use mdformat to format Markdown#940
Conversation
Authored by OpenClaw (model: glm-5)
Merging this PR will not alter performance
|
📝 WalkthroughWalkthroughThe Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~5 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.pre-commit-config.yaml:
- Around line 43-45: The pre-commit config currently fetches mdformat-myst from
an unofficial git fork using the dependency string
"git+https://github.com/njzjz-bothub/mdformat-myst@d9c414e", which is a
supply-chain risk; replace this git+ URL with the official PyPI release
"mdformat-myst==0.3.0" (or a documented, signed internal package name) and add a
short comment explaining the temporary decision, or if the fork is required
long-term, publish the patched fork to PyPI (or an internal index) and update
the dependency to that published package name so CI and scanners can verify
artifacts.
| # - mdformat-myst==0.3.0 | ||
| # See https://github.com/executablebooks/mdformat-myst/issues/13 | ||
| - "git+https://github.com/njzjz-bothub/mdformat-myst@d9c414e#egg=mdformat-myst" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Fetch commit d9c414e details from the fork
curl -s "https://api.github.com/repos/njzjz-bothub/mdformat-myst/commits/d9c414e" | jq -r '{sha: .sha, message: .commit.message, author_name: .commit.author.name, date: .commit.author.date, url: .html_url}'Repository: deepmodeling/dpdata
Length of output: 731
🌐 Web query:
executablebooks mdformat-myst issue #13 status 2025 2026
💡 Result:
executablebooks/mdformat-myst Issue #13 (“colon fence syntax is broken by escape character”) is still Open as of February 24, 2026. It was opened Nov 29, 2021 by @arwedus, labeled enhancement, with no assignee, milestone, or linked PRs shown on the issue page. [1]
🌐 Web query:
mdformat-myst pypi latest version releases
💡 Result:
mdformat-myst (PyPI) latest version: 0.3.0 — released Nov 27, 2025. [1]
Recent releases (newest → oldest): [1]
- 0.3.0 — Nov 27, 2025
- 0.2.2 — Aug 19, 2025
- 0.2.1 — Nov 14, 2024
- 0.2.0 — Oct 16, 2024
- 0.1.5 — Feb 2, 2022
- 0.1.4 — Jun 23, 2021
Install: pip install mdformat-myst [1]
Sources: [1]
Supply-chain risk: git+ fork dependency for mdformat-myst
Installing a package via git+https://github.com/njzjz-bothub/mdformat-myst@d9c414e bypasses PyPI's artifact integrity checks and vulnerability scanning pipeline. Even though the dependency is pinned to a specific commit hash, it pulls from an unofficial, unpublished fork rather than the verified PyPI release (0.3.0, released Nov 27, 2025). This is a meaningful supply-chain risk for any project contributor or CI runner that consumes this pre-commit config.
The commit fixes an indentation preservation issue for non-MyST directive content (as described in its message), which is different from the original issue #13 (colon fence syntax broken by escape character) that remains unresolved upstream. Consider:
- Tracking when upstream resolves the underlying issues and reverting to the official PyPI release.
- If the fork must be used long-term, consider formally publishing the patched version to PyPI under a scoped name to improve transparency and enable vulnerability scanning.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.pre-commit-config.yaml around lines 43 - 45, The pre-commit config
currently fetches mdformat-myst from an unofficial git fork using the dependency
string "git+https://github.com/njzjz-bothub/mdformat-myst@d9c414e", which is a
supply-chain risk; replace this git+ URL with the official PyPI release
"mdformat-myst==0.3.0" (or a documented, signed internal package name) and add a
short comment explaining the temporary decision, or if the fork is required
long-term, publish the patched fork to PyPI (or an internal index) and update
the dependency to that published package name so CI and scanners can verify
artifacts.
|
pre-commit.ci autofix |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## devel #940 +/- ##
=======================================
Coverage 86.37% 86.37%
=======================================
Files 86 86
Lines 8086 8086
=======================================
Hits 6984 6984
Misses 1102 1102 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Follow up deepmodeling/deepmd-kit@69eb0c3, use mdformat to format Markdown.
Summary by CodeRabbit