From 89684dc17012a17f61210139e495ca13772d60f0 Mon Sep 17 00:00:00 2001 From: Jan Vennemann Date: Fri, 22 May 2026 17:49:54 +0200 Subject: [PATCH 1/3] ci: pin pnpm version --- .github/workflows/test.yml | 2 -- package.json | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2485e50a..18ccfd59 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -27,8 +27,6 @@ jobs: - name: Install pnpm uses: pnpm/action-setup@v4 - with: - version: latest - name: Install dependencies run: pnpm install diff --git a/package.json b/package.json index b488ea6e..9076b137 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,7 @@ { "name": "titanium", "version": "8.1.5", + "packageManager": "pnpm@10.33.3", "author": "TiDev, Inc. ", "description": "Command line interface for building Titanium SDK apps", "type": "module", From e97296d4eb7f9ac8bd54154f182517029392c04f Mon Sep 17 00:00:00 2001 From: Jan Vennemann Date: Tue, 16 Jun 2026 13:31:21 +0200 Subject: [PATCH 2/3] test(sdk): stabilize branch-list assertion The `sdk list` test hardcoded `branches.includes('12_6_X')`, asserting a specific branch exists in the live build-server branch list. That branch has since been removed (current version-line branches are 11_1_X, 12_7_X, 13_0_X, 12_8_X, 13_1_X, 13_2_X), so the assertion fails and breaks CI on every branch. Assert that at least one version-line branch (`\d+_\d+_X`) is present instead, which verifies branch listing works without coupling to a volatile branch name. --- test/commands/ti-sdk.test.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/commands/ti-sdk.test.js b/test/commands/ti-sdk.test.js index 09135932..09af648c 100644 --- a/test/commands/ti-sdk.test.js +++ b/test/commands/ti-sdk.test.js @@ -301,7 +301,9 @@ describe('ti sdk', () => { ({ exitCode, stdout } = await run(['sdk', 'ls', '-bu', '--json'])); const json = JSON.parse(stdout); assert(json.branches.branches.includes('main') || json.branches.branches.includes('master')); - assert(json.branches.branches.includes('12_6_X')); + // Assert a version-line branch exists rather than a specific one; the + // live branch list changes as the SDK release line advances. + assert(json.branches.branches.some(branch => /^\d+_\d+_X$/.test(branch))); assert(json.releases[sdkName]); assert.strictEqual(exitCode, 0); From b626ea116450a0136b16f0c41c9b88026ca9596f Mon Sep 17 00:00:00 2001 From: Jan Vennemann Date: Tue, 16 Jun 2026 14:47:06 +0200 Subject: [PATCH 3/3] fix(sdk): upgrade yauzl to 3.4.0 for Node 24 SDK extraction MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On Node 24, yauzl 3.3.0's internally-piped inflate stream produces no output for larger deflate entries: `openReadStream` returns a stream that never emits data or 'end'. During `ti sdk install` this stalls extraction at the first big file (e.g. lodash.js, 544 KB) — `readEntry()` is never called again, the event loop drains, and Node 24 aborts with "Detected unsettled top-level await". The SDK never finishes installing. Node 20/22 are unaffected. yauzl 3.4.0 fixes the inflate-stream composition. Verified: `ti sdk install 12.2.0.GA` completes on Node 24 and lodash.js extracts to its full 544098 bytes. 3.4.0 drops the buffer-crc32 dependency; lockfile updated surgically (yauzl bump + buffer-crc32 removal only), frozen-install verified consistent. --- package.json | 2 +- pnpm-lock.yaml | 16 +++++----------- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/package.json b/package.json index 9076b137..e3625f29 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "which": "6.0.1", "wrap-ansi": "10.0.0", "xpath": "0.0.34", - "yauzl": "3.3.0" + "yauzl": "3.4.0" }, "devDependencies": { "@reporters/github": "1.13.1", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index bff0b84b..11108399 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -45,8 +45,8 @@ importers: specifier: 0.0.34 version: 0.0.34 yauzl: - specifier: 3.3.0 - version: 3.3.0 + specifier: 3.4.0 + version: 3.4.0 devDependencies: '@reporters/github': specifier: 1.13.1 @@ -667,9 +667,6 @@ packages: engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7} hasBin: true - buffer-crc32@0.2.13: - resolution: {integrity: sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==} - c8@11.0.0: resolution: {integrity: sha512-e/uRViGHSVIJv7zsaDKM7VRn2390TgHXqUSvYwPHBQaU6L7E9L0n9JbdkwdYPvshDT0KymBmmlwSpms3yBaMNg==} engines: {node: 20 || >=22} @@ -1354,8 +1351,8 @@ packages: resolution: {integrity: sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==} engines: {node: '>=12'} - yauzl@3.3.0: - resolution: {integrity: sha512-PtGEvEP30p7sbIBJKUBjUnqgTVOyMURc4dLo9iNyAJnNIEz9pm88cCXF21w94Kg3k6RXkeZh5DHOGS0qEONvNQ==} + yauzl@3.4.0: + resolution: {integrity: sha512-jIH9yLR9wqr0wOS0TpBvo/g/2UgZH5qePVbjgRliiF0BYvOZyaBknKsF+x9Iht0O6sqgnB93rCICdOZFecJuDw==} engines: {node: '>=12'} yocto-queue@0.1.0: @@ -1829,8 +1826,6 @@ snapshots: node-releases: 2.0.37 update-browserslist-db: 1.2.3(browserslist@4.28.2) - buffer-crc32@0.2.13: {} - c8@11.0.0: dependencies: '@bcoe/v8-coverage': 1.0.2 @@ -2506,9 +2501,8 @@ snapshots: y18n: 5.0.8 yargs-parser: 21.1.1 - yauzl@3.3.0: + yauzl@3.4.0: dependencies: - buffer-crc32: 0.2.13 pend: 1.2.0 yocto-queue@0.1.0: {}