chore: reconcile production (legacy) with staging (master)#346
Merged
Conversation
maryia-deriv
requested review from
matin-deriv,
mayuran-deriv and
nijil-deriv
as code owners
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
maryia-deriv
changed the title
maryia-deriv
force-pushed
the
maryia/reconcile-legacy-with-staging
branch
from
b525e7f to
8dba218
Compare
maryia-deriv
added a commit
that referenced
this pull request
Jun 4, 2026
…ging lock) master's package-lock.json was out of sync with package.json (npm ci failed: many packages "Missing from lock file", e.g. @testing-library/dom). Regenerate a valid lock from the healthy production base: - pin dependencies/devDependencies to exact versions (drop caret ranges), using the versions already resolved in the working lock - keep the security-override version bumps (lodash 4.18.0, lodash-es 4.18.0, dompurify 3.4.0) plus existing overrides - regenerate package-lock.json with peer deps retained Verified: npm ci passes, full jest suite passes, docusaurus build succeeds. This package.json + package-lock.json is identical to the companion PR into legacy (#346), so the two branches become fully identical. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
maryia-deriv
added a commit
that referenced
this pull request
Jun 4, 2026
…ging lock) master's package-lock.json was out of sync with package.json (npm ci failed: many packages "Missing from lock file", e.g. @testing-library/dom). Regenerate a valid lock from the healthy production base: - pin dependencies/devDependencies to exact versions (drop caret ranges), using the versions already resolved in the working lock - keep the security-override version bumps (lodash 4.18.0, lodash-es 4.18.0, dompurify 3.4.0) plus existing overrides - regenerate package-lock.json with peer deps retained Verified: npm ci passes, full jest suite passes, docusaurus build succeeds. This package.json + package-lock.json is identical to the companion PR into legacy (#346), so the two branches become fully identical. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
maryia-deriv
force-pushed
the
maryia/reconcile-legacy-with-staging
branch
from
8dba218 to
f7a4a41
Compare
maryia-deriv
force-pushed
the
maryia/reconcile-legacy-with-staging
branch
from
f7a4a41 to
9d34858
Compare
maryia-deriv
force-pushed
the
maryia/reconcile-legacy-with-staging
branch
from
9d34858 to
d5d3416
Compare
Port selective staging changes down into production to bring the two branches toward full parity. src/ application code is already identical; this commit closes the remaining drift. A — Security: - package.json / package-lock.json: add lodash, lodash-es, dompurify overrides; net lock-file cleanup - .trivyignore: new file with CVE suppressions + justifications B — Schema refresh (get/set_settings only): - config/v3/get_settings/receive.json - config/v3/set_settings/send.json - config/v3/set_settings/example.json C — CI workflows: - .github/workflows/coveralls.yml: pin action to v2 SHA - .github/workflows/release_staging.yml: remove Vercel DR step French i18n: - i18n/fr/code.json refreshed from authoritative source (navbar.json already matched, no change) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
maryia-deriv
force-pushed
the
maryia/reconcile-legacy-with-staging
branch
from
d5d3416 to
84098c9
Compare
ashkan-deriv
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Ports selective staging (
master) changes down into production (legacy) to bring the two branches to full parity.src/is already identical; this PR closes the remaining drift. After this PR and #347 merge,masterandlegacyare byte-for-byte identical.Changes
A — Security / dependencies
.trivyignore: new file with CVE suppressions + justifications (protobufjs entries omitted — fixed at source, see below)package.json: pindependencies/devDependenciesto exact versions (drop caret ranges) using the versions already resolved in production's lock; keep overrideslodash 4.18.0,lodash-es 4.18.0,dompurify 3.4.0; addprotobufjs 7.5.6(fixesCVE-2026-41242CRITICAL +CVE-2026-44289/44290/44291, pulls@protobufjs/utf8 1.1.1fixingCVE-2026-44293)package-lock.json: regenerated from production's healthy lock base (npm install --force, peer deps retained). Intentionally does not copy staging's broken lock.B — Schema files (
get_settings/set_settings) adoptmaster's upstream (raw) formatting. These schemas are auto-generated by an external flow that does not run this repo's prettier config; content is identical between branches (only formatting differed). Matching the upstream raw format on both branches avoids a huge reformatting diff on the next automated schema update.C — CI workflows
coveralls.yml: pin action to v2 SHArelease_staging.yml: remove Vercel DR step (cosmetic file-parity only — triggers onmaster, no production deploy impact)French i18n
i18n/fr/code.jsonrefreshed from authoritative sourceVerification
npm cipasses; full jest suite passes (77 passed, 0 failed);docusaurus buildsucceedsprotobufjs7.5.6 /@protobufjs/utf81.1.1 in the lockpackage.json+package-lock.json+.trivyignorebyte-identical to chore: reconcile staging (master) with production (legacy) #347legacyis production.🤖 Generated with Claude Code