From 90ed4cc115c6030ead910d408150869d7e265c26 Mon Sep 17 00:00:00 2001 From: Damien Elmes Date: Wed, 17 Sep 2025 09:31:06 +1000 Subject: [PATCH 1/2] Disable NPM package scripts, and assert lockfile unchanged With all the recent supply chain attacks, this seems prudent. There are three in our current package list. esbuild's is just a performance optimization (https://github.com/evanw/esbuild/issues/4085), and dprint's gets done when we invoke .bin/dprint anyway. svelte-preprocess simply prints something to the screen. --- .yarnrc.yml | 1 + build/runner/src/yarn.rs | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.yarnrc.yml b/.yarnrc.yml index 3186f3f07..94f5c254e 100644 --- a/.yarnrc.yml +++ b/.yarnrc.yml @@ -1 +1,2 @@ nodeLinker: node-modules +enableScripts: false diff --git a/build/runner/src/yarn.rs b/build/runner/src/yarn.rs index 9e1bd5b58..7724ed04a 100644 --- a/build/runner/src/yarn.rs +++ b/build/runner/src/yarn.rs @@ -28,7 +28,11 @@ pub fn setup_yarn(args: YarnArgs) { .arg("--ignore-scripts"), ); } else { - run_command(Command::new(&args.yarn_bin).arg("install")); + run_command( + Command::new(&args.yarn_bin) + .arg("install") + .arg("--immutable"), + ); } std::fs::write(args.stamp, b"").unwrap(); From 61094d387a3d545b72d96f007588b02f53c9f2a5 Mon Sep 17 00:00:00 2001 From: Damien Elmes Date: Wed, 17 Sep 2025 09:31:47 +1000 Subject: [PATCH 2/2] Update translations --- ftl/core-repo | 2 +- ftl/qt-repo | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ftl/core-repo b/ftl/core-repo index 6552c95a8..60bd4d483 160000 --- a/ftl/core-repo +++ b/ftl/core-repo @@ -1 +1 @@ -Subproject commit 6552c95a81d162422b2a50126547cc7f1b50c2fd +Subproject commit 60bd4d4834b57b85915f52eb978935ff6b8c1425 diff --git a/ftl/qt-repo b/ftl/qt-repo index dad4e2736..fd5f98478 160000 --- a/ftl/qt-repo +++ b/ftl/qt-repo @@ -1 +1 @@ -Subproject commit dad4e2736a2b53dcdb52d79b5703dd464c05d666 +Subproject commit fd5f984785ad07a0d3dbd893ee3d7e3671eaebd6