Skip to content

fix(quill): smaller changes, more consistent, more stable#54375

Merged
adamleithp merged 10 commits intomasterfrom
quill/small-changes
Apr 13, 2026
Merged

fix(quill): smaller changes, more consistent, more stable#54375
adamleithp merged 10 commits intomasterfrom
quill/small-changes

Conversation

@adamleithp
Copy link
Copy Markdown
Contributor

@adamleithp adamleithp commented Apr 13, 2026

Problem

Fixing some inconsistencies

Changes

Too many

How did you test this code?

No

adamleithp and others added 6 commits April 13, 2026 12:55
@adamleithp @claude
chore(quill): bump to 0.1.0-alpha.3 and add stamphog dist-tag
a8afdc5 
@posthog/quill-tokens@0.1.0-alpha.2 is already on npm, which was
blocking republish with a 403. Bump both @posthog/quill and
@posthog/quill-tokens to 0.1.0-alpha.3 so the next workflow run has a
fresh version to publish. Also add `stamphog` as a third option on
the workflow_dispatch `tag` input so the publish workflow can target
that dist-tag.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@adamleithp
tooltips cleaner
fff95a7
@adamleithp
fix up colors, spacing across accordian and collapsible
0e703d5
@adamleithp
update layout story to explore colors
cf97ae9
@adamleithp
remove fill-active, clean up collapsib
bfdeab4 
le again, re-work fill-* colors to be neutral
 particularly fill-hover
@adamleithp
tooltip stories revert
aa30443
@assign-reviewers-posthog assign-reviewers-posthog bot requested a review from a team April 13, 2026 22:41
@adamleithp adamleithp removed the request for review from a team April 13, 2026 22:42
@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 13, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addednpm/​@​babel/​plugin-transform-nullish-coalescing-operator@​7.24.71001007193100
Addednpm/​@​dnd-kit/​utilities@​3.2.11001007180100
Addednpm/​@​babel/​preset-react@​7.23.31001007193100
Addednpm/​@​babel/​preset-typescript@​7.23.31001007393100
Addednpm/​@​babel/​plugin-transform-private-property-in-object@​7.24.71001007393100
Addednpm/​@​babel/​plugin-transform-runtime@​7.22.10991007494100
Addednpm/​@​babel/​plugin-transform-react-jsx@​7.23.41001007693100
Addednpm/​@​floating-ui/​react@​0.27.19971007690100
Addednpm/​@​babel/​preset-env@​7.23.5961007795100
Addednpm/​@​dagrejs/​dagre@​1.1.51001007891100
Addednpm/​@​dnd-kit/​core@​6.0.8991007980100
Addednpm/​@​dnd-kit/​sortable@​7.0.21001007980100
Addednpm/​@​babel/​traverse@​7.26.41001007994100
Addednpm/​@​babel/​runtime@​7.24.0100997995100
Addednpm/​@​dnd-kit/​modifiers@​6.0.110010010080100
Addednpm/​@​babel/​standalone@​7.26.7991008091100
Addednpm/​@​babel/​types@​7.26.3981008194100
Addednpm/​@​google-cloud/​storage@​5.20.59310010084100
Addednpm/​@​fontsource-variable/​inter@​5.2.8100100848490
Addednpm/​@​connectrpc/​connect-node@​2.1.110010010086100
Addednpm/​@​connectrpc/​connect@​2.1.11001009186100
Addednpm/​@​google-cloud/​pubsub@​4.11.09610010087100
Addednpm/​@​clickhouse/​client@​1.12.01001008897100
Addednpm/​@​bufbuild/​protobuf@​2.11.01001008891100
Addednpm/​@​base-ui/​react@​1.3.0901008990100
Addednpm/​@​marsidev/​react-turnstile@​1.4.21001009890100
Addednpm/​@​bufbuild/​protoc-gen-es@​2.11.010010010091100
Addednpm/​@​cloudflare/​workers-types@​4.20260207.0100100100100100

View full report

@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 13, 2026
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
High CVE: npm @hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware

CVE: GHSA-wc8c-qw6v-h7f6 @hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware (HIGH)

Affected versions: < 1.19.10

Patched version: 1.19.10

From: pnpm-lock.yamlnpm/@hono/node-server@1.19.9

ℹ Read more on: This package | This alert | What is a CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@hono/node-server@1.19.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Apr 13, 2026

Prompt To Fix All With AI 
This is a comment left during a code review.
Path: packages/quill/packages/primitives/src/button.stories.tsx
Line: 45

Comment:
**Incorrect label on disabled button**

The button in the first `<div>` is rendered `disabled` but labeled `"Selected"` — the second `<div>` correctly uses `"Disabled"`. This makes the story misleading when comparing the two backgrounds side-by-side.

```suggestion
                <Button disabled>Disabled</Button>
```

How can I resolve this? If you propose a fix, please make it concise.

---

This is a comment left during a code review.
Path: packages/quill/apps/storybook/.storybook/main.ts
Line: 19-34

Comment:
**Pending rebuild dropped when a change arrives during an active rebuild**

If a token file is saved while `rebuilding` is `true`, the debounce timer fires 100 ms later, `rebuild()` returns early, and the pending change is silently lost. The developer must save the file again to pick up the change.

A simple fix is to queue one deferred rebuild:

```typescript
const rebuild = (server: ViteDevServer): void => {
    if (rebuilding) {
        rebuildPending = true
        return
    }
    rebuildPending = false
    rebuilding = true
    const proc = spawn('pnpm', ['exec', 'tsx', 'src/build.ts'], {
        cwd: tokensRoot,
        stdio: 'inherit',
        shell: true,
    })
    proc.on('exit', (code) => {
        rebuilding = false
        if (code === 0) {
            server.ws.send({ type: 'full-reload' })
        }
        if (rebuildPending) {
            rebuild(server)
        }
    })
}
```

(Also declare `let rebuildPending = false` alongside `let rebuilding = false`.)

How can I resolve this? If you propose a fix, please make it concise.

Reviews (1): Last reviewed commit: "formatting" | Re-trigger Greptile

greptile-apps[bot]
greptile-apps bot reviewed Apr 13, 2026
View reviewed changes
adamleithp and others added 2 commits April 13, 2026 23:44
@adamleithp @greptile-apps
Update packages/quill/packages/primitives/src/button.stories.tsx
9c9e8ad 
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
@adamleithp
rebuildPending
cb1ca4f
@adamleithp adamleithp added the stamphog Request AI review from stamphog label Apr 13, 2026
stamphog[bot]
stamphog bot reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown

@stamphog stamphog bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Gates denied this PR because it touches CI/CD workflows and dependency/toolchain files, which require human review. The author is also not on the owning team for the affected files.

@stamphog stamphog bot removed the stamphog Request AI review from stamphog label Apr 13, 2026
@adamleithp adamleithp added the stamphog Request AI review from stamphog label Apr 13, 2026
stamphog[bot]

This comment was marked as outdated.

Sign in to view

@stamphog stamphog bot removed the stamphog Request AI review from stamphog label Apr 13, 2026
@adamleithp adamleithp changed the title fix(quill): small changes fix(quill): smaller changes, more consistent, more stable Apr 13, 2026
@adamleithp adamleithp merged commit 2bec876 into master Apr 13, 2026
158 checks passed
@adamleithp adamleithp deleted the quill/small-changes branch April 13, 2026 22:57
@deployment-status-posthog
Copy link
Copy Markdown

deployment-status-posthog bot commented Apr 13, 2026
edited
Loading

Deploy status

Environment Status Deployed At Workflow
dev ✅ Deployed 2026-04-13 23:25 UTC Run
prod-us ✅ Deployed 2026-04-14 02:41 UTC Run
prod-eu ✅ Deployed 2026-04-14 02:45 UTC Run

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@lucasheriques lucasheriques lucasheriques approved these changes

+1 more reviewer

@stamphog stamphog[bot] stamphog[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adamleithp @lucasheriques