Skip to content

chore(deps-dev): bump @types/node from 25.9.3 to 26.0.1 in /host#578

Open
dependabot[bot] wants to merge 11 commits into
developfrom
dependabot/npm_and_yarn/host/develop/types/node-26.0.1
Open

chore(deps-dev): bump @types/node from 25.9.3 to 26.0.1 in /host#578
dependabot[bot] wants to merge 11 commits into
developfrom
dependabot/npm_and_yarn/host/develop/types/node-26.0.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps @types/node from 25.9.3 to 26.0.1.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

nikolanovoselec and others added 11 commits June 24, 2026 13:11
…poll

The eager vault prewarm mounts a hidden same-origin iframe that loads
SilverBullet, which calls element.focus() on boot/sync. Focus moves into the
iframe, but the parent-side reclaim was wired to window 'blur' + document
'focusin' — neither fires reliably for a focus move into a same-origin child
frame (focusin never fires; window blur is browser/platform-dependent, e.g. it
does not fire on desktop Chrome). The steal went uncaught, so keystrokes landed
in the hidden SilverBullet editor and clicking the terminal could not hold
focus until prewarm finished.

Reclaim now triggers on focusout (the guaranteed signal when the textarea loses
focus) plus a lifetime poll backstop, both gated on activeElement === iframe so
they never fight a focused terminal, and both torn down on finish/cancel.
Verified in real Chrome: focus into a same-origin iframe yields
activeElement === iframe and a focusout on the prior element.

REQ-VAULT-020 AC3.
Detaching the hidden vault-prewarm iframe while it still held the
document's focus orphaned the top-level browsing context: a DevTools
capture during the freeze showed activeElement = xterm textarea yet
document.hasFocus() === false with the iframe already gone. In that
state the terminal is dead and no click restores it (xterm
preventDefaults its mousedown) — only a reload or re-entering the
session recovers, matching the reported deal-breaker.

cleanup() now moves focus to a connected element (live restore target,
else document.body) before iframe.remove() whenever the iframe is the
active element, so the frame is detached unfocused and window focus
stays in the top document.

REQ-VAULT-020 AC4; spec + vault doc lane updated.
Apply PR-boundary review findings for the focus-release fix:

- code-reviewer (LOW): the no-restore-target fallback used
  document.body.focus(), a no-op when body is not in the tab order, so
  focus might not leave the iframe. Blur the iframe instead — a reliable
  primitive that returns focus to the top document and keeps window
  focus. Add a behavioral test for the fallback (blur before detach).
- spec-reviewer (HIGH): REQ-VAULT-020 AC3 @test anchor matched no real
  test name. Split the compound AC3 into AC3 (reclaim) + AC4 (reclaim
  stops at teardown), each anchored to its real test; the
  release-before-detach AC becomes AC5. Trim AC5 to the testable claim
  and move the hasFocus rationale to Constraints. Add changes.md entry.
- doc-updater (MEDIUM): vault lane prose now states all reclaim paths
  are cancelled at teardown (AC4 coverage).

Pre-existing LOW table-cell overflows in unrelated troubleshooting rows
are left for /sdd clean's holistic sweep (lossy truncation would harm
operational precision).
… r2)

Apply round-2 PR-boundary review findings:

- spec-reviewer (MEDIUM): AC5 only anchored the live-restore-target
  test; add the second @test anchor for the no-restore-target blur path.
- spec-reviewer (pre-existing CQ-SOURCE): AC1's Layout.test.tsx anchor
  and AC2's vault-html-direct anchor matched no real it() name. Repoint
  both to verified real test names (AC2 gets two anchors for the
  guard-active and guard-inert cases).
- doc-updater (MEDIUM): vault lane said the fallback focuses
  document.body, but the code blurs the iframe (body.focus() is a no-op
  when body is not in the tab order). Correct the prose to match.
A focus trace from the live integration session pinned the freeze: it
begins exactly at the prewarm IFRAME-REMOVED event, with activeElement
still the xterm textarea and document.hasFocus() === false. Removing the
iframe orphans the top-level document regardless of where focus sits, so
the previous before-detach release (gated on activeElement === iframe)
never fired and the terminal stayed dead until a reload / re-enter. A
manual window.focus() + textarea.focus() during the freeze restored
typing, confirming the repair path.

cleanup() now, AFTER iframe.remove(), re-asserts window.focus() and
re-focuses the live terminal target (else .xterm-helper-textarea) across
a few frames, gated on document.hasFocus() being false so a still-focused
terminal is never disturbed.

REQ-VAULT-020 AC5 rewritten to the post-removal reassert; spec, vault doc
lane, and changelog updated.
…ings

- vault-prewarm.test.ts: add vi.restoreAllMocks() in afterEach so the AC5 window.focus spy stops leaking its recorded call into the next test (the failing CI test, cross-test mock pollution).
- vault-readiness.test.ts: cover probeVaultReady's documented malformed-200-body -> not-ready branch.
- documentation/lanes/vault.md: readiness probe now described as probeVaultReady -> GET /api/vault/:sid/status (was stale HEAD-the-proxy text).
- documentation/lanes/security.md: Permissions-Policy bullet shows its value and notes the interest-cohort=() removal.
- sdd/spec/changes.md: fix stale REQ-VAULT-008 anchor (#req-vault-008-zero-ui-vault-encryption).
…robe

Two troubleshooting-table rows still described the readiness gate as a 200 from HEAD /api/vault/:sid/, the proxy-root probe replaced by probeVaultReady() -> GET /api/vault/:sid/status. Same stale-HEAD drift class as the line-180 fix; flagged HIGH by doc-updater on PR #575.
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.9.3 to 26.0.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 26.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 24, 2026
@nikolanovoselec nikolanovoselec force-pushed the develop branch 2 times, most recently from 5cb06d0 to 7e3e8b7 Compare July 1, 2026 07:39
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

A newer version of @​types/node exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant