Skip to content

Comments

Use bundled version of spectral#35573

Merged
lunny merged 3 commits intogo-gitea:mainfrom
silverwind:spectral-bundle
Oct 3, 2025
Merged

Use bundled version of spectral#35573
lunny merged 3 commits intogo-gitea:mainfrom
silverwind:spectral-bundle

Conversation

@silverwind
Copy link
Member

@silverwind silverwind commented Oct 3, 2025
edited
Loading

To reduce the risk of npm supply chain attacks and to speed up dependency installation, I've bundled the spectral package into a zero-dependency module. The upstream package is pretty dead currently, so I expect to keep up with their updates.

The package exports a spectral bin script, so pnpm exec spectral continues to work as-is.

In total, this removes 86 dependencies from the npm dependency tree.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Oct 3, 2025
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Oct 3, 2025
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Oct 3, 2025
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Oct 3, 2025
@lunny lunny enabled auto-merge (squash) October 3, 2025 22:20
@lunny lunny merged commit 6589326 into go-gitea:main Oct 3, 2025
26 checks passed
@GiteaBot GiteaBot added this to the 1.26.0 milestone Oct 3, 2025
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Oct 3, 2025
@silverwind silverwind deleted the spectral-bundle branch October 4, 2025 07:37
rossigee pushed a commit to rossigee/gitea that referenced this pull request Oct 4, 2025
@silverwind @rossigee
Use bundled version of spectral (go-gitea#35573)
f98346c 
To reduce the risk of npm supply chain attacks and to speed up
dependency installation, I've
[bundled](https://github.com/silverwind/spectral-cli-bundle) the
spectral package into a zero-dependency module. The upstream package is
pretty dead currently, so I expect to keep up with their updates.

The package
[exports](https://github.com/silverwind/spectral-cli-bundle/blob/de05948c53a0a6f9690cdf65d35c3fc3324a583c/package.json#L9)
a `spectral` bin script, so `pnpm exec spectral` continues to work
as-is.

In total, this removes 86 dependencies from the npm dependency tree.
rossigee pushed a commit to rossigee/gitea that referenced this pull request Oct 4, 2025
@silverwind @rossigee
Use bundled version of spectral (go-gitea#35573)
137d46a 
To reduce the risk of npm supply chain attacks and to speed up
dependency installation, I've
[bundled](https://github.com/silverwind/spectral-cli-bundle) the
spectral package into a zero-dependency module. The upstream package is
pretty dead currently, so I expect to keep up with their updates.

The package
[exports](https://github.com/silverwind/spectral-cli-bundle/blob/de05948c53a0a6f9690cdf65d35c3fc3324a583c/package.json#L9)
a `spectral` bin script, so `pnpm exec spectral` continues to work
as-is.

In total, this removes 86 dependencies from the npm dependency tree.
zjjhot added a commit to zjjhot/gitea that referenced this pull request Oct 5, 2025
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
06198a4 
* giteaofficial/main:
  fix: auto-expand and auto-scroll for actions logs (go-gitea#35570) (go-gitea#35583)
  [skip ci] Updated translations via Crowdin
  [skip ci] Updated translations via Crowdin
  Fix creating pull request failure when the target branch name is the same as some tag (go-gitea#35552)
  Use bundled version of spectral (go-gitea#35573)
  Add rebase push display wrong comments bug (go-gitea#35560)
  Address some CodeQL security concerns (go-gitea#35572)
  fix(webhook): prevent tag events from bypassing branch filters targets go-gitea#35449 (go-gitea#35567)
  Added button to copy file name in PR files (go-gitea#35509)
  Update JS and PY deps (go-gitea#35565)
  Enable a few more tsconfig options (go-gitea#35553)
  Bump github.com/wneessen/go-mail from 0.6.2 to 0.7.1 (go-gitea#35557)
  add more routes to the "expensive" list (go-gitea#35547)
  Drop json-iterator dependency (go-gitea#35544)
  Add proper error message if session provider can not be created (go-gitea#35520)
  use experimental go json v2 library (go-gitea#35392)
  Use global lock instead of status pool for cron lock (go-gitea#35507)
  Move some functions to gitrepo package (go-gitea#35503)
  Move GetDiverging functions to gitrepo (go-gitea#35524)
  [skip ci] Updated translations via Crowdin
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Jan 2, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@lunny lunny lunny approved these changes

@techknowlogick techknowlogick techknowlogick approved these changes

Assignees

No one assigned

Labels

lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/dependencies

Projects

None yet

Milestone

1.26.0

Development

Successfully merging this pull request may close these issues.

4 participants

@silverwind @lunny @techknowlogick @GiteaBot