build(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /packages/fathom-ts#60
Open
dependabot[bot] wants to merge 2 commits into
Open
Conversation
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
* ci: add TypeScript CI lane for fathom-ts (#49) Co-authored-by: Sean Mauk <seanmauk@krakennetworks.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs: refresh planned-integrations against HEAD (Go CI now exists) (#50) * docs: refresh planned-integrations against HEAD The Go suite is now wired into CI (.github/workflows/go-ci.yml: go vet, go build, go test ./..., plus a -tags integration lane on every PR), so both "No CI for the Go suite" claims were stale. Fix those and re-verify the remaining "What is missing" bullets against HEAD: - Go go.mod version: go 1.21 -> go 1.25.0 - Go "No released module": reference tracking issue #41 - TS vitest count: 19 -> 34 (15 client + 19 errors) - TS "No published npm release" / "No CI": reference #40 / #39 - Editor deps: React ^19.1.0->^19.2.7, Vite ^7.1.0->^8.0.16, TypeScript ^5.9.0->^6.0.3; reference #43 for the build-out - Known blockers: Go CI now exists; TS (#39) and editor (#43) remain; Python suite count 1361 -> 1551 Regenerate docs/llms-full.txt to clear the docs drift gate. Fixes #48 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs: bump last_verified to 2026-06-06 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Sean Mauk <seanmauk@krakennetworks.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(rest,grpc): admin token + body cap for ruleset reload (#52) * feat(rest,grpc): admin token + body cap for ruleset reload Harden the ruleset-reload admin surface (issue #45): - Body size cap on POST /v1/rules/reload: reject bodies over FATHOM_MAX_RELOAD_BYTES (default 5 MB) with 413 payload_too_large, enforced on actual streamed bytes (not the Content-Length header), before any YAML parsing. - Scoped admin token: new optional FATHOM_ADMIN_TOKEN gates the REST reload endpoint and the gRPC Reload RPC. When set, the data-plane FATHOM_API_TOKEN no longer authorises reload; when unset, falls back to existing behaviour (backward compatible). Extends auth.py. - gRPC: set max_receive_message_length explicitly (4 MB, gRPC's own default) so the inbound bound is intentional and below the REST cap. - Docs: hot-reload how-to gains an admin-token / size-cap / host-level-rate-limiting section; openapi.json + postman regenerated. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs: re-verify rest.py-sourced pages, fix shifted fact endpoint citations Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Sean Mauk <seanmauk@krakennetworks.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(go-sdk): gRPC client wrapper with SubscribeChanges reload handling (#53) * feat(go-sdk): gRPC client wrapper with SubscribeChanges reload handling Idiomatic Go client over the generated stubs: NewGRPCClient with TLS-by-default transport (WithGRPCInsecure explicit opt-in, mirroring FATHOM_GRPC_ALLOW_INSECURE), bearer per-RPC credentials that refuse plaintext unless insecure was opted into, the five unary RPCs (Evaluate, AssertFact, Query, Retract, Reload), and a SubscribeChanges callback iterator that maps the ADR-0002 cancel-on-swap contract (ABORTED / "ruleset_reloaded") to an errors.Is-able ErrRulesetReloaded sentinel so callers re-subscribe and re-Query. Unit tests run against an in-process bufconn server with a mock FathomServiceServer (metadata attachment, unary happy/error paths, stream events then reload-abort, plain cancellation). Integration lane (-tags integration) extended to exercise the wrapper against the real Python gRPC server. Fixes #42 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs: regenerate Go SDK reference for gRPC client surface Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * docs: lychee-ignore gomarkdoc self-repo blob links blob/main targets for newly added Go files 404 until the PR merges. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Sean Mauk <seanmauk@krakennetworks.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(ssvc): supplier + deployer + CISA trees from pinned authoritative sources (#54) * feat(ssvc): supplier + deployer + CISA trees from pinned authoritative sources Replaces the 17-branch placeholder with all three published SSVC decision trees, one module per tree, fully enumerated from sha256-pinned sources: - ssvc_supplier: CERT/CC supplier patch-development priority table 1.0.0 (36 branches -> defer/scheduled/out-of-cycle/immediate) - ssvc_deployer: CERT/CC deployer patch-application priority table 1.0.0 (72 branches; same structure the old placeholder approximated) - ssvc_cisa: CISA SSVC v2.0.3 triage tree (36 branches -> Track/Track*/Attend/Act) Provenance (resolves the source gate that blocked this issue): - Enumeration source: CERT/CC SSVC repo decision-table CSVs, archived under references/csv/ and pinned in SHA256SUMS. - CISA tree page-cited against the genuine CISA SSVC Guide (archived via Internet Archive; canonical cisa.gov URL is bot-gated), Table 9 p.10 - matches the CSV on all 36 branches. - The old "cisa-ssvc-v2.0.3.pdf" placeholder was actually the CERT/CC deployer one-pager; renamed to certcc-deployer-tree-2023.pdf and kept as the deployer cross-check (same 72-leaf tree as the CSV). - CERT/CC SSVC v2.0 paper archived as the methodology reference; its tree figures are v2.0-era and noted as non-authoritative. branches-*.yaml and rules/*.yaml are generated by the new scripts/generate_ssvc_rules.py. Tests pin every reference file, assert the load-bearing branch counts (36/72/36), verify the committed branch lists equal the pinned CSVs row for row, and evaluate all 144 published branches end to end. Breaking: the placeholder mission_impact template and its 17 mixed-label deployer rules are gone; deployer decisions now use human_impact (low/medium/high/very_high) with CERT/CC labels, and the CISA labels moved to the dedicated ssvc_cisa tree. Fixes #46 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(tests): posix-normalize reference paths for Windows Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(tests): mark SSVC references -text so Windows checkout keeps pinned bytes Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Sean Mauk <seanmauk@krakennetworks.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * build(deps): bump googleapis/release-please-action from 4 to 5 (#57) Bumps [googleapis/release-please-action](https://github.com/googleapis/release-please-action) from 4 to 5. - [Release notes](https://github.com/googleapis/release-please-action/releases) - [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md) - [Commits](googleapis/release-please-action@v4...v5) --- updated-dependencies: - dependency-name: googleapis/release-please-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(studio): scaffold studio app with panels, seeds, and guardrails (#62) * feat(studio): scaffold app mounting integrations.rest Fathom Policy Studio FastAPI+HTMX app. Mounts the production REST app (fathom.integrations.rest) same-process under /api so the in-memory SessionStore is shared. Adds GET /health, a fathom_sid session cookie middleware (uuid4 per browser) + get_sid helper, and an argparse --port (default 8020) uvicorn entrypoint. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(studio): 7 panel routes Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(studio): seed loaders for examples 01-05 One-click scenario seeds: each examples/0N dir loads its rules+templates+facts into a fresh session via in-process REST /v1/evaluate and returns a real decision. /eval lists all 5; /blp seeds example 03 (BLP dominates()); /temporal seeds example 04. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * feat(studio): scripted + live guardrail (ChatOpenAI) + audit Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(studio): break panels⇄app cycle under python -m Running `python -m fathom.studio.app` loaded the module twice (as __main__ and as fathom.studio.app); panels' module-level `from fathom.studio.app import get_sid` re-entered the half-initialized panels module → ImportError on `router`. Move the import into eval_run (its only caller) to break the cycle. `-m` now boots; 8 panels 200. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * refactor(studio): typing + session cleanup Extract the Studio session contract into a new sessions.py module (SESSION_COOKIE, get_sid, SessionCookieMiddleware) plus a single in-process post_evaluate helper and shared error_detail extractor. - app.py no longer defines session helpers; panels.py imports get_sid from sessions at module scope, eliminating the lazy 'from fathom.studio.app import get_sid' workaround and the panels<->app import cycle at its root (panels no longer imports app). - panels._evaluate and scenarios.seed now share post_evaluate, which forwards the session both ways (X-Session-Id header + body session_id) per the design Session-handling contract; the two copy-pasted ASGI POST blocks and two _error_detail copies are consolidated. No behavior change. ruff + mypy clean on src/fathom/studio (5 files). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * test(studio): panels + scenario seed Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * Format fix --------- Co-authored-by: Sean Mauk <seanmauk@krakennetworks.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * Verified docs * chore(main): release 0.7.0 (#61) * chore(main): release 0.7.0 * chore(release): regenerate docs artifacts for version bump Bypass due to weird doc verification bug that isn't catching latest verification for some reason. --------- Co-authored-by: release-bot <release-bot@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Sean Mauk <seanmauk@krakennetworks.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: release-bot <release-bot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps typescript from 5.9.3 to 6.0.3.
Release notes
Sourced from typescript's releases.
Commits
050880cBump version to 6.0.3 and LKGeeae9dd🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...ad1c695🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)0725fb4🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...607a22aBump version to 6.0.2 and LKG9e72ab7🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...35ff23d🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...e175b69Bump version to 6.0.1-rc and LKGaf4caacUpdate LKG8efd7e8Merge remote-tracking branch 'origin/main' into release-6.0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)