Skip to content

chore(website): regenerate dependency supply-chain snapshots#193

Merged
nedtwigg merged 1 commit into
mainfrom
chore/regenerate-dep-snapshots
Jun 30, 2026
Merged

chore(website): regenerate dependency supply-chain snapshots#193
nedtwigg merged 1 commit into
mainfrom
chore/regenerate-dep-snapshots

Conversation

@dormouse-bot

Copy link
Copy Markdown
Collaborator

Regenerates the public supply-chain snapshot pages (website/src/data/dependencies-npm.json and dependencies-cargo.json) so they match the current lockfiles.

The nightly security-audit has flagged check #1 (node website/scripts/generate-deps.js must not modify the committed snapshots) as FAIL for four consecutive days (2026-06-26 through 06-30, #191). Several npm and Cargo dependencies were bumped in the lockfiles without the snapshots being regenerated, so dormouse.sh/supply-chain did not reflect the versions users actually receive.

Running the generator picks up the drift, including:

  • npm: @stricli/core 1.2.7→1.2.8, @tauri-apps/api 2.11.0→2.11.1, the @xterm/* beta line 0.219→0.288, and the newly-added cross-spawn 7.0.6 (from the dor Windows-spawn work).
  • Cargo: serde_json 1.0.149→1.0.150, tauri 2.11.2→2.11.3, and other transitive bumps.

dependencies-runtime.json is unchanged.

No regression test: this is a generated-data refresh, not a code change. The recurring drift is what security-audit check #1 already guards — this PR just brings the committed output back in sync.

Fixes #191.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 30, 2026

Copy link
Copy Markdown

Deploying mouseterm with  Cloudflare Pages  Cloudflare Pages

Latest commit: 0a85f9f
Status: ✅  Deploy successful!
Preview URL: https://2213f682.mouseterm.pages.dev
Branch Preview URL: https://chore-regenerate-dep-snapsho.mouseterm.pages.dev

View logs

@nedtwigg nedtwigg merged commit e84b659 into main Jun 30, 2026
4 checks passed
@nedtwigg nedtwigg deleted the chore/regenerate-dep-snapshots branch June 30, 2026 16:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[security-audit] FAIL on 2026-06-30

2 participants