Fix brace-expansion vuln

[lucperkins]

Summary by CodeRabbit

• Chores
  • Updated formatting ignore rules to skip an additional workspace file.
  • Adjusted package resolution to enforce safer versions for a transitive dependency.
  • Bumped flake pinning and switched the formatter to a different provider.
  • Simplified developer shell setup by removing one language-server from the default dev environment.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ad01a8b2-fac5-4f82-941e-4eb894986820

📥 Commits

Reviewing files that changed from the base of the PR and between f440c45 and 67aa1b7.

⛔ Files ignored due to path filters (2)

• flake.lock is excluded by !**/*.lock
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• flake.nix

---

📝 Walkthrough

Walkthrough

Updated formatting and package-manager config: .prettierignore now excludes pnpm-workspace.yaml; pnpm-workspace.yaml adds two brace-expansion overrides; flake.nix updates inputs.nixpkgs.url, adjusts per-system output signatures, changes formatter to pkgs.nixfmt, and tweaks devShells (removes typescript-language-server).

Changes

Cohort / File(s)	Summary
Prettier ignore ​.prettierignore	Added pnpm-workspace.yaml to ignore list.
pnpm workspace overrides pnpm-workspace.yaml	Added two overrides entries to map brace-expansion <1.1.13 → >=1.1.13 and brace-expansion >=2.0.0 <2.0.3 → >=2.0.3.
Nix flake outputs flake.nix	Pinned inputs.nixpkgs.url to .../0.1; changed per-system callback signatures to accept system and pkgs as named attr; switched formatter from pkgs.nixfmt-rfc-style → pkgs.nixfmt; updated devShells to per-system form and removed nodePackages_latest.typescript-language-server.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Update detsys-ts: Merge pull request #107 from DeterminateSystems/dependabot/github_actions/actions-deps-a331d3ec2d #108 — Similar changes to flake.nix outputs wiring (inputs.nixpkgs.url and per-system output signatures).

Poem

🐰 I hopped through configs, neat and bright,

Ignoring workspace in prettier's sight,
Braced expansions nudged to newer days,
Flakes aligned in cleaner system ways,
A tiny rabbit cheer for tidy plays 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The pull request description is missing entirely; no content was provided by the author.	Add a pull request description that follows the repository template, including project license information and required checkboxes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Fix brace-expansion vuln' directly addresses the main change: adding version overrides for brace-expansion to resolve vulnerability versions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch update-deps

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pnpm-workspace.yaml`:
- Around line 2-3: Replace the open-ended override ranges for the package
mappings (the entries starting with "brace-expansion@<1.1.13" and
"brace-expansion@>=2.0.0 <2.0.3") with fixed, exact patched versions to ensure
reproducible installs; update those two keys to point to a specific patch
release (e.g., "1.1.13" and "2.0.3" or whichever vetted patched versions you
want to enforce) so pnpm cannot resolve newer incompatible versions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1db00ed9-1f64-4c85-bb06-88aab897f2f0

📥 Commits

Reviewing files that changed from the base of the PR and between f27b12a and f440c45.

⛔ Files ignored due to path filters (2)

• dist/index.js is excluded by !**/dist/**
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• .prettierignore
• pnpm-workspace.yaml