Skip to content

bump deps and rm vincent#570

Merged
tripledoublev merged 7 commits into
masterfrom
staging
Jul 9, 2026
Merged

bump deps and rm vincent#570
tripledoublev merged 7 commits into
masterfrom
staging

Conversation

@tripledoublev

@tripledoublev tripledoublev commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

brings #569 and #565 to prod

tripledoublev and others added 7 commits June 29, 2026 13:50
Vincent Charlebois has resigned; remove avatar and bio entry.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Supersedes the open dependabot PRs, which all fail CI because
dependabot-triggered runs don't receive repository secrets, leaving
/tmp/secret.key empty and crashing jekyll-activity-pub
(OpenSSL::PKey::RSAError).

- Bump nokogiri 1.19.4, jekyll-activity-pub 0.3.6, webrick 1.9.2,
  sutty-liquid 0.13.0, html-proofer 5.2.1, addressable 2.9.0,
  httparty 0.24.2, rexml 3.4.4 (plus transitive updates incl.
  distributed-press-api-client 0.5.4)
- Migrate `make check` to html-proofer 5.x flags (--check-html removed,
  --disable_external renamed, --internal-domains replaced by
  --swap-urls)
- deploy.yml: fall back to a throwaway RSA key when the ActivityPub
  key secret is unavailable, so dependabot PR builds can pass; publish
  steps still run only on push events, which have real secrets

Verified locally: JEKYLL_ENV=staging make build and make check both
pass with the updated lockfile.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The all-relative post-processing step rewrites href="/" to href="" on
pages at the site root; html-proofer 5.x flags empty hrefs as missing
references (3.x did not).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
site.data.theme.pixel_densities doesn't exist, so the srcset loop
always rendered srcset="". html-proofer 5.x checks <source> elements
(3.x didn't) and fails fediverse comment embeds, which only appear in
CI builds where the real ActivityPub key can fetch replies.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Review feedback: the empty-secret fallback must not let a push build
deploy with a dummy key — fail hard instead. Also stop running
jekyll notify and the data commit-back on PRs targeting master; those
are side effects that should only happen after merge.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Batch gem bumps, html-proofer 5.x migration, dependabot CI fix
Remove Vincent from people page
@netlify

netlify Bot commented Jul 9, 2026

Copy link
Copy Markdown

Deploy Preview for hyphacoop ready!

Name Link
🔨 Latest commit c692ec7
🔍 Latest deploy log https://app.netlify.com/projects/hyphacoop/deploys/6a4fd310ec762a0008ba9a47
😎 Deploy Preview https://deploy-preview-570--hyphacoop.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@tripledoublev tripledoublev merged commit aeef13f into master Jul 9, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant