deps(deps): bump helmet from 8.1.0 to 8.2.0#11
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
sneaky-hippo
added a commit
that referenced
this pull request
May 24, 2026
…arning (sw.js v58, 57 new tests) Three T1 waves that complete the W775 (THE KILLER FEATURE: Continuous Background Distill) dependency chain. After this commit, W775 unblocks: W720 self-improvement loop (shipped 6872812) + W807 confidence routing (shipped 2c6346a) + W813 drift detection (shipped deb83fb) + W815 active learning (this commit) all green. Source files were authored in-tree (3 modules + 3 test files + 1 new page + 1 modified page) - router/CLI integration was already wired in earlier commits. This batch closes the loop by shipping the imported sources. W811 - Capture Analytics Dashboard src/capture-analytics.js (CAPTURE_ANALYTICS_VERSION='w811-v1') exports analyzeNamespace() with per-cluster K-Score breakdown, IDR (Important- Distinct-Recent) staleness gauge in [0,1], CSV export, per-cluster gap signal emit to event-store so W815 picks it up. Bag-of-bigrams + greedy nearest-cluster algorithm (stdlib only, no deps). MAX_CLUSTERS cap, overflow bucket '__overflow__' with status:'overflow'. Tenant-fenced via findByTenant('observations', tenant) + row-level defense-in-depth re-check. Honest envelope on empty namespace: {ok:false, error:'no_captures', hint, version}. K-Score breakdown returns {kscore:null, n_samples:0, status:'no_samples'} when cluster has zero scoreable rows (never NaN, never 0 fabricated). Page: public/account/captures/analytics.html (new, 330 lines). 18/18 tests green. W812 - Failure-Mode Visualization src/failure-modes.js (FAILURE_MODES_VERSION='w812-v1') exports clusterCaptures() / topRegressions() / clusterSamples() / emitClusterFailureSignals(). Three-axis clustering: char-3-gram Jaccard + length bucket (short<128 / medium<512 / long>=512) + first content word. kscore_delta = teacher_mean - student_mean (positive = student regressing). emitClusterFailureSignals writes capture_candidate:true weakness_signal:true events for W720 detectUnderperformingCaptures to pick up - W812-4 glue to W816 -> W720. CLI: kolm failure-modes [--namespace ns --window-days N --top K --json] Route: POST/GET /v1/failure-modes (already wired src/router.js:5943). 17/17 tests green. W815 - Active Learning Loop (W775 unblock contract) src/active-learning.js (ACTIVE_LEARNING_VERSION='w815-v1') exports scoreCaptureRichness() / detectCoverageGaps() / recommendNextCaptures() / feedToSelfImprovement() / getCoverageGapsForNamespace(). The last is LOAD-BEARING: W775 daemon polls it every minute to decide when to surface a re-distill prompt. Compares W811 capture-cluster histogram vs W813 production live histogram; ranks gaps by gap_score = (median - count) / median * demand_proxy where demand_proxy = bucket_volume / total_routing_volume. 4-signal richness scorer: W711 capture-importance (0.35) + W807 weakness_signal (0.20) + cluster novelty TF-IDF (0.30) + 7-day half-life recency (0.15). Honest envelope on insufficient_captures_for_coverage when n < MIN_CAPTURES_FOR_GAPS (30). NEVER returns fabricated gaps from under- sampled data (daemon would re-trigger forever). CLI: kolm active-learn [--namespace ns --top N --min-captures M --json] Route: GET /v1/active-learning/summary (already wired src/router.js:15646). Page: public/account/active-learning.html (W710 queue + W815 coverage-gap heatmap section added). 22/22 tests green. W411 defense-in-depth All three modules are pure I/O (no tenant-keyed state). Tenant fence is the CALLER's job at the router layer (req.tenant_record gate on every /v1/{failure-modes,active-learning/summary,captures/analytics}). W812 #11, W815 #21 lock-in the tenant-isolation contract. W604 anti-brittleness sw.js cache slug uses 'wave' prefix form so W813 #30 regex test (/wave?(\d{3,4})/ OR /-w(\d{3,4})-/ with threshold >= 761) keeps passing. Slug: kolm-v58-2026-05-24-wave811-wave812-wave815-capture- analytics-failure-modes-active-learning. max wave token = 815 >= 761. W811 CAPTURE_ANALYTICS_VERSION consumers MUST match via /^w811-/ regex NOT literal equality (header documents this contract). W775 unblock chain (now complete): W720 OK (6872812) + W807 OK (2c6346a) + W813 OK (deb83fb) + W815 OK (this commit). W775 dispatch unblocked - next batch slot. Test sweep: 57/57 green (W811 18 + W812 17 + W815 22) + 115/115 green in cumulative W720+W807+W811+W812+W813+W815 sibling sweep. Brand lock preserved Eyebrow "Open-source AI workbench" + H1 "Frontier AI on your own infrastructure." in frontend-version.json hero_h1/hero_eyebrow untouched. Only version + source_commit_at_edit_time bumped.
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/helmet-8.2.0
branch
from
1cc9642 to
86b82ec
Compare
sneaky-hippo
added a commit
that referenced
this pull request
May 24, 2026
Replaces the W836 burnt-sienna Warm Paper aesthetic (user: "orange is HIDEOUS") with a navy/linen editorial palette: deep midnight navy #1d2d44 accent on cool linen #f4f0e8 paper; warm-dark variants #0e1014 / #7d96c0. Substantial lift, not a recolor. Triangle (3-file palette pipeline): - public/design-tokens.css: --ks-accent + --ks-bg-* retune - public/ks.css: :root + [data-theme=dark] palette swap - public/warm-paper.css: Ink & Linen v2 overlay - Source Serif Pro H1/H2, engraved section rules (border + inset highlight), SVG fractal noise paper grain (multiply light / overlay dark), refined card geometry with hover translateY(-1px) + earned shadow lift, primary-button navy shadow, syntax-token recolor (#7d96c0 keyword, #b8c8a8 string, #d4c89e number, #c4a988 fn) Legacy mint scrub: - public/frontier.css: all rgba(126,240,210,X) -> rgba(29,45,68,X); --fr-amber/--fr-violet swapped; Enterprise tier column removed (.fr-tier-row -> repeat(3)) - public/w706.css: same mint->navy + amber->sage + violet->sand Homepage structural redesign (public/index.html): - .kolm anatomy: ASCII tree (user: "this is an eye soar") replaced with W837 specimen sheet, a typeset 7-row dl list (spec.toml, weights/, eval.frozen.jsonl, bakeoff/, receipts/, manifest.json, sidecar.ed25519) reading like a publication describing a part - Sample artifacts: table-as-hero (user: "should be way more about product rather than random shit we built") reframed as the Capture -> Distill -> Quantize -> Seal compiler narrative; original 4-row table tucked into a <details> fold labelled "smoke test, not a brag" - Enterprise pricing tier removed (user: "remove custom tier for now"); footer prose simplified; ROI calc select trimmed - Why-grid: 4-cell "why kolm" (user: "not so important keep it as smaller text at the end not so big") demoted to small editorial footnote (#why-footnote, 13.5px, 2-col compact paragraphs) after the finale CTA Site-wide cascade: - scripts/warm-paper-injection.cjs: theme-color hex defaults updated (light #f4f0e8, dark #0e1014) - 632 public/**/*.html: <meta name="theme-color"> normalized to Ink & Linen pair Cache: - public/sw.js: v73 -> v74; appended wave837-ink-linen-palette slug Audits clean: 0 missing static refs, 28,863 hrefs ok. WF01 18/18 green. Em-dash budget restored to 0 in index.html (W220 #6 + W271 #22 lock-ins green). Pre-existing wave-floor sw.js regex failures (W220 #11, W271 #25) and W271 #27 v0.2 anchor predate W837 per W836 memory. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/helmet-8.2.0
branch
from
86b82ec to
f897240
Compare
Bumps [helmet](https://github.com/helmetjs/helmet) from 8.1.0 to 8.2.0. - [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md) - [Commits](helmetjs/helmet@v8.1.0...v8.2.0) --- updated-dependencies: - dependency-name: helmet dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/helmet-8.2.0
branch
from
f897240 to
966b6fa
Compare
sneaky-hippo
added a commit
that referenced
this pull request
May 28, 2026
… footer migrated ks-footer->ks-foot); full suite now 0 fail Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps helmet from 8.1.0 to 8.2.0.
Changelog
Sourced from helmet's changelog.
Commits
638e43b8.2.0fdf25a8Update changelog for 8.2.0 releasebd293b7Update devDependencies to latest versions81ce5ccTest supported Node versions on CI807a888Update to new URLd4e0128Add direct link to FAQ437d2ebBump actions/setup-node from 6.3.0 to 6.4.0 (#537)a6bd779Upgrade actions/setup-node to 6.3.01e09f5fFix changelog typod526f5cBump Picomatch dev sub-dependency