chore(deps): bump actions/setup-node from 4 to 6#6
Open
dependabot[bot] wants to merge 295 commits intomainfrom
Open
chore(deps): bump actions/setup-node from 4 to 6#6dependabot[bot] wants to merge 295 commits intomainfrom
dependabot[bot] wants to merge 295 commits intomainfrom
Conversation
- Move _create_simple_fallback_response function after ChatResponse class definition - Fix NameError preventing server startup - CORS configuration with explicit localhost origins already applied - This fixes the login page CORS issue
- connect_timeout is not a valid PostgreSQL server setting - Move timeout to asyncpg.create_pool timeout parameter - Fixes database connection initialization errors
- Add detailed logging at each step of login process - Log initialization status, user lookup results, password verification - Add fallback initialization check in get_user_for_auth - Improve error messages for debugging authentication issues
- Add /auth/debug/user/{username} endpoint for testing user lookup
- Add comprehensive logging throughout auth flow
- Add connection pool validation in get_connection
- Add print statements for immediate visibility
- Strip username before lookup to handle any whitespace issues - Add detailed logging for username comparison
- Login endpoint successfully authenticates users
- Debug endpoint /auth/debug/user/{username} working
- Comprehensive logging throughout auth flow
- Database connection fixes applied
- All fixes verified and working
- Removed all emoji symbols (✅, ❌,⚠️ , 🔴, etc.) from 51 markdown files - Replaced emoji-based formatting with professional text equivalents - Cleaned up spacing and formatting inconsistencies - Maintained all technical content and structure - Files cleaned: README.md, CODE_QUALITY_REPORT.md, CHANGELOG.md, and all documentation files - Ready for public release with professional formatting
- Consolidate duplicate Quick Start sections into comprehensive 10-step guide - Add complete deployment instructions with prerequisites and troubleshooting - Update RUN_LOCAL.sh to support both .venv and env directories - Fix create_default_users.py password to match documentation (password123) - Remove emojis from all shell scripts for professional formatting - Add database migration steps with all required schema files - Include default user creation steps in deployment guide - Add Node.js version requirement (18+) - Improve environment variable documentation - Add verification steps and troubleshooting section
- Fixed proxy configuration to preserve /api prefix when forwarding requests - Added pathRewrite function in setupProxy.js to add /api back to paths - Removed proxy field from package.json to avoid conflicts with setupProxy.js - Added safety checks in api.ts to ensure baseURL is always relative - Added debug logging for API configuration in development mode - Fixed backend server hanging issues by properly restarting services - All API requests now correctly route through proxy to backend on port 8001 This resolves the 404 errors and CORS issues that were preventing the frontend from communicating with the backend API.
… main This merge includes: - Complete folder restructure aligned to NVIDIA AI Blueprints structure - Proxy/CORS fixes for frontend API requests - All recent improvements and bug fixes - 325 files changed with comprehensive restructuring
- Replace all hardcoded passwords with environment variables - Update docker-compose files to use env vars with defaults - Update Python scripts to read passwords from environment - Update documentation to use placeholders instead of actual passwords - Enhance .gitignore to exclude .env and .env.bak files - Update README and docs to reference environment variables - Fix log messages to use dynamic password values
- Add complete PRD covering product overview, goals, features, and requirements - Document target users, user stories, and success metrics - Include technical requirements, architecture, and dependencies - Define timeline, roadmap, risks, and mitigation strategies - Establish out-of-scope features and approval process
- Remove docker-compose.dev.yaml.bak backup file - Remove corrupted =3.8.0 file - Remove server_debug.log and react.log files - Clean up temporary and backup files
- Remove migration documentation (MIGRATION_SUMMARY, RESTRUCTURE_*) - Remove project completion reports (PHASE2, PHASE3, PHASE4) - Remove analysis and summary documents (DEPLOYMENT, DYNAMIC_DATA, etc.) - Remove completed migration script (migrate_structure.py) - These documents describe completed work and are no longer needed
- Remove ROLLBACK_PLAN.md with outdated commit references and import paths - Rollback functionality is covered by: - docs/architecture/mcp-rollback-strategy.md (comprehensive strategy) - src/api/services/mcp/rollback.py (code implementation) - Database migration rollback in migration router - Git history provides rollback capability for any commit
- Remove CHANGELOG.md file (redundant with GitHub releases) - Remove @semantic-release/changelog plugin from .releaserc.json - Remove changelog-related config from .releaserc.json - Update package.json scripts to remove CHANGELOG.md references - Release notes will be generated in GitHub releases instead
- Remove @semantic-release/changelog from plugins array - Remove changelogFile, changelogTitle, and changelogSections config - Release notes will be generated in GitHub releases only
- Add missing newlines before all headers - Fix list formatting (add spaces after dashes) - Improve section separations for better readability - Fix 20+ markdown syntax issues
- Add missing newlines before all headers - Fix list formatting (add spaces after dashes) - Improve section separations for better readability - Fix 30+ markdown syntax issues
- Move file from root to docs/forecasting/ directory - Better organization of forecasting-related documentation
- Update comment to accurately describe port behavior - Script uses PORT env var or defaults to 8002, doesn't auto-find free port
- Add document_statuses.json to .gitignore (runtime-generated file) - Remove from git tracking but keep local file - This file is generated at runtime by document processing pipeline
- Add runtime-generated file to .gitignore - Prevents committing document processing status files
- Add build-info.json to .gitignore (build artifact, should be generated) - Remove from git tracking but keep local file - This file is generated by scripts/tools/build-and-tag.sh during build process
… tracking - Add phase1_phase2_forecasts.json to .gitignore (runtime-generated forecast data) - Remove from git tracking but keep local file - This file is generated by phase1_phase2_forecasting_agent.py during execution - Sample version exists in data/sample/forecasts/ for reference
…acking - Add rapids_gpu_forecasts.json to .gitignore (runtime-generated forecast data) - Remove from git tracking but keep local file - This file is generated by rapids_gpu_forecasting.py during execution - Sample version exists in data/sample/forecasts/ for reference
- Rename to requirements.lock to indicate it's a frozen/pinned requirements file - Contains exact versions for reproducibility - requirements.txt remains the source of truth with >= constraints - requirements.lock provides exact versions for consistent installs
- Replace regex-based slash removal with string-based approach - Use simple while loops instead of regex to eliminate backtracking risk - Update control character regex to use Unicode escape sequences - Maintain O(n) complexity with no exponential behavior - Safe for any input length, consistent with api.ts fix
- Remove rapids_gpu_forecasts.json from git tracking - File is auto-generated by forecasting scripts and should not be version controlled - File remains locally and is properly ignored via .gitignore - Prevents uncommitted changes from appearing when forecasts are regenerated
- Replace regex-based control character detection with character code checking to avoid linting issues - Use charCodeAt() to check for control characters, DEL, extended control, newline, and carriage return - Maintains same security validation functionality - More efficient O(n) approach with no regex overhead - Consistent across api.ts and inventoryAPI.ts
- Add simple /health endpoint at root level (without /api/v1 prefix) - Provides quick health check for documentation and testing - Returns same format as /api/v1/health/simple - Comprehensive health check still available at /api/v1/health - Fixes 'Not Found' error when accessing http://localhost:8001/health
- Consolidate QUICK_START.md, DEPLOYMENT.md, and docs/deployment/README.md into a single comprehensive DEPLOYMENT.md - New DEPLOYMENT.md provides two deployment options: - Option 1: Docker Deployment (single and multi-container) - Option 2: Kubernetes/Helm Deployment - QUICK_START.md now serves as a brief guide pointing to DEPLOYMENT.md - docs/deployment/README.md redirects to main DEPLOYMENT.md - Removes overlapping information and provides clear, organized structure - Includes all essential information: setup, configuration, deployment, monitoring, troubleshooting
- Remove DEPLOYMENT_ANALYSIS.md as deployment docs are now consolidated - All deployment information is in the main DEPLOYMENT.md
- Replace bitnami/kafka:3.6 (no longer available on Docker Hub) with apache/kafka:3.7.0 - Update Kafka configuration to use Apache Kafka's standard environment variables - Maintain KRaft mode (no Zookeeper required) for simplified setup - Add volume for Kafka data persistence - Add initialization command to format Kafka storage on first run - Fixes issue where dev_up.sh fails with 'bitnami/kafka:3.6: not found'
- Add v7_startTransition flag for React.startTransition wrapping - Add v7_relativeSplatPath flag for relative route resolution - Fixes deprecation warnings in console
- Add missing 'import os' statement - Fixes NameError when running demo data generation script
- Add missing 'import os' statement - Fixes NameError when generating historical demand data for forecasting
- Export validatePathParam from api.ts for reuse - Remove duplicate validatePathParam function from inventoryAPI.ts (55 lines) - Update inventoryAPI.ts to import and use shared validatePathParam - Reduce code duplication from 83.3% to 0% - Update documentation for historical demand data generator - Add detailed section in scripts/README.md - Add data generation steps to QUICK_START.md, README.md, DEPLOYMENT.md - Document that historical demand generator is separate and required for forecasting
- Create comprehensive .dockerignore to exclude sensitive files - Exclude .env files, secrets, credentials, git files - Exclude virtual envs, build artifacts, test files, docs - Add security comment to Dockerfile line 70 - Prevents CWE-668 and CWE-497 vulnerabilities - Addresses security concern with COPY . . directive
- Remove .dockerignore from .gitignore (should be committed) - Add comprehensive .dockerignore to prevent sensitive data in builds - Excludes .env files, secrets, credentials, git files, build artifacts
- Replace insecure COPY . . with explicit COPY src/ and COPY data/config/ - Prevents copying sensitive files (.env, secrets, git, tests, docs) - Addresses CWE-668 and CWE-497 security vulnerabilities - Maintains .dockerignore as defense-in-depth measure
- Create rapidsuser group and user (UID 1000) - Set ownership of /app directory to rapidsuser - Add USER directive to run container as non-privileged user - Prevents privilege escalation attacks and improves container security - Addresses security concern with root user in base image
- Add security note explaining random module is appropriate for test data - Clarify that secrets module should be used for security-sensitive operations - Document that this script generates synthetic telemetry, not security values - Addresses security scanner warning with appropriate context
- Add security notes to all files using random/np.random modules - Clarify that random module is appropriate for test data generation - Document that secrets module should be used for security-sensitive operations - Updated 12 files total: - Data generation scripts (4 files) - Document processing (3 files) - Service discovery and monitoring (2 files) - Forecasting scripts (2 files) - Demo/tools (1 file) - Addresses security scanner warnings with appropriate context - All random usage is for non-security purposes (test data, demos, load balancing)
- Add psql prerequisite with installation instructions for all platforms - Fix service name references (postgres -> timescaledb for dev compose) - Document .env file location requirements for Docker Compose - Add missing .env configuration step before dev_up.sh - Consolidate QUICK_START.md into DEPLOYMENT.md to eliminate duplication - Add demo data generation steps to Quick Start section - Fix UUID to INTEGER type mismatch in document schema foreign keys Fixes: - Missing psql prerequisite documentation - 'no such service: postgres' error in deployment steps - Missing .env configuration step after setup_environment.sh - Overlapping content between QUICK_START.md and DEPLOYMENT.md - Foreign key type mismatch in 002_document_schema.sql
- Update Kafka image from bitnami/kafka:3.6 to apache/kafka:3.7.0 - Fix service name references and configuration - Ensure proper KRaft mode initialization
- Remove Functional_Requirements_Status.md - Remove REQUIREMENTS_AUDIT_REPORT.md - Remove USE_CASES_OPERATIONAL_STATUS.md
- Create model_training_history, model_predictions, and model_performance_history tables - Fixes warnings about missing tables during forecasting training - Enables proper tracking of model performance metrics - Tables created via scripts/setup/create_model_tracking_tables.sql
- Add historical_demand_summary.json to .gitignore - Remove from git tracking (runtime-generated file) - Consistent with other auto-generated forecast/summary files
- Integrate detailed functional requirements (FR-01 to FR-78) into PRD.md as Section 4.3 - Add comprehensive functional requirements table with user experience descriptions - Organize requirements by application pages (Login, Dashboard, Chat, Equipment, etc.) - Map all requirements to use cases from Section 7 - Fix section numbering (Appendices now Section 13) - Delete Functional.md after successful integration - Ensure PRD.md is comprehensive, objective, and logical
…mpatibility - Upgrade webpack-dev-server from 4.15.2 to 5.2.2 to fix CVE-2018-14732 and CVE-2025-30360 - Add npm overrides to force webpack-dev-server 5.x with react-scripts 5.0.1 - Install and configure CRACO to exclude webpack-dev-server from source-map-loader - Add documentation for the upgrade and compatibility fix - Update package.json scripts to use CRACO instead of react-scripts directly Fixes source code disclosure vulnerabilities in development environment.
- Fix actions_taken extraction in chat endpoint (was always null) - Add task creation and equipment assignment in dispatch_equipment - Improve LLM response generation for equipment_dispatch operations - Update README.md to align with DEPLOYMENT.md structure - Remove all references to deleted QUICK_START.md - Add proper actions_taken cleaning to prevent circular references - Include actions_taken in process_warehouse_query return value Fixes issues with equipment dispatch operations and improves response quality.
- Update Node.js requirement to 18.17.0+ (minimum) or 20.0.0+ (recommended LTS) - Add engines field to package.json to enforce Node.js version - Create .nvmrc file for nvm users (Node.js 20) - Update Dockerfile to use node:20-alpine - Update CI/CD workflows to use Node.js 20 - Add comprehensive Node.js version check script (check_node_version.sh) - Enhance setup_environment.sh with Node.js version validation - Update README.md and DEPLOYMENT.md with version requirements and troubleshooting - Add detailed troubleshooting section for 'Cannot find module node:path' error Fixes QA-reported issue where Node.js < 18.17.0 fails with node:path error. Users with Node.js 18.0.0-18.16.x will now get clear error messages and upgrade instructions.
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/github_actions/actions/setup-node-6
branch
from
36e2588 to
659021a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/setup-node from 4 to 6.
Release notes
Sourced from actions/setup-node's releases.
... (truncated)
Commits
2028fbcLimit automatic caching to npm, update workflows and documentation (#1374)1342781Bump actions/publish-action from 0.3.0 to 0.4.0 (#1362)89d709dBump prettier from 2.8.8 to 3.6.2 (#1334)cd2651cBump ts-jest from 29.1.2 to 29.4.1 (#1336)a0853c2Bump actions/checkout from 4 to 5 (#1345)b7234ccUpgrade action to use node24 (#1325)d7a1131Enhance caching in setup-node with automatic package manager detection (#1348)5e2628cBumps form-data (#1332)65becefBump undici from 5.28.5 to 5.29.0 (#1295)7e24a65Bump uuid from 9.0.1 to 11.1.0 (#1273)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)