default config's presets, Renovate will:
fixfor dependencies andchorefor all others if semantic commits are in use.node_modules,bower_components,vendorand various test/tests (except for nuget) directories.🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to
renovate.jsonin this branch. Renovate will update the Pull Request description the next time it runs.What to Expect
With your current configuration, Renovate will create 2 Pull Requests:
Replace dependency npm-run-all with npm-run-all2 ^5.0.0
renovate/npm-run-all-replacementmain^5.0.0Update python Docker tag to v3.13
renovate/python-3.xmain3.13❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.
This PR was generated by Mend Renovate. View the repository job log.