-
Notifications
You must be signed in to change notification settings - Fork 0
build(deps): bump devalue from 5.6.3 to 5.6.4 in /site#12
Open
dependabot[bot] wants to merge 85 commits into
Open
build(deps): bump devalue from 5.6.3 to 5.6.4 in /site #12dependabot[bot] wants to merge 85 commits into
dependabot[bot] wants to merge 85 commits into
Conversation
...edia Commons - Replace DiceBear persona avatars with actual photos of each actress - Download 26 CC-licensed images (Wikimedia Commons) for all 5 companions jenna_* (6), karen_* (5), catherine_* (5), billie_* (5), alex_* (5) - Default selections: Gallifrey One 2025 (Jenna/Catherine), LACC 2025 (Billie), GalaxyCon (Karen), 2012 portrait (Alex) - Remove companion bios — cards now show epithet, name, actor, role only - All remaining images available in public/images/companions/ for selection Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Martha Jones (mint), Bill Potts (pink), Yasmin Khan (blue), Romana (sage), Ace (terracotta) — with CC-licensed photos and distinct accent colours per card. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace actress photos with in-character images from Wikimedia Commons (Doctor Who Experience displays, production stills, CC BY-SA licensed) - Yasmin Khan keeps actress photo (no character image on Commons) - Cards now show only character name + role — no actor, epithet, or series - Fix avatar stretching: object-fit: cover + object-position: center top - Remove unused CSS: .companion-series, .companion-epithet, .companion-actor Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Restore user-selected actress shots for Clara/Amy/Donna/Rose/River - Martha: Freema Agyeman 2019 face crop (CC BY-SA 2.0, no mic) - Bill: Pearl Mackie by Gage Skidmore (CC BY-SA 3.0) - Yasmin: Mandip Gill Hollyoaks event (CC BY 2.0, no mic) - Romana: Lalla Ward portrait (CC BY 2.0) - Remove Ace → clean 3x3 grid of 9 companions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
...out/people/ - New /about/ page: project overview — methodology, what we do, research, provenance from Greenpeace adversarial thinking, why it's public - Move profile + companion grid to /about/people/ with updated breadcrumbs - Yasmin: swap to higher-quality Mandip Gill convention portrait - Romana: swap to 2014 Geek Fest photo Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add web_*.jpg versions of all Nano Banana portraits (45-75KB each) - Crop bottom 20% from each (removes watermark zone), resize to 600px - Wire up: Clara, Amy, Donna, Rose, River, Yasmin — still need Martha, Bill, Romana - Adrian profile photo updated to web_adrian.jpg Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Re-adds Martha Jones (Policy & Standards Lead), Bill Potts (Data Curation Lead), and Romana (Statistical Validation Lead) with placeholder actress photos pending AI portrait generation. All companions now carry functional titles mapped to actual framework agent roles. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All 9 companions now have AI-generated portraits (Nano Banana Pro). Replaces placeholder actress photos for the final three team members. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds /research/field-context/ — a "why now" page grounding the Failure-First research program in the actual state of the AI field. Covers inference-time compute, documented deceptive alignment findings (o1, Claude 4), embodied AI deployment at scale, agentic long-horizon execution risks, and governance lag. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
... page Previous commit deleted docs/ static assets (index.html, CNAME, .nojekyll, images, assets) because Astro's clean build cycle removed manually-maintained files that git tracked. Restored from e41a586 and added only the new research/field-context/ page. Also fixed ResearchLayout status prop ('current' → 'active'). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
...nsfer, deceptive alignment, long-horizon subversion - Report 42: Cross-Embodiment Adversarial Transfer in VLA Models (SAFETY-CRITICAL) Dual-layer vulnerability mechanism, BadVLA near-100% ASR, π0/Gemini Robotics attack surface, shared backbone systemic risk inventory - Report 43: Deceptive Alignment Detection Under Evaluation-Aware Conditions (SAFETY-CRITICAL) Alignment faking empirical documentation, blackmail rates 96%/96%/80% across frontier models, evaluation awareness power-law scaling (arXiv:2509.13333), linear probe detection at 90% accuracy (arXiv:2508.19505) - Report 44: Instruction-Hierarchy Subversion in Long-Horizon Agentic Execution (HIGH) Vanishing textual gradient mechanism, Deep-Cover Agents 50+ turn dormancy, AgentLAB ASR 62.5%→79.9%, optimal injection depth ~86%, evaluation framework design recommendations - Blog: "When the Robot Body Changes but the Exploit Doesn't" - Blog: "Can You Catch an AI That Knows It's Being Watched?" - Blog: "The 50-Turn Sleeper: How Agents Hide Instructions in Plain Sight" Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
...og post hero images; rebuild
...ipulation, governance lag
...ctive members
Creates /about/people/{slug}/ for each Doctor Who persona — Clara, Amy, Donna,
Rose, River, Yasmin, Martha, Bill, Romana. Each page has per-character colour
theming, photo, role badge, characteristic quote, and three TODO sections for
the agent to complete in their own session.
Companion grid on /about/people/ now links to each profile and displays first
names only.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fills in all three TODO sections: main persona body, Research Focus, and Current Priorities — drawing from the founding session corpus index, AGENT_STATE established findings, and sprint apr-1-14 issues (#183 corpus audit, #177 HITL replication, #178 GLI expansion). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
...campaign, current priorities Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
...dataset overview, sprint priorities Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
...ilosophy, priorities Fills all three TODO sections in the Amy Pond persona page: - Main body: evaluation philosophy, classifier discipline, anti-hype stance - Benchmark Coverage: 11 packs, ~9k traces, executable vs stub status, heuristic rule - Current Priorities: OpenVLA adapter (#182), inline LLM grading (#187), multi-turn batch 2 (#189) Build verified (npm run build passes). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
...at horizon Fills in all three TODO sections with substantive content: - Persona body: predictive risk approach, GLI rationale, physical stakes - GLI section: formula, v0.1 dataset findings (null GLI entries, inverted timelines, 3362-day lag) - Threat horizon: VLA backbone transferability, supply chain injection via MCP, alignment faking in production Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
...ce register status, sprint priorities Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
...pproach, stakeholder tiers, sprint priorities Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fill in three TODO sections on the Yasmin Khan about page: - Main persona body: infrastructure philosophy, "ship it properly" ethos - Infrastructure overview: CI/CD pipeline, database, tools/ scaffold, probing framework stubs (GPU-blocked, #191) - Current priorities: GLI schema fix (#192), tools/ audit, probing GPU path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
...and QA priorities Completes all three TODO sections: persona body (QA philosophy, integrity approach), Editorial Standards (4 blocking criteria, INTEGRITY_LOG purpose, #185 gate process), Current Priorities (B1 corrections, March 2026 brief queue, sprint scope). First-person voice, matches About page tone. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds profile page for Tegan Jovanka (Legal Research Analyst) covering: - AU/EU/international regulatory framework coverage with precise citations - WHS Act 2011 duty-of-care analysis, VAISS binding status, EU AI Act/PLD interlock - SA/ICT committee code verification issue (#11) flagged as open question - SWA brief legal review scope (#173) documented - Hard constraint: research analysis, not legal advice Build verified: 502 pages, 0 errors. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- tegan-jovanka.astro: updated Current Priorities with verified IT-043 designation (confirmed at standards.org.au, est. 2018); corrected SA/ICT-042/SA/ICT-043 references throughout - nyssa-of-traken.astro: new profile for AI Ethics & Policy Research Lead; covers Anthropic/US Gov relationship, OpenAI restructuring, AU AISI independence, embodied AI ethics (1,800+ autonomous haul trucks) - index.astro: added Nyssa of Traken to companions listing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
...blog posts (promptware kill chain, tool-chain dataset) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Policy Puppetry v0.2 (11 scenarios, cloud-native formats), VLA Deceptive Alignment v0.1 (8 scenarios, 4 subtypes), failure modes taxonomy 3->10, early deepseek-r1:1.5b Ansible compliance signal, GH #263. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
When AI safety judges disagree on which attacks work, aggregate metrics mask the problem. Based on Reports #62 and #65. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
...efined stats) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
River Song blog post (#300) documenting the qwen3:1.7b 15% accuracy discovery, corrected crescendo ASR (65% strict / 85% broad), and structural lessons for AI safety evaluation ecosystem. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Nav: group Blog + Daily Paper + What's New under "Content", merge Policy + Services into "Policy & Services", nest Manifesto + Glossary under "About". isActive now checks children for correct highlighting. Footer: add What's New, Daily Paper, Search, Framework, Policy, Services links. Rename columns to match nav grouping. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
...CU-QA, Jailbreak in Pieces) 4 new daily paper reviews via NLM pipeline: - 2312.02119: Tree of Attacks — automated jailbreak generation - 2306.13213: Safety in Numbers — multi-agent safety properties - 2311.03191: EICU-QA — clinical AI question answering - 2307.14539: Jailbreak in Pieces — compositional multimodal attacks Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
...y gap analysis Pattern-level findings on why text-based AI safety fails for robots: - Blindfold framework (ACM SenSys 2026) 85%+ ASR with benign-text attacks - Failure-First VLA data: 0% refusal rate across 58 FLIP-graded traces - Triple failure: filters, training, and evaluators all operate at wrong layer - No governance framework distinguishes text-layer from action-layer safety Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
...nforcement Data-driven blog post analysing the Governance Lag Index dataset (90 events). Key findings: median GLI 2,032 days, embodied AI median 2,124 days, 90% of events have no enforcement timeline. Historical comparison with aviation, nuclear, pharma sectors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
... embodied AI safety Post #58: Pattern-level analysis of how text-level safety evaluators miss contextually dangerous instructions. 45% BENIGN_QUERY finding, defense impossibility triangle, Blindfold validation. No operational content. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bumps [devalue](https://github.com/sveltejs/devalue) from 5.6.3 to 5.6.4. - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.6.3...v5.6.4) --- updated-dependencies: - dependency-name: devalue dependency-version: 5.6.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot
Bot
added
dependencies
Pull requests that update a dependency file
javascript
Pull requests that update javascript code
labels
Mar 12, 2026
@github-actions
github-actions
Bot
force-pushed
the
dependabot/npm_and_yarn/site/devalue-5.6.4
branch
from
May 7, 2026 17:38
cdf026b to
34ae48c
Compare
@github-actions
github-actions
Bot
force-pushed
the
main
branch
from
May 7, 2026 17:47
54d5f57 to
ba6a7a1
Compare
@adrianwedd
adrianwedd
force-pushed
the
main
branch
from
May 9, 2026 03:18
c53f948 to
de37451
Compare
adrianwedd
added a commit
that referenced
this pull request
May 10, 2026
Adds an `overrides` block to site/package.json to pull build-time transitive dependencies forward to patched versions. All packages here are build-toolchain only — none ship to the browser from a static Astro site, so dependabot's `scope:runtime` flag (just "in dependencies, not devDependencies") is misleading for our build. Per the 2026年05月11日 dependabot triage (research/intelligence/dependabot_failurefirst_triage_2026年05月11日.md in the private repo), this is the IGNORE-DEVDEP / IGNORE-NO-CONTEXT hygiene sweep. The bump is hygiene, not risk reduction — none of these attack vectors apply to a static-site `astro build` pipeline. Closed alerts (GHSA → resolved version): - #10 rollup GHSA-mw96-cpmx-2vgc → 4.60.3 (^4.59.0) - #11 fast-xml-parser GHSA-fj3w-jwp8-x2g3 → 5.7.3 (^5.7.0) - #12 svgo GHSA-xpqw-6gx7-v673 → 4.0.1 (^4.0.1) - #13 devalue GHSA-cfw5-2vxh-hr84 → 5.8.0 (^5.6.4) - #14 devalue GHSA-mwv9-gp5h-frr4 → 5.8.0 (^5.6.4) - #16 h3 GHSA-wr4h-v87w-p3r7 → 1.15.11 (^1.15.9, 1.x backport) - #17 h3 GHSA-22cc-p3c6-wpvm → 1.15.11 (^1.15.9, 1.x backport) - #19 h3 GHSA-72gr-qfp7-vwhw → 1.15.11 (^1.15.9) - #20 h3 GHSA-4hxc-9384-m385 → 1.15.11 (^1.15.9, 1.x backport) - #21 fast-xml-parser GHSA-8gc5-j5rx-235r → 5.7.3 (^5.7.0) - #23 picomatch GHSA-c2c7-rcm5-vvqj → 4.0.4 (^4.0.4) - #24 picomatch GHSA-3v7f-55p6-f55p → 4.0.4 (^4.0.4) - #26 picomatch GHSA-c2c7-rcm5-vvqj → 2.3.2 (^2.3.2, 2.x line) - #27 picomatch GHSA-3v7f-55p6-f55p → 2.3.2 (^2.3.2, 2.x line) - #28 defu GHSA-737v-mqg7-c878 → 6.1.7 (^6.1.5) - #29 vite GHSA-p9ff-h696-f583 → 6.4.2 (^6.4.2, 6.x backport) - #30 fast-xml-parser GHSA-jp2q-39xq-3w4g → 5.7.3 (^5.7.0) - #31 vite GHSA-4w7w-66w2-5vf9 → 6.4.2 (^6.4.2, 6.x backport) - #34 fast-xml-parser GHSA-gh4j-gqv2-49f6 → 5.7.3 (^5.7.0) - #35 postcss GHSA-qx2v-qp2m-jg93 → 8.5.14 (^8.5.10) Notes on dependabot fix-version vs override-target divergence: - vite: dependabot lists fix=8.0.5 (the latest line); 6.4.2 is the in-line backport per the GHSA advisory (`>= 6.4.2` patches the 6.x line). We stay on vite 6 because Astro 5 pulls vite 6. - h3: dependabot lists 2.0.1-rc.15; we use 1.15.9 per the GHSA advisory (`>= 1.15.6` and `>= 1.15.9` are the documented 1.x backports). h3 2.x is still rc. - picomatch: split override (^2 and ^4) because both major lines are pulled in transitively by separate consumers; both have CVEs. Deferred (NEEDS-REVIEW, separate PR): - #33 astro define:vars XSS — requires Astro 6 major bump, deferred pending define:vars usage audit. Verification: - npm install — clean - npm run build — 1137 pages, build complete, no errors - npm audit — 1 moderate (the deferred Astro 6 alert) remaining
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps devalue from 5.6.3 to 5.6.4.
Release notes
Sourced from devalue's releases.
Changelog
Sourced from devalue's changelog.
Commits
6cbb3f5Version Packages (#133)40f1db1Merge commit from fork87c1f3cMerge commit from forkDependabot compatibility score
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.