fix(build): make prepare tolerant of missing husky + bump deps (Phase 1a)
Two related changes:
1. package.json `prepare` script: changed from "husky" to "husky || true"
so the script doesn't fail in --prod installs where husky (a
devDependency) isn't present. The earlier "ENV HUSKY=0" attempt
didn't help because HUSKY=0 only skips git-hook install once husky
is invoked — when the husky binary itself is missing, the prepare
script fails with "sh: husky: not found" before any HUSKY env var
is consulted. Reverted that ENV from Dockerfile.worker.
2. Phase 1a deps refresh — `pnpm update` within current semver ranges.
Notably:
- @pdfme/common, @pdfme/generator, @pdfme/schemas: 5.5.8 → 5.5.10
(closes XSS in SVG/Select schemas + SSRF in getB64BasePdf +
decompression-bomb in FlateDecode)
- postcss: 8.5.8 → 8.5.14 (XSS via </style> in stringify output)
- mailparser, openai, postgres, react, react-dom, react-hook-form,
recharts, zustand, jose, libphonenumber-js, prettier, vitest,
autoprefixer, dotenv: routine minor/patch.
Tests: 1185/1185 vitest passing locally.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -29,11 +29,6 @@ WORKDIR /app
|
||||
RUN chown -R worker:nodejs /app
|
||||
USER worker
|
||||
COPY --chown=worker:nodejs package.json pnpm-lock.yaml ./
|
||||
# HUSKY=0 skips the husky install during the `prepare` script — husky is a
|
||||
# dev dependency so it's not present in --prod installs, and without this
|
||||
# guard pnpm install fails with "sh: husky: not found" (husky 9+ honors
|
||||
# the HUSKY=0 env var as the official CI/Docker skip mechanism).
|
||||
ENV HUSKY=0
|
||||
RUN pnpm install --frozen-lockfile --prod
|
||||
COPY --from=builder --chown=worker:nodejs /app/dist/worker.js ./worker.js
|
||||
# Healthcheck — pings Redis from inside the worker container. Without
|
||||
|
||||
Reference in New Issue
Block a user