Bump nokogiri from 1.19.0 to 1.19.1 in the bundler group across 1 directory#7
Open
dependabot[bot] wants to merge 1 commit into
Open
Bump nokogiri from 1.19.0 to 1.19.1 in the bundler group across 1 directory#7dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the bundler group with 1 update in the / directory: [nokogiri](https://github.com/sparklemotion/nokogiri). Updates `nokogiri` from 1.19.0 to 1.19.1 - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.19.0...v1.19.1) --- updated-dependencies: - dependency-name: nokogiri dependency-version: 1.19.1 dependency-type: indirect dependency-group: bundler ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
garywei944
pushed a commit
that referenced
this pull request
Jun 6, 2026
…#3634) ## Summary Fixes the broken navigation bar on the live demo (https://alshedivat.github.io/al-folio/) introduced by the v1.0 upgrade (#2968), plus two related production/deploy-only issues found while auditing for the same class of bug. ## Root cause of the navbar break The v1.0 upgrade made the site **Tailwind-first**. The deploy builds with `JEKYLL_ENV=production`, which activates **jekyll-minifier**. Its CSS compressor (`cssminify2`) mangles Tailwind v4 spacing tokens **inside `calc()`**: ``` calc(var(--spacing)*0) -> calc(var( - - spacing)*0) // invalid ``` `cssminify2` treats the `--` inside `calc(var(--…))` as minus operators and inserts spaces, producing an invalid custom-property name. This silently breaks **every** spacing/positioning utility — most visibly `.fixed-top`, so the fixed navbar is no longer pinned (`top/left/right` drop out) and renders incorrectly. On the live site this affects 33 `var(--spacing)` references in `tailwind.css`. It only manifests in **production**: a local `bundle exec jekyll serve` is development mode (minifier off), and the `visual-regression` workflow also serves in dev mode — so neither caught it. ### Why this fix `tailwind.css` is already minified by al_folio_core's Tailwind build, and `main.css` is compiled by Sass with `style: compressed`. Re-minifying them with `cssminify2` adds nothing (it actually makes `tailwind.css` ~315 bytes **larger**) and only introduces this corruption. So we disable redundant CSS minification, mirroring the existing `compress_javascript: false` (terser handles JS). Verified end-to-end: - The gem source `tailwind.css` has 82 intact `var(--spacing)`; `cssminify2` corrupts all 82. - jekyll-minifier (`lib/jekyll-minifier.rb:1061`): `return output_file(path, content) unless config.compress_css?` — with `compress_css: false`, `.css` files are written verbatim. - A real `JEKYLL_ENV=production` build now emits `tailwind.css` with 82 intact `var(--spacing)`, 0 corrupted, and `.fixed-top{...;position:fixed}` intact. - PurgeCSS (the next deploy stage) preserves `calc(var(--spacing)*0)` unchanged. ## Changes 1. **`_config.yml` — `jekyll-minifier.compress_css: false`** (the navbar fix). 2. **`test/integration_css_minify.sh` + `unit-tests.yml`** — a regression test that builds in **production mode** (the mode that exposes this bug class) and asserts no `var( - - )` corruption, intact `var(--spacing)`, a valid `.fixed-top`, and a non-empty `main.css`. Passes with the fix; fails without it (83 corruptions). Closes the CI blind spot that let this ship. 3. **`_config.yml` — drop dead `jekyll-minifier` exclude** `assets/js/search/*.js`. That is a v0 path; in v1 the search runtime ships under `assets/al_search/js/...`, so the glob matched nothing. 4. **`purgecss.config.js` — safelist `medium-zoom-overlay` / `medium-zoom-image--opened`.** These classes are injected at runtime, so they never appear in the static HTML PurgeCSS scans; their `z-index:999` overlay rule was being purged on the deployed site, letting the scroll-progress bar / ToC bleed through a zoomed image. Verified: the rule survives purge with the safelist and is dropped without it. ## Broader audit — plugin fixes (released + pinned here) I audited for the same bug class (regressions invisible to dev-mode builds / leftovers from the v1 jQuery removal). The confirmed plugin-owned issues were each fixed in their own repo, merged after green CI, released to RubyGems, and pinned in this PR's `Gemfile`: - **al_folio_core 1.0.10** ([#18](al-org-dev/al-folio-core#18)) — `main.css` cache-bust was permanently the empty-string MD5 (`bust_css_cache` globbed a non-existent `assets/_sass`) → stale CSS after deploys; `bib.liquid` "N more authors" used `$(this)` → threw and never expanded; `figure.liquid` `onerror` used `$()` → dead broken-image fallback. - **al_charts 1.0.1** ([#7](al-org-dev/al-charts#7)) — `chartjs-setup.js` was jQuery → `chartjs` charts threw `$ is not defined` and never rendered. - **al_folio_distill 1.0.2** ([#2](al-org-dev/al-folio-distill#2)) — `overrides.js` top-level `$(window).on("load")` → distill footnote/citation theming never applied + console error. Verified end-to-end with a production build after the pin bumps: `main.css` now cache-busts to a real hash (`9278fad1…`, not `d41d8cd9…`), zero jQuery `$(` in the built HTML, and the Tailwind spacing utilities / `.fixed-top` navbar are intact. Also noted (not fixed here): the `visual-regression` workflow only renders in dev mode, so it can't catch production-only CSS regressions — `test/integration_css_minify.sh` is the immediate guard; a production screenshot leg would be a fuller backstop. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the bundler group with 1 update in the / directory: nokogiri.
Updates
nokogirifrom 1.19.0 to 1.19.1Release notes
Sourced from nokogiri's releases.
Changelog
Sourced from nokogiri's changelog.
Commits
d913045version bump to v1.19.1b81cb98doc: update CHANGELOG for upcoming v1.19.18e66809C14n raise on failure (#3600)5b77f3dRaise RuntimeError when canonicalization failsedc5595Thank sponsors in the READMEd4dc245dep: update rdoc to v7Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.