chore(deps): bump actions/setup-node from 4.4.0 to 6.4.0#2
Open
dependabot[bot] wants to merge 1 commit into
Open
chore(deps): bump actions/setup-node from 4.4.0 to 6.4.0#2dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.4.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@49933ea...48b55a0) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
danafitkowski
added a commit
that referenced
this pull request
May 24, 2026
Closes ChatGPT third-pass directive items #2 and #7. Docs + framework only; engine math byte-identical to v2.9.31 (no version bump). Added — validation/p6-comparison/ (item #2) 15-case Primavera P6 comparison matrix framework. Each case has: - input.json (activities + relationships + opts, engine-input format) - engine-output.json (full computeCPM result captured at v2.9.31) - comparison.csv (per-activity ES/EF/LS/LF/TF/FF with engine column filled, P6 column blank for analyst capture, verdict_pass_fail col) - README.md (case description + expected behavior + P6 setup notes) Cases: 01 FS chain 09 completed successor 02 SS+5 with lag 10 out-of-sequence progress 03 FF+3 with lag 11 mandatory start / finish 04 SF edge case 12 SNET + FNLT 05 negative float (FNLT) 13 ALAP 06 multiple calendars 14 fractional lag (SUB_DAY_LAG) 07 CA-ON Ontario holidays 15 dangling relationship 08 in-progress retained logic 13 of 15 are P6-capturable. Cases 14 and 15 are known-by-construction divergences documented in comparison-matrix.md. Files added: - validation/p6-comparison/README.md — framework overview - validation/p6-comparison/comparison-matrix.md — master roll-up - validation/p6-comparison/generate-cases.js — generator script - validation/p6-comparison/engine-outputs-summary.json - validation/p6-comparison/cases/<NN-name>/ — 15 per-case folders Pending analyst action: populate the *_p6 columns of each case's comparison.csv from native P6 capture, then mark verdict_pass_fail. Each case is small (2-5 activities) and trivial to reproduce in P6. Added — FORENSIC_USE_SOP.md (item #7) 14-step operating procedure for using cpm-engine to produce expert opinions and claim deliverables. Each step has goal, action, engine API support, and what evidence to capture in the manifest. Closes the FRE 702 attack surface at the application layer (separate from the principles layer, which is covered by DAUBERT.md + VERIFY_RELEASE.md). Steps: 1. Intake source artifact 2. Preserve + SHA-256 hash 3. Confirm data date 4. Confirm schedule mode (retained vs override) 5. Confirm calendars 6. Run forensic strict validation 7. Review alerts 8. P6 comparison for opinion-controlling activities 9. Select AACE method 10. Record excluded activities 11. Record overrides 12. Generate deliverable via downstream skill 13. QA against manifest 14. Analyst signoff Includes 14-item checklist for case-folder cover sheet — supports the "did you follow your own SOP?" cross-exam question. Engine math unchanged. computeCPM byte-identical to v2.9.27 through v2.9.31. No version bump (engine stays at v2.9.31; these new files DESCRIBE v2.9.31 rather than modify it). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
danafitkowski
added a commit
that referenced
this pull request
May 24, 2026
Third adversarial-audit pass on v2.9.31 surfaced 35 findings. Closes the 21 genuine bugs/drift/overclaim-language findings; the remaining 12-14 honest-disclosure findings get canned cross-exam responses in docs/cross-exam-prep.md. Added — version-drift regression gate (closes #1, #2, #3, #5, #6, #7, #18, #30) - tests/no-stale-version-refs.test.js: scans 13 doc surfaces for v2.9.X references; distinguishes current-state from historic narration via whitelist patterns; fails build if any current-state reference is not equal to ENGINE_VERSION. - Wired into npm run test:all and npm run test:version-refs. - The recurring drift class of bug (4 releases in a row) cannot recur in this form on v2.9.32+ without the build failing. Fixed — version-drift sweep - DAUBERT.md header v2.9.29 -> v2.9.32 - DAUBERT.md Layer 2 sigstore example: tag-agnostic v<TAG>/... - VERIFY_RELEASE.md full sweep (header, manifest, checkout, expected output, citation block, doc-version footer) - FORENSIC_USE_SOP.md, docs/jurisdictions.md, docs/api.md, P6 framework READMEs, XER corpus README: all current-state refs bumped to v2.9.32 - Coverage baseline regenerated: 93.33% stmts / 82.39% branches / 93.75% funcs / 93.33% lines (up from v2.9.31 due to 8 new tests). Fixed — overclaim language pass (closes #4, #19, #20, #26, #27, #28, #29) - DAUBERT §4 + §5: 'is satisfied by' -> 'is addressed by ... determination for the trier of fact' - DAUBERT §3.1: 'challenger can no longer claim untestability' -> 'substantially weakens an untestability objection' - FORENSIC_USE_SOP: 'The engine is reliable' -> 'The engine has a documented validation record' - package.json description: 'Forensically-defensible' -> 'Open-source' - P6 README: dropped 'roughly one work session' time estimate; replaced 'Layer-5-equivalent' coinage Fixed — API doc bug (closes #17) - docs/jurisdictions.md: getHolidays() documented as returning an array of ISO-8601 date strings (which is what it actually returns), not objects with {date, name, jurisdiction}. Added getJurisdictionCalendar() example showing the typed shape used by computeCPM's cal_map. Engine code — Section Q strict-mode hardening (closes #21, #22, #31) - computeCPMSalvaging now refuses forensic_strict at function entry, throwing StrictForensicViolation with context 'salvage-mode-not-forensic'. Mirrors runCPM's refusal. Categorically closes the route-around audit flagged. - FATAL_STRICT_CONTEXTS gains 'salvage-mode-not-forensic'. - SECTION R-v2.9.32 added to cpm-engine.test.js: 8 new tests including a dead-context regression — every entry in FATAL_STRICT_CONTEXTS must appear at least twice in cpm-engine.js source (set member + emission/throw). Closes false-coverage risk. Added — docs/cross-exam-prep.md (internal analyst resource) 17 pre-drafted defensive responses to predictable cross-examination questions arising from the engine's published disclosures. Explicitly marked NOT for court citation; analyst-prep only. Tests - 1,112 / 1,112 unit tests (was 1,104) - 747 / 747 crossval across 43 fixtures - Citation + truncation + version-drift regression PASS - npm run verify PASS Engine math byte-identical to v2.9.27 - v2.9.31 on non-strict path. Strict mode additively hardened. Sigstore witness regenerated. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/setup-node from 4.4.0 to 6.4.0.
Release notes
Sourced from actions/setup-node's releases.
... (truncated)
Commits
48b55a0Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)ab72c7eUpgrade@actionsdependencies (#1525)53b8394Bump minimatch from 3.1.2 to 3.1.5 (#1498)54045abScope test lockfiles by package manager and update cache tests (#1495)c882bffReplace uuid with crypto.randomUUID() (#1378)774c1d6feat(node-version-file): support parsingdevEnginesfield (#1283)efcb663fix: remove hardcoded bearer (#1467)d02c89dFix npm audit issues (#1491)6044e13Docs: bump actions/checkout from v5 to v6 (#1468)8e49463Fix README typo (#1226)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)