chore(deps): bump actions/upload-artifact from 4.6.2 to 7.0.1#5
Open
dependabot[bot] wants to merge 1 commit into
Open
chore(deps): bump actions/upload-artifact from 4.6.2 to 7.0.1#5dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 7.0.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...043fb46) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
danafitkowski
added a commit
that referenced
this pull request
May 24, 2026
Third adversarial-audit pass on v2.9.31 surfaced 35 findings. Closes the 21 genuine bugs/drift/overclaim-language findings; the remaining 12-14 honest-disclosure findings get canned cross-exam responses in docs/cross-exam-prep.md. Added — version-drift regression gate (closes #1, #2, #3, #5, #6, #7, #18, #30) - tests/no-stale-version-refs.test.js: scans 13 doc surfaces for v2.9.X references; distinguishes current-state from historic narration via whitelist patterns; fails build if any current-state reference is not equal to ENGINE_VERSION. - Wired into npm run test:all and npm run test:version-refs. - The recurring drift class of bug (4 releases in a row) cannot recur in this form on v2.9.32+ without the build failing. Fixed — version-drift sweep - DAUBERT.md header v2.9.29 -> v2.9.32 - DAUBERT.md Layer 2 sigstore example: tag-agnostic v<TAG>/... - VERIFY_RELEASE.md full sweep (header, manifest, checkout, expected output, citation block, doc-version footer) - FORENSIC_USE_SOP.md, docs/jurisdictions.md, docs/api.md, P6 framework READMEs, XER corpus README: all current-state refs bumped to v2.9.32 - Coverage baseline regenerated: 93.33% stmts / 82.39% branches / 93.75% funcs / 93.33% lines (up from v2.9.31 due to 8 new tests). Fixed — overclaim language pass (closes #4, #19, #20, #26, #27, #28, #29) - DAUBERT §4 + §5: 'is satisfied by' -> 'is addressed by ... determination for the trier of fact' - DAUBERT §3.1: 'challenger can no longer claim untestability' -> 'substantially weakens an untestability objection' - FORENSIC_USE_SOP: 'The engine is reliable' -> 'The engine has a documented validation record' - package.json description: 'Forensically-defensible' -> 'Open-source' - P6 README: dropped 'roughly one work session' time estimate; replaced 'Layer-5-equivalent' coinage Fixed — API doc bug (closes #17) - docs/jurisdictions.md: getHolidays() documented as returning an array of ISO-8601 date strings (which is what it actually returns), not objects with {date, name, jurisdiction}. Added getJurisdictionCalendar() example showing the typed shape used by computeCPM's cal_map. Engine code — Section Q strict-mode hardening (closes #21, #22, #31) - computeCPMSalvaging now refuses forensic_strict at function entry, throwing StrictForensicViolation with context 'salvage-mode-not-forensic'. Mirrors runCPM's refusal. Categorically closes the route-around audit flagged. - FATAL_STRICT_CONTEXTS gains 'salvage-mode-not-forensic'. - SECTION R-v2.9.32 added to cpm-engine.test.js: 8 new tests including a dead-context regression — every entry in FATAL_STRICT_CONTEXTS must appear at least twice in cpm-engine.js source (set member + emission/throw). Closes false-coverage risk. Added — docs/cross-exam-prep.md (internal analyst resource) 17 pre-drafted defensive responses to predictable cross-examination questions arising from the engine's published disclosures. Explicitly marked NOT for court citation; analyst-prep only. Tests - 1,112 / 1,112 unit tests (was 1,104) - 747 / 747 crossval across 43 fixtures - Citation + truncation + version-drift regression PASS - npm run verify PASS Engine math byte-identical to v2.9.27 - v2.9.31 on non-strict path. Strict mode additively hardened. Sigstore witness regenerated. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
danafitkowski
added a commit
that referenced
this pull request
May 24, 2026
Fourth-pass ChatGPT audit on v2.9.32 surfaced 19 items. v2.9.33 closes 14 genuinely-shippable items (8 fatal/high audit findings + 6 medium). The remaining 5 are tracked in the new ROADMAP_OPEN.md as either ACCEPTED-LIMITATION (with canned cross-exam responses) or OPEN (roadmap / Dana's action). No more silent open items. FATAL closes - F1 VERIFY_RELEASE.md test-count contradictions (1,071/1,104/1,112) swept to 1,128 across entire file. - F2 release-evidence/v2.9.32/ packet missing — backfilled retroactively from v2.9.32 CI canonical witness; release-evidence/v2.9.33/ will be built as a phase-2 follow-up after CI runs. HIGH closes - #3 SHA sidecar wording reframed as 'gitignored generated artifact' - #4 npm run verify now invokes truncation + version-drift gates; witness JSON records all five gate results - #5 version-refs gate now WARN-by-default, FATAL under CHECK_RELEASE_EVIDENCE=1 (CI / pre-tag hook) - #7 Cases 14/15 moved from validation/p6-comparison/cases/ to validation/engine-limitations/cases/; P6 matrix is now 13 cases - #8 validation/real-xer-corpus/ placeholder folder with full sanitization-checklist documentation MEDIUM closes - #11 docs/jurisdictions.md bottom guarantee section fixed - #12 'No silent wrong-answer paths exist' softened to 'No known silent wrong-answer paths remain on the disclosed validation surface' - #13 DAUBERT disclosure-format paragraph refreshed - #14 Dead-context test replaced with table-driven test that documents emission-path intent for every fatal context + verifies source presence + checks set/docs symmetry - #15 Structured override schema: {rationale, authority_source, analyst, date, exhibit_reference}; legacy string form still accepted with legacy_string_form: true audit flag - #18 README competitor table removed; single-column capability list retained - #19 ROADMAP_OPEN.md added at repo root — machine-readable CLOSED / ACCEPTED-LIMITATION / OPEN categorization for every audit-flagged item OPEN (tracked in ROADMAP_OPEN.md) - #6 P6 column capture (Dana's action) - #8 Real-XER corpus sourcing (Dana's action) - #9 Clean baseline 23 alerts (accepted limitation, Q6 in cross-exam-prep) - #10 1k-10k DAG fixtures (engineering roadmap) - #16 Cryptographic analyst signoff (schema-v2 roadmap) - #17 Machine-readable SOP checklist (schema-v2 roadmap) Engine code - _normalizeForensicStrictOverride() helper added to SECTION Q with backward-compat for string form - _applyForensicStrictValidation() refactored to use normalizer; audit-trail entries carry structured fields + legacy_string_form flag Tests - 1,128 / 1,128 unit tests (+16 from v2.9.32) - 747 / 747 crossval, citation, truncation, version-drift all PASS - npm run verify PASS — witness JSON includes all five gates Engine math byte-identical to v2.9.27-v2.9.32 on non-strict path. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/upload-artifact from 4.6.2 to 7.0.1.
Release notes
Sourced from actions/upload-artifact's releases.
... (truncated)
Commits
043fb46Merge pull request #797 from actions/yacaovsnc/update-dependency634250cInclude changes in typespec/ts-http-runtime 0.3.5e454baaReadme: bump all the example versions to v7 (#796)74fad66Update the readme with direct upload details (#795)bbbca2dSupport direct file uploads (#764)589182cUpgrade the module to ESM and bump dependencies (#762)47309c9Merge pull request #754 from actions/Link-/add-proxy-integration-tests02a8460Add proxy integration testb7c566aMerge pull request #745 from actions/upload-artifact-v6-releasee516bc8docs: correct description of Node.js 24 support in READMEDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)