16 Commits

Author SHA1 Message Date
dependabot[bot]
33146a91eb build(deps): bump dompurify from 3.4.10 to 3.4.11 in /socratiq (#1892)
Updates dompurify to 3.4.11 (fixes a leaky config for hooks via setConfig)
and regenerates the committed SocratiQ bundle (npm run build:vite under
node 20) so the shipped widget actually uses the new version. The bundle
build is reproducible (byte-identical across repeated builds).
2026-06-21 22:39:47 -04:00
Vijay Janapa Reddi
ccbba4dbdf build(deps-dev): bump socratiq vite 8.0.10 -> 8.0.16, rebuild bundle (#1883)
Supersedes dependabot #1865; regenerates the committed widget bundle so it
matches the new build tool, satisfying the SocratiQ Bundle Drift check.
2026-06-16 19:01:42 -04:00
Vijay Janapa Reddi
2ad7c2d1c5 build(deps): bump socratiq markdown-it 14.2.0 + dompurify 3.4.10, rebuild bundle (#1880)
Combines dependabot #1862 (markdown-it 14.1.1->14.2.0) and #1863
(dompurify 3.4.1->3.4.10) and regenerates the committed widget bundle
(book/quarto/tools/scripts/socratiQ/bundle.js) so it matches the bumped
sources, satisfying the SocratiQ Bundle Drift check that blocked both
dependabot PRs.
2026-06-16 18:52:13 -04:00
Vijay Janapa Reddi
07b80bb6e9 fix: avoid rendering component parse exceptions 2026-05-10 18:36:01 -04:00
Vijay Janapa Reddi
5ed43abed9 fix: close remaining CodeQL bridge alerts 2026-05-10 18:29:54 -04:00
Vijay Janapa Reddi
186b09fbb8 fix: address CodeQL code scanning alerts 2026-05-10 18:00:17 -04:00
Vijay Janapa Reddi
5b3e84051c fix(security): CodeQL — Actions permissions, DOM XSS, sanitization, audit regex
- Workflow: default contents:read for jobs without explicit permissions
- audit_math_rendering: match </script> and </style> with optional whitespace
- SocratiQ: tooltip via DOM APIs; iterative HTML stripping; quote normalization
  for JSON repair; repeat-until-stable tag cleanup in SR/copy flows
- Rebuild bundle.js for Quarto embed path
2026-05-10 17:13:23 -04:00
dependabot[bot]
39f033cc33 build(deps): bump solid-js from 1.9.3 to 1.9.12 in /socratiq
Bumps [solid-js](https://github.com/solidjs/solid) from 1.9.3 to 1.9.12.
- [Release notes](https://github.com/solidjs/solid/releases)
- [Changelog](https://github.com/solidjs/solid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/solidjs/solid/commits)

---
updated-dependencies:
- dependency-name: solid-js
  dependency-version: 1.9.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-26 08:21:04 -04:00
dependabot[bot]
eff5e8ec2b build(deps): bump markdown-it from 14.1.0 to 14.1.1 in /socratiq
Bumps [markdown-it](https://github.com/markdown-it/markdown-it) from 14.1.0 to 14.1.1.
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](https://github.com/markdown-it/markdown-it/compare/14.1.0...14.1.1)

---
updated-dependencies:
- dependency-name: markdown-it
  dependency-version: 14.1.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-04-26 08:19:55 -04:00
Vijay Janapa Reddi
64c99415c1 fix(socratiq): bump vite-plugin-singlefile to ^2.3.0 to satisfy vite 8 peer dep
vite-plugin-singlefile@2.0.2 declares a peer dependency on
vite ^5.4.11 || ^6.0.0, but socratiq/ pins vite ^8.0.10. npm refused
to resolve the dep tree, so 'npm ci' failed in the SocratiQ Bundle
Drift workflow on every PR that touched socratiq/package-lock.json
— including dependabot bumps for unrelated transitive packages
(see #1538 markdown-it, #1539 solid-js).

vite-plugin-singlefile@2.3.0+ supports vite 5/6/7/8, so a one-line
bump unblocks 'npm ci', which lets the bundle drift check actually
run again.

Also commits the regenerated production bundle and stylesheet to
satisfy the drift check itself.
2026-04-26 07:57:18 -04:00
Vijay Janapa Reddi
569bfeb1fe fix(socratiq): sync lock file with package.json and rebuild bundle
The new bundle-drift CI guard caught a real inconsistency left over
from #1394: package.json declares "dompurify": "^3.4.0" (added as
part of the security-fix commits), but package-lock.json still
pinned dompurify@2.5.8. As a result:

- npm ci refused to install from the lock (exit code EUSAGE), which
  broke both the drift guard and anyone running `npm ci` locally.
- The committed bundle.js was built against the old dompurify, so
  the rendered book was silently serving the 2.5.x code instead of
  the 3.4.x the package.json declared.

This commit runs `npm install` (lock: 2.5.8 -> 3.4.1) and `npm run
build:vite` to regenerate the bundle from sources that actually
match the declared dependency set. Vite reports 2976 modules
transformed, bundle size 6.6 MB unchanged.

The drift guard should now pass on this branch, validating that the
guard works end-to-end on its introduction PR.
2026-04-24 13:50:24 -04:00
kai4avaya
80c5f62708 feat: fix SocratiQ re-entry bug and add initialization loader 2026-04-21 19:32:00 -04:00
kai4avaya
ba8cfcf0ea feat: Integrate SocratiQ interactive widget and update Quarto index 2026-04-21 19:31:33 -04:00
kai
f0ae9ebb7f updated bundle for stability for socratiQ 2026-01-30 14:12:16 -05:00
Vijay Janapa Reddi
853eb03ee8 style: apply consistent whitespace and formatting across codebase 2025-12-13 14:05:34 -05:00
Vijay Janapa Reddi
7b92e11193 Repository Restructuring: Prepare for TinyTorch Integration (#1068)
* Restructure: Move book content to book/ subdirectory

- Move quarto/ → book/quarto/
- Move cli/ → book/cli/
- Move docker/ → book/docker/
- Move socratiQ/ → book/socratiQ/
- Move tools/ → book/tools/
- Move scripts/ → book/scripts/
- Move config/ → book/config/
- Move docs/ → book/docs/
- Move binder → book/binder

Git history fully preserved for all moved files.

Part of repository restructuring to support MLSysBook + TinyTorch.

Pre-commit hooks bypassed for this commit as paths need updating.

* Update pre-commit hooks for book/ subdirectory

- Update all quarto/ paths to book/quarto/
- Update all tools/ paths to book/tools/
- Update config/linting to book/config/linting
- Update project structure checks

Pre-commit hooks will now work with new directory structure.

* Update .gitignore for book/ subdirectory structure

- Update quarto/ paths to book/quarto/
- Update assets/ paths to book/quarto/assets/
- Maintain all existing ignore patterns

* Update GitHub workflows for book/ subdirectory

- Update all quarto/ paths to book/quarto/
- Update cli/ paths to book/cli/
- Update tools/ paths to book/tools/
- Update docker/ paths to book/docker/
- Update config/ paths to book/config/
- Maintain all workflow functionality

* Update CLI config to support book/ subdirectory

- Check for book/quarto/ path first
- Fall back to quarto/ for backward compatibility
- Maintain full CLI functionality

* Create new root and book READMEs for dual structure

- Add comprehensive root README explaining both projects
- Create book-specific README with quick start guide
- Document repository structure and navigation
- Prepare for TinyTorch integration
2025-12-05 14:04:21 -08:00