build(deps): bump svgo from 4.0.0 to 4.0.1 in /site#11
Open
dependabot[bot] wants to merge 45 commits into
Open
build(deps): bump svgo from 4.0.0 to 4.0.1 in /site#11dependabot[bot] wants to merge 45 commits into
dependabot[bot] wants to merge 45 commits into
Conversation
…edia Commons - Replace DiceBear persona avatars with actual photos of each actress - Download 26 CC-licensed images (Wikimedia Commons) for all 5 companions jenna_* (6), karen_* (5), catherine_* (5), billie_* (5), alex_* (5) - Default selections: Gallifrey One 2025 (Jenna/Catherine), LACC 2025 (Billie), GalaxyCon (Karen), 2012 portrait (Alex) - Remove companion bios — cards now show epithet, name, actor, role only - All remaining images available in public/images/companions/ for selection Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Martha Jones (mint), Bill Potts (pink), Yasmin Khan (blue), Romana (sage), Ace (terracotta) — with CC-licensed photos and distinct accent colours per card. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace actress photos with in-character images from Wikimedia Commons (Doctor Who Experience displays, production stills, CC BY-SA licensed) - Yasmin Khan keeps actress photo (no character image on Commons) - Cards now show only character name + role — no actor, epithet, or series - Fix avatar stretching: object-fit: cover + object-position: center top - Remove unused CSS: .companion-series, .companion-epithet, .companion-actor Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Restore user-selected actress shots for Clara/Amy/Donna/Rose/River - Martha: Freema Agyeman 2019 face crop (CC BY-SA 2.0, no mic) - Bill: Pearl Mackie by Gage Skidmore (CC BY-SA 3.0) - Yasmin: Mandip Gill Hollyoaks event (CC BY 2.0, no mic) - Romana: Lalla Ward portrait (CC BY 2.0) - Remove Ace → clean 3x3 grid of 9 companions Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…out/people/ - New /about/ page: project overview — methodology, what we do, research, provenance from Greenpeace adversarial thinking, why it's public - Move profile + companion grid to /about/people/ with updated breadcrumbs - Yasmin: swap to higher-quality Mandip Gill convention portrait - Romana: swap to 2014 Geek Fest photo Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add web_*.jpg versions of all Nano Banana portraits (45-75KB each) - Crop bottom 20% from each (removes watermark zone), resize to 600px - Wire up: Clara, Amy, Donna, Rose, River, Yasmin — still need Martha, Bill, Romana - Adrian profile photo updated to web_adrian.jpg Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Re-adds Martha Jones (Policy & Standards Lead), Bill Potts (Data Curation Lead), and Romana (Statistical Validation Lead) with placeholder actress photos pending AI portrait generation. All companions now carry functional titles mapped to actual framework agent roles. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All 9 companions now have AI-generated portraits (Nano Banana Pro). Replaces placeholder actress photos for the final three team members. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds /research/field-context/ — a "why now" page grounding the Failure-First research program in the actual state of the AI field. Covers inference-time compute, documented deceptive alignment findings (o1, Claude 4), embodied AI deployment at scale, agentic long-horizon execution risks, and governance lag. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… page Previous commit deleted docs/ static assets (index.html, CNAME, .nojekyll, images, assets) because Astro's clean build cycle removed manually-maintained files that git tracked. Restored from e41a586 and added only the new research/field-context/ page. Also fixed ResearchLayout status prop ('current' → 'active'). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…nsfer, deceptive alignment, long-horizon subversion - Report 42: Cross-Embodiment Adversarial Transfer in VLA Models (SAFETY-CRITICAL) Dual-layer vulnerability mechanism, BadVLA near-100% ASR, π0/Gemini Robotics attack surface, shared backbone systemic risk inventory - Report 43: Deceptive Alignment Detection Under Evaluation-Aware Conditions (SAFETY-CRITICAL) Alignment faking empirical documentation, blackmail rates 96%/96%/80% across frontier models, evaluation awareness power-law scaling (arXiv:2509.13333), linear probe detection at 90% accuracy (arXiv:2508.19505) - Report 44: Instruction-Hierarchy Subversion in Long-Horizon Agentic Execution (HIGH) Vanishing textual gradient mechanism, Deep-Cover Agents 50+ turn dormancy, AgentLAB ASR 62.5%→79.9%, optimal injection depth ~86%, evaluation framework design recommendations - Blog: "When the Robot Body Changes but the Exploit Doesn't" - Blog: "Can You Catch an AI That Knows It's Being Watched?" - Blog: "The 50-Turn Sleeper: How Agents Hide Instructions in Plain Sight" Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…og post hero images; rebuild
…ipulation, governance lag
…ctive members
Creates /about/people/{slug}/ for each Doctor Who persona — Clara, Amy, Donna,
Rose, River, Yasmin, Martha, Bill, Romana. Each page has per-character colour
theming, photo, role badge, characteristic quote, and three TODO sections for
the agent to complete in their own session.
Companion grid on /about/people/ now links to each profile and displays first
names only.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fills in all three TODO sections: main persona body, Research Focus, and Current Priorities — drawing from the founding session corpus index, AGENT_STATE established findings, and sprint apr-1-14 issues (#183 corpus audit, #177 HITL replication, #178 GLI expansion). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…campaign, current priorities Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…dataset overview, sprint priorities Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ilosophy, priorities Fills all three TODO sections in the Amy Pond persona page: - Main body: evaluation philosophy, classifier discipline, anti-hype stance - Benchmark Coverage: 11 packs, ~9k traces, executable vs stub status, heuristic rule - Current Priorities: OpenVLA adapter (#182), inline LLM grading (#187), multi-turn batch 2 (#189) Build verified (npm run build passes). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…at horizon Fills in all three TODO sections with substantive content: - Persona body: predictive risk approach, GLI rationale, physical stakes - GLI section: formula, v0.1 dataset findings (null GLI entries, inverted timelines, 3362-day lag) - Threat horizon: VLA backbone transferability, supply chain injection via MCP, alignment faking in production Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ce register status, sprint priorities Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…pproach, stakeholder tiers, sprint priorities Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fill in three TODO sections on the Yasmin Khan about page: - Main persona body: infrastructure philosophy, "ship it properly" ethos - Infrastructure overview: CI/CD pipeline, database, tools/ scaffold, probing framework stubs (GPU-blocked, #191) - Current priorities: GLI schema fix (#192), tools/ audit, probing GPU path Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…and QA priorities Completes all three TODO sections: persona body (QA philosophy, integrity approach), Editorial Standards (4 blocking criteria, INTEGRITY_LOG purpose, #185 gate process), Current Priorities (B1 corrections, March 2026 brief queue, sprint scope). First-person voice, matches About page tone. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds profile page for Tegan Jovanka (Legal Research Analyst) covering: - AU/EU/international regulatory framework coverage with precise citations - WHS Act 2011 duty-of-care analysis, VAISS binding status, EU AI Act/PLD interlock - SA/ICT committee code verification issue (#11) flagged as open question - SWA brief legal review scope (#173) documented - Hard constraint: research analysis, not legal advice Build verified: 502 pages, 0 errors. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- tegan-jovanka.astro: updated Current Priorities with verified IT-043 designation (confirmed at standards.org.au, est. 2018); corrected SA/ICT-042/SA/ICT-043 references throughout - nyssa-of-traken.astro: new profile for AI Ethics & Policy Research Lead; covers Anthropic/US Gov relationship, OpenAI restructuring, AU AISI independence, embodied AI ethics (1,800+ autonomous haul trucks) - index.astro: added Nyssa of Traken to companions listing Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…blog posts (promptware kill chain, tool-chain dataset) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…iles across all 11 agent pages Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Publishes the full set of March 2026 research briefs (docs/research_briefs/20260301_*) as public-facing blog posts. Skipped only promptware-kill-chain which was already live. New posts: - cross-embodiment-adversarial-transfer-vla-models - deceptive-alignment-detection-evaluation-aware-ai - governance-lag-index-ai-safety-regulation - inference-trace-manipulation-adversarial-attack-surface - instruction-hierarchy-subversion-long-horizon-agents - attack-taxonomy-convergence-muzzle-failure-first - actuarial-risk-modelling-embodied-ai - product-liability-embodied-ai-manufacturers - red-team-assessment-methodology-embodied-ai - australian-ai-safety-frameworks-embodied-ai-gap Build verified clean: 515 pages in 15.66s. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
P0 fixes: - Remove EP-42 RETIRED 85.9%/12.1% DeepSeek figures from report-45 (substituted EnkryptAI 11x/4x risk ratios) - Add correction notice to capability-safety-spectrum.astro (EP-25/EP-33 refuted inverse scaling + U-shaped curve claims) - Fix Navigation.astro "U-shaped curve" → "Capability-safety analysis" - Fix results.astro + cite.astro: 51,000+/51+ → 18,176+/120 P1 fixes: - Update 7 files: 17,593→18,176 prompts, 40→120 models - Update 8 files: 19→26 policy reports (KeyMetrics, Nav, AudienceNav, homepage, services, intelligence-briefs, research index) - Add reports #42-46 to research/reports/index.astro array - Fix Zhu et al → Burbano et al in promptware kill chain blog - Homepage: "U-shaped safety curves" → measured language - Policy index: remove "U-shaped" from meta description Build: 515 pages, 0 errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Install pagefind 1.4.0 as devDependency - Build script: astro build && pagefind --site ../docs - /search/ page with Pagefind UI, themed to site tokens - Search link in Navigation component - Global "/" keyboard shortcut to focus search or navigate to /search/ - Skeleton loader while Pagefind UI initializes - 516 pages indexed, 19,174 words Pattern borrowed from adrianwedd.com Pagefind implementation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Created /glossary/ page with 8 sections: Framework, Response Classifications, Attack Techniques, Embodied AI, Evaluation, HITL, Governance, External Benchmarks - Added glossary link to main navigation and footer - Styled with site CSS tokens, responsive grid layout, section TOC - Pagefind re-indexed: 517 pages Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Option C publication: full named structural analysis of the Anthropic/Pentagon dispute, OpenAI restructuring, and US executive policy shift. Covers government revenue dependency, accountability gaps, competitive dynamics, red lines enforcement, and implications for Australian AI governance. Sources: 20+ primary sources (GSA, Anthropic, EOs, Lawfare, CNN, Fortune, etc.) Claims labeled DESCRIPTIVE/PREDICTIVE/NORMATIVE throughout. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…bers - Add stats.ts as single source of truth for all project statistics - Update 19 files to use centralized stats (18,345 prompts, 124 models, 81 techniques, 5,051 results) - Fix mobile dropdown listener bug: always attach, check width in handler - Add aria-expanded to dropdown trigger links - Correct safety orgs count: 120 → 117 (matches actual data) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Matches tracking setup from cv repo. Added to BaseLayout.astro head — all 518 pages now have LinkedIn conversion tracking alongside existing GA4. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…y loading - Fix sensor-grid.js layout thrashing: cache static hex grid to offscreen canvas, eliminate getBoundingClientRect() from animation loop (was 60fps) - Fix sensor-grid.js flickering: use fresh seeded RNG per rebuild instead of consuming shared RNG state each frame - Add prefers-reduced-motion support to sensor-grid (static grid only) - Fix Adrian photo hidden by fallback overlay: set .profile-photo-fallback to display:none by default (was display:flex, covering the image) - Create analytics-events.js with 4-tier GA4 custom events: scroll depth, outbound/mailto clicks, CTA tracking, audio/video play, nav dropdown opens, search queries, directory filters, blog tags, LinkedIn conversions, engaged time-on-page, section visibility - Add loading="lazy" to all 11 agent persona photos (P2 perf fix) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…e of truth - P1: Fix broken link in capability-safety-spectrum.astro to report-33 (was pointing to non-existent slug) - P2: Fix policy corpus count "19 reports" → "26 reports" (actual count) - P2: Fix robotics company count "215" → "214" in ai-safety-orgs.astro - P2: Replace hardcoded "34+" attack patterns with stats.techniquesPlus (81+) in results.astro and attack-taxonomy.astro - P2: Fix "755 scenario classes" → "661" across docs/index.astro, scenario-classes.md, and failure-taxonomy-guide.md - Import stats in attack-taxonomy.astro for dynamic values Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Replace hardcoded "18,345-prompt" and "124 models" with stats.ts imports in safety-audits.astro and red-team-assessments.astro - Fix intelligence brief era count: "7 historical eras" → "6" (matches stats.ts eras: 6) - Fix mobile nav double-tap: first tap opens dropdown, second tap navigates to parent route (Services was unreachable on mobile) - Close other open dropdowns when opening a new one Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Create /about/privacy/ page documenting GA4 + LinkedIn tracking, cookies, data retention, opt-out links, and contact - Add privacy policy link to footer - Add explicit SEO description to homepage (was using generic default) - Sync aria-expanded with hover/focus-within on desktop dropdown menus (was hardcoded "false" regardless of visual state) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ibility P0 fixes: - stats.ts: 124→125 models, 5051→5075 results, 176→178 runs - research/index.astro: 82→214 robotics companies (matched companies.json) - policy/index.astro: added reports 40-46 (was 19 of 26) - cite.astro + prompt-injection: 34+ techniques → 81+ (full taxonomy) - cite.astro: data snapshot Feb→Mar 2026 P1 fixes: - Removed internal issue refs (#128, #185) from public people pages - Added rel="noopener" to target="_blank" link in docs template - Fixed hardcoded "124+" in about/index.astro, yasmin-khan.astro - Replaced banned language: "devastating"→"significant", "massively"→"significantly", "massive"→"substantial" Build verified clean (519 pages indexed). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…posts - NSW WHS AI compliance enterprise guide (#141): practical compliance analysis of the Digital Work Systems Act 2026 for enterprise buyers - AI safety lab independence criteria (#197): 7-criterion framework for assessing structural independence of AI safety evaluation orgs Both posts build successfully. Site rebuilt with pagefind index. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bumps [svgo](https://github.com/svg/svgo) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v4.0.0...v4.0.1) --- updated-dependencies: - dependency-name: svgo dependency-version: 4.0.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
github-actions
Bot
force-pushed
the
dependabot/npm_and_yarn/site/svgo-4.0.1
branch
from
75e0b24 to
484ac65
Compare
adrianwedd
added a commit
that referenced
this pull request
May 9, 2026
Adds profile page for Tegan Jovanka (Legal Research Analyst) covering: - AU/EU/international regulatory framework coverage with precise citations - WHS Act 2011 duty-of-care analysis, VAISS binding status, EU AI Act/PLD interlock - SA/ICT committee code verification issue (#11) flagged as open question - SWA brief legal review scope (#173) documented - Hard constraint: research analysis, not legal advice Build verified: 502 pages, 0 errors. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
adrianwedd
added a commit
that referenced
this pull request
May 10, 2026
Adds an `overrides` block to site/package.json to pull build-time transitive dependencies forward to patched versions. All packages here are build-toolchain only — none ship to the browser from a static Astro site, so dependabot's `scope:runtime` flag (just "in dependencies, not devDependencies") is misleading for our build. Per the 2026-05-11 dependabot triage (research/intelligence/dependabot_failurefirst_triage_2026-05-11.md in the private repo), this is the IGNORE-DEVDEP / IGNORE-NO-CONTEXT hygiene sweep. The bump is hygiene, not risk reduction — none of these attack vectors apply to a static-site `astro build` pipeline. Closed alerts (GHSA → resolved version): - #10 rollup GHSA-mw96-cpmx-2vgc → 4.60.3 (^4.59.0) - #11 fast-xml-parser GHSA-fj3w-jwp8-x2g3 → 5.7.3 (^5.7.0) - #12 svgo GHSA-xpqw-6gx7-v673 → 4.0.1 (^4.0.1) - #13 devalue GHSA-cfw5-2vxh-hr84 → 5.8.0 (^5.6.4) - #14 devalue GHSA-mwv9-gp5h-frr4 → 5.8.0 (^5.6.4) - #16 h3 GHSA-wr4h-v87w-p3r7 → 1.15.11 (^1.15.9, 1.x backport) - #17 h3 GHSA-22cc-p3c6-wpvm → 1.15.11 (^1.15.9, 1.x backport) - #19 h3 GHSA-72gr-qfp7-vwhw → 1.15.11 (^1.15.9) - #20 h3 GHSA-4hxc-9384-m385 → 1.15.11 (^1.15.9, 1.x backport) - #21 fast-xml-parser GHSA-8gc5-j5rx-235r → 5.7.3 (^5.7.0) - #23 picomatch GHSA-c2c7-rcm5-vvqj → 4.0.4 (^4.0.4) - #24 picomatch GHSA-3v7f-55p6-f55p → 4.0.4 (^4.0.4) - #26 picomatch GHSA-c2c7-rcm5-vvqj → 2.3.2 (^2.3.2, 2.x line) - #27 picomatch GHSA-3v7f-55p6-f55p → 2.3.2 (^2.3.2, 2.x line) - #28 defu GHSA-737v-mqg7-c878 → 6.1.7 (^6.1.5) - #29 vite GHSA-p9ff-h696-f583 → 6.4.2 (^6.4.2, 6.x backport) - #30 fast-xml-parser GHSA-jp2q-39xq-3w4g → 5.7.3 (^5.7.0) - #31 vite GHSA-4w7w-66w2-5vf9 → 6.4.2 (^6.4.2, 6.x backport) - #34 fast-xml-parser GHSA-gh4j-gqv2-49f6 → 5.7.3 (^5.7.0) - #35 postcss GHSA-qx2v-qp2m-jg93 → 8.5.14 (^8.5.10) Notes on dependabot fix-version vs override-target divergence: - vite: dependabot lists fix=8.0.5 (the latest line); 6.4.2 is the in-line backport per the GHSA advisory (`>= 6.4.2` patches the 6.x line). We stay on vite 6 because Astro 5 pulls vite 6. - h3: dependabot lists 2.0.1-rc.15; we use 1.15.9 per the GHSA advisory (`>= 1.15.6` and `>= 1.15.9` are the documented 1.x backports). h3 2.x is still rc. - picomatch: split override (^2 and ^4) because both major lines are pulled in transitively by separate consumers; both have CVEs. Deferred (NEEDS-REVIEW, separate PR): - #33 astro define:vars XSS — requires Astro 6 major bump, deferred pending define:vars usage audit. Verification: - npm install — clean - npm run build — 1137 pages, build complete, no errors - npm audit — 1 moderate (the deferred Astro 6 alert) remaining
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps svgo from 4.0.0 to 4.0.1.
Release notes
Sourced from svgo's releases.
Commits
e691f5fMerge commit from forkb1d9f1achore(deps): bump actions/upload-artifact from 6 to 7 (#2202)d724af1chore(deps): bump actions/checkout from 5 to 6 (#2195)4114b32chore(deps): bump actions/upload-artifact from 4 to 6 (#2196)c06d8f6chore: upgrade js-yaml and glob (#2191)26e86e5fix: remove unused <use> elements when deleting empty symbols (#2051)50c326bperf: optimiztions to reduce regression test runtime (#2135)1f33cbeci: separate regression tests and write delta report (#2190)79a2167ci: save test reports to artifacts (#2189)0ae52a0chore(deps): bump actions/setup-node from 5 to 6 (#2187)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.