chore(deps-dev): bump @types/node from 25.9.3 to 26.0.1 in /host#578
Open
dependabot[bot] wants to merge 11 commits into
Open
chore(deps-dev): bump @types/node from 25.9.3 to 26.0.1 in /host#578dependabot[bot] wants to merge 11 commits into
dependabot[bot] wants to merge 11 commits into
Conversation
…poll The eager vault prewarm mounts a hidden same-origin iframe that loads SilverBullet, which calls element.focus() on boot/sync. Focus moves into the iframe, but the parent-side reclaim was wired to window 'blur' + document 'focusin' — neither fires reliably for a focus move into a same-origin child frame (focusin never fires; window blur is browser/platform-dependent, e.g. it does not fire on desktop Chrome). The steal went uncaught, so keystrokes landed in the hidden SilverBullet editor and clicking the terminal could not hold focus until prewarm finished. Reclaim now triggers on focusout (the guaranteed signal when the textarea loses focus) plus a lifetime poll backstop, both gated on activeElement === iframe so they never fight a focused terminal, and both torn down on finish/cancel. Verified in real Chrome: focus into a same-origin iframe yields activeElement === iframe and a focusout on the prior element. REQ-VAULT-020 AC3.
Detaching the hidden vault-prewarm iframe while it still held the document's focus orphaned the top-level browsing context: a DevTools capture during the freeze showed activeElement = xterm textarea yet document.hasFocus() === false with the iframe already gone. In that state the terminal is dead and no click restores it (xterm preventDefaults its mousedown) — only a reload or re-entering the session recovers, matching the reported deal-breaker. cleanup() now moves focus to a connected element (live restore target, else document.body) before iframe.remove() whenever the iframe is the active element, so the frame is detached unfocused and window focus stays in the top document. REQ-VAULT-020 AC4; spec + vault doc lane updated.
Apply PR-boundary review findings for the focus-release fix: - code-reviewer (LOW): the no-restore-target fallback used document.body.focus(), a no-op when body is not in the tab order, so focus might not leave the iframe. Blur the iframe instead — a reliable primitive that returns focus to the top document and keeps window focus. Add a behavioral test for the fallback (blur before detach). - spec-reviewer (HIGH): REQ-VAULT-020 AC3 @test anchor matched no real test name. Split the compound AC3 into AC3 (reclaim) + AC4 (reclaim stops at teardown), each anchored to its real test; the release-before-detach AC becomes AC5. Trim AC5 to the testable claim and move the hasFocus rationale to Constraints. Add changes.md entry. - doc-updater (MEDIUM): vault lane prose now states all reclaim paths are cancelled at teardown (AC4 coverage). Pre-existing LOW table-cell overflows in unrelated troubleshooting rows are left for /sdd clean's holistic sweep (lossy truncation would harm operational precision).
… r2) Apply round-2 PR-boundary review findings: - spec-reviewer (MEDIUM): AC5 only anchored the live-restore-target test; add the second @test anchor for the no-restore-target blur path. - spec-reviewer (pre-existing CQ-SOURCE): AC1's Layout.test.tsx anchor and AC2's vault-html-direct anchor matched no real it() name. Repoint both to verified real test names (AC2 gets two anchors for the guard-active and guard-inert cases). - doc-updater (MEDIUM): vault lane said the fallback focuses document.body, but the code blurs the iframe (body.focus() is a no-op when body is not in the tab order). Correct the prose to match.
A focus trace from the live integration session pinned the freeze: it begins exactly at the prewarm IFRAME-REMOVED event, with activeElement still the xterm textarea and document.hasFocus() === false. Removing the iframe orphans the top-level document regardless of where focus sits, so the previous before-detach release (gated on activeElement === iframe) never fired and the terminal stayed dead until a reload / re-enter. A manual window.focus() + textarea.focus() during the freeze restored typing, confirming the repair path. cleanup() now, AFTER iframe.remove(), re-asserts window.focus() and re-focuses the live terminal target (else .xterm-helper-textarea) across a few frames, gated on document.hasFocus() being false so a still-focused terminal is never disturbed. REQ-VAULT-020 AC5 rewritten to the post-removal reassert; spec, vault doc lane, and changelog updated.
…ings - vault-prewarm.test.ts: add vi.restoreAllMocks() in afterEach so the AC5 window.focus spy stops leaking its recorded call into the next test (the failing CI test, cross-test mock pollution). - vault-readiness.test.ts: cover probeVaultReady's documented malformed-200-body -> not-ready branch. - documentation/lanes/vault.md: readiness probe now described as probeVaultReady -> GET /api/vault/:sid/status (was stale HEAD-the-proxy text). - documentation/lanes/security.md: Permissions-Policy bullet shows its value and notes the interest-cohort=() removal. - sdd/spec/changes.md: fix stale REQ-VAULT-008 anchor (#req-vault-008-zero-ui-vault-encryption).
…robe Two troubleshooting-table rows still described the readiness gate as a 200 from HEAD /api/vault/:sid/, the proxy-root probe replaced by probeVaultReady() -> GET /api/vault/:sid/status. Same stale-HEAD drift class as the line-180 fix; flagged HIGH by doc-updater on PR #575.
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 25.9.3 to 26.0.1. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 26.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
5cb06d0 to
7e3e8b7
Compare
Contributor
Author
|
A newer version of @types/node exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps @types/node from 25.9.3 to 26.0.1.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)