Skip to content

chore(website): regenerate lockfile to refresh transitive deps#269

Merged
frbrkoala merged 1 commit into
mainfrom
chore/website-relock-docusaurus
Jul 6, 2026
Merged

chore(website): regenerate lockfile to refresh transitive deps#269
frbrkoala merged 1 commit into
mainfrom
chore/website-relock-docusaurus

Conversation

@frbrkoala

@frbrkoala frbrkoala commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Regenerate website/package-lock.json with npm 11.6.2 (lockfileVersion 3 unchanged) to pull patched transitive dependencies within the existing package.json semver ranges. package.json is unchanged: Docusaurus is already on the latest stable (3.10.1), so no version bump was needed.

This clears the previously-flagged transitive advisories for the shipping and build dependencies. The 18 remaining moderate npm-audit findings all trace to a single dev-only issue (uuid buffer bounds check) reached via webpack-dev-server -> sockjs -> @docusaurus/core, which is not part of the built static site.

Verified: npm install is idempotent and npm run build succeeds.

What does this PR do?

🛑 Please open an issue first to discuss any significant work and flesh out details/direction — we would hate for your time to be wasted.
Consult the CONTRIBUTING guide for submitting pull-requests.

Motivation

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • New blueprint (adding a new protocol — see checklist below)
  • Documentation update
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Testing

  • I have run npm run build successfully
  • I have run npm run test and all tests pass
  • I have run npx cdk synth with a sample .env (e.g. from blueprints/dummy/samples/) and it succeeds
  • I have run pre-commit hooks: npm run run-pre-commit

New Blueprint Checklist (if adding a protocol)

  • Blueprint follows the structure of blueprints/dummy/ (reference implementation)
  • Blueprint README follows the standard template (matches Dummy section titles and ordering)
  • Setup section points to Getting Started (not inline instructions)
  • Deployment section leads with AI-driven deployment (Option 1) and manual as Option 2
  • Sample .env files are provided for at least one network (mainnet or testnet)
  • Configuration scripts follow the install/run dispatch pattern (see blueprints/dummy/)
  • Blueprint page added to website/docs/blueprints/ (.mdx mirror importing README)
  • Client Release Channels table added to README under Additional Resources

Documentation

  • I have updated relevant documentation (if applicable)
  • I have run cd website && npm run build with no broken links (if docs changed)

License

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Regenerate website/package-lock.json with npm 11.6.2 (lockfileVersion 3
unchanged) to pull patched transitive dependencies within the existing
package.json semver ranges. package.json is unchanged: Docusaurus is already
on the latest stable (3.10.1), so no version bump was needed.

This clears the previously-flagged transitive advisories for the shipping and
build dependencies. The 18 remaining moderate npm-audit findings all trace to
a single dev-only issue (uuid buffer bounds check) reached via
webpack-dev-server -> sockjs -> @docusaurus/core, which is not part of the
built static site.

Verified: npm install is idempotent and `npm run build` succeeds.
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:

  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
  • ⚠️ 1 packages with OpenSSF Scorecard issues.

View full job summary

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

Scan for commit: c7b45a8 | Updated: 2026-07-06 02:39:06 UTC

🔒 Security Scan Results

Scanned files: 1

⚠️ Security findings detected. Please review and address before merging.

@frbrkoala frbrkoala left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@frbrkoala frbrkoala merged commit b1ca106 into main Jul 6, 2026
7 checks passed
@frbrkoala frbrkoala deleted the chore/website-relock-docusaurus branch July 6, 2026 02:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants