restic/restic
+91 -20
A race in restic init could orphan a key file
What broke: init wrote the key file before the config
file, so two clients initializing the same repo at once could leave a key that no config
ever pointed at. The fix reorders the two writes and moves key generation into the caller,
so config lands first.
vectordotdev/vector
+52 -3
S3 sink rejected by Cloudflare R2 with InvalidRequest
What broke: Vector sent its own Content-MD5 plus the
AWS SDK’s newer checksum headers on every upload. Standard S3 tolerates both; R2 refuses more
than one non-default checksum. The fix limits checksum calculation to when it’s actually required.
prettier/prettier
+68 -0
import.meta silently dropped a whole script block
What broke: in a non-module <script>,
Babel rejects import.meta, and the HTML embed logic swallows any embed that throws,
so the entire block came out unformatted. The real fix was one line in the Babel error-recovery
allowlist, not in the formatter.
zellij-org/zellij
+108 -0
Can’t bind Ctrl+\ as a key
What broke: the key map only covered Ctrl+A..Z. Control
chars from Ctrl with non-letters (\, ], ^, _)
fell through with no modifier attached, so the bind never matched. Fixed at the call site, leaving
the vendored code untouched.
rclone/rclone
+19 -4
nfsmount passed Linux options to OpenBSD’s mount_nfs
What broke: the mount options were hardcoded in GNU
syntax, so OpenBSD’s mount_nfs rejected mountport. Added a GOOS branch
for OpenBSD’s syntax, matched the man page, and said plainly in the PR that a BSD user should
confirm at runtime since I couldn’t.
sveltejs/kit
+24 -14
A cookie-size limit that was a magic number
What broke: MAX_COOKIE_SIZE was 4129 and
compared against the whole serialized cookie. The spec’s 4096 is for name and value only, so the
fix aligns the value and checks the right thing. Also found the existing test was a no-op.