nhcarrigan/blog
9
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests 8 Actions Releases 1 Activity
Files
7fc742d19984f5c8744443c117cabce67ce5d52d
blog/pnpm-workspace.yaml
Hikari 7fc742d199
All checks were successful
Node.js CI / CI (push) Successful in 45s
Details
Security Scan and Upload / Security & DefectDojo Upload (push) Successful in 2m36s
Details
chore: update dependencies and fix blog styling (#24) 
## Summary

### Dependency Updates
- Pin all dependencies to exact versions
- Bump minor/patch versions across all packages
- Upgrade **Next.js** 15 → 16.1.6 (async params/cookies already handled)
- Upgrade **react-markdown** 9 → 10.1.0 (no breaking changes in use)
- Upgrade **@types/node** 20 → 24.10.13 (aligns with Node 24 runtime)
- Upgrade **Tailwind CSS** 3 → 4.2.0 (CSS-first config with `@tailwindcss/postcss`)

### Style Fixes
- Replace Inter font import with CDN-based global font settings
- Fix blockquote dark mode text visibility using `.is-dark` selector
- Replace full dotted blockquote border with left-only accent border
- Move `<link>` elements into proper `<head>` to resolve React hydration error
- Add `precedence="default"` to highlight.js stylesheet link
- Wrap global element rules in `@layer base` to restore Tailwind v4 utility precedence

Closes #8
Closes #9
Closes #10
Closes #11
Closes #12
Closes #13
Closes #14
Closes #15
Closes #16
Closes #17
Closes #18
Closes #19
Closes #20
Closes #21
Closes #22
Closes #23

 This PR was created with help from Hikari~ 🌸

Co-authored-by: Naomi Carrigan <commits@nhcarrigan.com>
Reviewed-on: #24
Co-authored-by: Hikari <hikari@nhcarrigan.com>
Co-committed-by: Hikari <hikari@nhcarrigan.com>
2026-03-03 19:37:59 -08:00

22 lines
908 B
YAML
Raw Blame History

# Security
# Do not execute any scripts of installed packages (project scripts still run)
ignoreDepScripts: true
# Do not automatically run pre/post scripts (e.g. preinstall, postbuild)
enablePrePostScripts: false
# Only allow packages published at least 10 days ago (reduces risk of compromised packages)
minimumReleaseAge: 14400
# Fail if a package's trust level has decreased compared to previous releases
trustPolicy: no-downgrade
# Ignore trust policy for packages published more than 1 year ago (predates provenance signing)
trustPolicyIgnoreAfter: 525960
# Fail if there are missing or invalid peer dependencies
strictPeerDependencies: false
# Prevent transitive dependencies from using exotic sources (git repos, direct tarball URLs)
blockExoticSubdeps: true
# Lockfile
# Allow the lockfile to be updated during install (set to true in CI for stricter reproducibility)
preferFrozenLockfile: false
Reference in New Issue View Git Blame Copy Permalink