Skip to content

Bump @docmd/core from 0.8.5 to 0.8.9 in the npm-dependencies group#10

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-e6c4ffcb3a
Open

Bump @docmd/core from 0.8.5 to 0.8.9 in the npm-dependencies group#10
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-e6c4ffcb3a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-dependencies group with 1 update: @docmd/core.

Updates @docmd/core from 0.8.5 to 0.8.9

Release notes

Sourced from @​docmd/core's releases.

docmd@0.8.8 🛡️ (Security Hardening + OKF)

A focused hardening release with OKF (Open Knowledge Format) Integration. Every change here is either a regression caught by users, a CI workflow bug, or a build-time reliability issue.

🐛 Bug fixes

Docker: volume mount permissions fixed

docmd init and other file-writing commands failed with "Permission denied" when /docs was a host-mounted volume owned by a uid other than the container's built-in docmd user (uid 1001). The image now ships with su-exec and the entrypoint detects the host uid:gid of the mounted directory and re-execs as that identity before running any command — same pattern used by the official postgres and redis images.

# All of these now work without -u flags on a host volume
docker run -v $(pwd):/docs ghcr.io/docmd-io/docmd:latest init
docker run -v $(pwd):/docs -p 3000:3000 ghcr.io/docmd-io/docmd:latest

The cp -a (archive) mode that triggered "Operation not permitted" warnings on ownership preservation is gone. The -u $(id -u):$(id -g) workaround is no longer required and has been removed from all READMEs and the Docker deployment guide.

Docker: init now non-blocking in CI

The interactive "Do you want to override these files?" prompt hung in non-TTY environments (CI, docker run without -it, piped input). The CLI now detects non-interactive mode and skips the prompt automatically — keeping existing files by default (safe), or accepting -y/--yes to opt into overwrite. A new --force flag also works in any environment for explicit override.

# Force overwrite in CI / Docker / piped input
docker run --rm -v $(pwd):/docs ghcr.io/docmd:latest init --force
Or use -y
docker run --rm -v $(pwd):/docs ghcr.io/docmd:latest init -y

docmd add on npx: false "npm not found" on Windows

npx @docmd/core add <plugin> on Windows PowerShell printed "The package manager 'npm' was not found on your system PATH" even though npm --version worked fine in the same shell. Root cause: when @docmd/core is launched through npx, the spawned child process inherits a stripped PATH on Windows. The installer now resolves npm/pnpm/yarn/bun relative to process.execPath (Node's own location), which always works regardless of how @docmd/core was launched.

The error message also now detects the specific case (Node reachable + binary missing) and suggests installing the plugin via the host package manager directly.

... (truncated)

Commits
  • 50b81b4 Remove @​docmd/plugin-pwa from playground
  • 8a02b29 Update plugins.generated.json
  • e4e0330 chore: regenerate plugin registry
  • 3521284 fix(template-summer): include templates/ and assets/ in published tarball
  • 4abda5f fix(ui): include translations/ in published @​docmd/ui
  • 4790cca chore: drop stale playground cache
  • 0e2b27b chore: pnpm scripts, search plugin peer dep, version bumps to 0.8.9
  • fb43dd7 feat(installer): read from the generated registry
  • 9ba08e1 feat(loader): harden plugin auto-install; add docmd doctor
  • 6efb99f feat(packages): add docmd namespace to all official packages
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm-dependencies group with 1 update: [@docmd/core](https://github.com/docmd-io/docmd).


Updates `@docmd/core` from 0.8.5 to 0.8.9
- [Release notes](https://github.com/docmd-io/docmd/releases)
- [Commits](docmd-io/docmd@0.8.5...0.8.9)

---
updated-dependencies:
- dependency-name: "@docmd/core"
  dependency-version: 0.8.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants