From 68513085a2888623d46dc455cd80a5db5189e872 Mon Sep 17 00:00:00 2001 From: Neikon Date: Wed, 13 May 2026 19:34:56 +0200 Subject: [PATCH 1/2] Fix devcontainer tmp permissions for Podman --- .devcontainer/devcontainer.json | 4 ++++ MEMORY.md | 1 + 2 files changed, 5 insertions(+) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index f25e7b9f..d12220a6 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -8,6 +8,10 @@ "ghcr.io/devcontainers/features/github-cli:1": {}, "ghcr.io/devcontainers-extra/features/npm-package:1": {} }, + "runArgs": [ + "--tmpfs", + "/tmp:rw,exec,nosuid,nodev,mode=1777" + ], // Features to add to the dev container. More info: https://containers.dev/features. // "features": {}, diff --git a/MEMORY.md b/MEMORY.md index de6a8175..465f0b7f 100644 --- a/MEMORY.md +++ b/MEMORY.md @@ -24,6 +24,7 @@ This file stores durable project context so future conversations can resume work - Devcontainer bootstrap script: `.devcontainer/post-create.sh` - Devcontainer automation runs `.devcontainer/post-create.sh` from `postCreateCommand` to install project dependencies after container creation/rebuild - The devcontainer installs GitHub CLI through the `ghcr.io/devcontainers/features/github-cli:1` feature; `gh` still requires `gh auth login` or `GH_TOKEN` for GitHub API/Actions commands +- The devcontainer mounts `/tmp` as a `tmpfs` with mode `1777` through `runArgs` so VS Code Dev Containers can start under rootless Podman; without this, the generated feature image can leave `/tmp` at `755` and fail creating `/tmp/.X11-unix`. - The build toolchain runs on Node 24 with Astro 6 - `npm audit` is currently clean after adding a targeted `yaml` override for the Astro check toolchain From 757f299a13c94d7f73c1dd53d6a57101cc21858a Mon Sep 17 00:00:00 2001 From: Neikon Date: Wed, 13 May 2026 17:38:00 +0000 Subject: [PATCH 2/2] npm audit fix --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 58d29ba8..609585e9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2770,9 +2770,9 @@ } }, "node_modules/fast-uri": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", - "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz", + "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==", "dev": true, "funding": [ {