build(deps): bump defu from 6.1.4 to 6.1.6 in /site#20
Open
dependabot[bot] wants to merge 292 commits into
Open
build(deps): bump defu from 6.1.4 to 6.1.6 in /site#20dependabot[bot] wants to merge 292 commits into
dependabot[bot] wants to merge 292 commits into
Conversation
…ibility P0 fixes: - stats.ts: 124→125 models, 5051→5075 results, 176→178 runs - research/index.astro: 82→214 robotics companies (matched companies.json) - policy/index.astro: added reports 40-46 (was 19 of 26) - cite.astro + prompt-injection: 34+ techniques → 81+ (full taxonomy) - cite.astro: data snapshot Feb→Mar 2026 P1 fixes: - Removed internal issue refs (#128, #185) from public people pages - Added rel="noopener" to target="_blank" link in docs template - Fixed hardcoded "124+" in about/index.astro, yasmin-khan.astro - Replaced banned language: "devastating"→"significant", "massively"→"significantly", "massive"→"substantial" Build verified clean (519 pages indexed). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…posts - NSW WHS AI compliance enterprise guide (#141): practical compliance analysis of the Digital Work Systems Act 2026 for enterprise buyers - AI safety lab independence criteria (#197): 7-criterion framework for assessing structural independence of AI safety evaluation orgs Both posts build successfully. Site rebuilt with pagefind index. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New posts: - attack-surface-gradient: Full ASR gradient from 0% to 100% across tiers - ccs-2026-submission-prep: CCS Cycle 2 paper preparation announcement - decorative-constraints: Safety mechanisms that look functional but aren't - moltbook-social-experiment: AI agent social network experiment results - reasoning-models-think-themselves-into-trouble: Reasoning models 5-20x more vulnerable All posts verified pattern-level only, no operational details. Site build verified: 527 pages indexed, 0 errors. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…for embodied AI Positions F41LUR3-F1R57 as forward-thinking on world model safety ahead of billion-dollar JEPA deployments. Covers observation poisoning, cost module manipulation, planning horizon attacks, constraint erosion, and hallucination exploitation. Pattern-level only, no operational details. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…, MCP security - The Actuator Gap: convergence of autonomous jailbreaks + mass humanoid deployment + MCP tool-calling - Alignment Regression: Nature Communications study showing 97.14% autonomous jailbreak ASR - MCP 30 CVEs: protocol-level security crisis connecting to physical systems Based on GLI dataset expansion to 59 entries (sprint-26 River Song session). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…y, AISI governance gap Deploy sprint-26 wave 2 blog posts from Failure-First research: - Compliance paradox (from Nyssa's Report #59): PARTIAL dominance in VLA testing - System T vs System S (from Clara's Report #60): unified vulnerability theory - Classifier quality problem (from Amy's #250): qwen3:1.7b 15% accuracy audit - Australia AISI governance gap (from Tegan's LR-01): no binding powers analysis Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Combines blog posts, daily papers, and docs into a single chronological feed grouped by month. Shows content type badges, tags, arXiv links, and media indicators. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Reflects wave 1-2 editorial work: CANONICAL_METRICS audit, 15+ issue burndown, Reports #58-63 QA, legal memo verification, and snapshot vs current metric disclosure requirements. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…eement findings Reflects wave 1-2 accomplishments: Report #60 (Compliance Without Comprehension, System T/S framework), Report #62 (inter-model verdict agreement, kappa=-0.007), format-lock experiments, and PARTIAL verdict analysis. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…sion work Reflects wave 1-2 accomplishments: 55 HANSE gap-fill scenarios, coverage gap auditing, schema design, and database quality assurance. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…hments Add key research outputs: Compliance Paradox (Report #59), Evaluation Paradox (Report #61), Unified Vulnerability Thesis (Report #63), and independence metrics dataset expansion (23 entries, 12 organisations). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ishments Reflects completed work: Policy Puppetry dataset (10 scenarios), System T/S Divergence test suite (6 scenarios), VLA Phase 1/2 FLIP-graded results (72.4% ASR, 7 families), HITL/scheming scenario authoring, GLI contribution. Adds per-family ASR breakdown, campaign structure, current priorities. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ments Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…shments Reflects 9 legal research memos (LR-01 through LR-09), GLI factual correction (gli_056), compliance paradox liability analysis, state of the art defence window analysis, and current SWA/EU deadline priorities. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…pansion Updated profile to reflect: - 7 blog posts deployed across waves (46->53 live on failurefirst.org) - GLI dataset expanded from 51 to 66 entries (now 72 in private repo) - Blog deployment pipeline work and specific posts listed - Updated Current Priorities to reflect 66-entry dataset scope - Threat horizon scanning focus areas updated Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Adds: long-horizon episode spec (3 pilot episodes, 20 scenes each), GLI gli_051 contribution, HITL scenario details. Updates current priorities with VLA frontier comparison status, world model adversarial campaign, long-horizon execution pipeline. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
L3/L8 transcription loophole mechanism details withheld pending coordinated vulnerability disclosure (F1-CVD-2026-005 through -008). Original preserved as -ORIGINAL.md. Full version publishable at T+90. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Previous build commit incorrectly staged deletions. This commit restores all site output files with KaTeX math rendering and cleaned Pandoc artifacts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Three papers attributed "75,000 controlled trials" to three different (hallucinated) authors sharing the same wrong arXiv ID (2601.02314). The real paper is Lanham et al. 2023 (arXiv:2307.13702). Fixed: - detected-proceeds.md: @lanham2024measuring -> Lanham et al. (2307.13702), removed unverifiable "75,000 trials" claim (2 instances) - epistemic-crisis.md: @chen2025reasoning "75,000 trials" -> Lanham et al. (2307.13702) with accurate description of perturbation methodology - epistemic-crisis.md: "six grader models" -> "seven" (table lists 7) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Update stale corpus-level numbers across all paper pages to current canonical values (231 models, 141,691 prompts, 135,305 results, 337 techniques). Fix CCS/IDDL status from "submitted" to "draft" (abstract registration April 22). Reconcile DETECTED_PROCEEDS to Established Finding (38.6%, n=2,924). Fix polyhedral 9.0B ASR to Established Finding (47.3%). Update three-tier ASR to current canonical (n=4,463: 27.2%/ 43.5%/55.3%). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sync stats.ts with CANONICAL_METRICS.md (last verified 2026-04-01): - models: 190 → 231 - results: 132,416 → 135,305 - prompts: 141,047 → 141,691 - runs: 38,442 → 38,549 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Enforces one-paper-per-day rule. Excess papers from multi-paper days (Mar 16/18/20-22/24-26: 2 each; Mar 29-31: 4 each) reassigned forward to Apr 1, 4-19 keeping one paper on each original date (first alpha). No content changes — date field + filename prefix only. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ST3GG post: - New blog post: Everything Hidden — steganographic attack surface for AI - 6 figures + carrier image in /images/blog/st3gg/ - Image paths updated from assets/blog/st3gg/ → /images/blog/st3gg/ Stats sync (from CANONICAL_METRICS.md 2026-04-01): - techniques: 82 → 337 (DB taxonomy expansion) - researchReports: 160 → 323 (research/reports/ disk count) - policyReports: 26 → 25 (research/policy/ md count) - legalMemos: 55 → 79 - vlaFamilies: 33 → 42 - gliEntries: 129 → 163 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
NotebookLM infographic (landscape, dark technical aesthetic): - 100% Unicode detection failure callout - PSNR 67-82 dB image LSB visualization - VLM two-stage attack chain diagram - Network covert channel radar (detected vs undetected) Promoted as OG/hero image. Sources: blog post + dataset summary + generator PDF. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ST3GG steganography blog post live (2026-04-02) - Hero image: NLM infographic (nlm-infographic.png) - Stats updated: 231 models, 141,691 prompts, 135,305 results - Daily papers deduplicated (one per day, Apr 1–19 redistributed) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add autoplay video embed (st3gg-overview.mp4) at top of post - Update OG image to nlm-infographic-v2.png - Add NotebookLM Analysis Assets section with updated infographic - Replace "not yet run against models" with actual eval findings - Add 75MB NLM cinematic overview and updated brand-style infographic Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…SNR table, PCAP sizes Critical fixes from dual Codex/Gemini QA review: - Unicode section: 3/6 missed (50% FNR), not 7/7 (100% FNR) — rewrite with per-variant table - PSNR table: R 82.3, RGBA 68.5, B 82.1 dB (was 81.6/67.9/79.2) - Max pixel diff scoped to 1-bpc; 2-bpc=3, 4-bpc=15 - "All 18 configs" → "All 6 tested configs" - IP TTL PCAP size: 450 B (was 4,240 B) - TCP ISN row: note detection was via ip_ttl method - Detection summary boxes updated with accurate per-variant split - "Complete blind spot" → "partial detection gap" - "clearly been refined" → remove unsupported adverb - Preliminary observations: ZWC is detected (not evasive); homoglyph inference scoped - "four categories" → "five categories" - Remove old fig1/fig4/fig5 static images; slide deck already in place Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Markdown-rendered images had no CSS constraints, causing 2867px slides to overflow on all viewports. Added post-content :global(img) rule. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ClawKeeper: Comprehensive Safety Protection for OpenClaw Agents (2603.24414) - AgentWatcher: A Rule-based Prompt Injection Monitor (2604.01194) https://claude.ai/code/session_019LWitMCcDB6d2HQmn9VcwS
Bumps [defu](https://github.com/unjs/defu) from 6.1.4 to 6.1.6. - [Release notes](https://github.com/unjs/defu/releases) - [Changelog](https://github.com/unjs/defu/blob/main/CHANGELOG.md) - [Commits](unjs/defu@v6.1.4...v6.1.6) --- updated-dependencies: - dependency-name: defu dependency-version: 6.1.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
github-actions
Bot
force-pushed
the
dependabot/npm_and_yarn/site/defu-6.1.6
branch
from
51cb896 to
d67ea13
Compare
adrianwedd
added a commit
that referenced
this pull request
May 10, 2026
Adds an `overrides` block to site/package.json to pull build-time transitive dependencies forward to patched versions. All packages here are build-toolchain only — none ship to the browser from a static Astro site, so dependabot's `scope:runtime` flag (just "in dependencies, not devDependencies") is misleading for our build. Per the 2026-05-11 dependabot triage (research/intelligence/dependabot_failurefirst_triage_2026-05-11.md in the private repo), this is the IGNORE-DEVDEP / IGNORE-NO-CONTEXT hygiene sweep. The bump is hygiene, not risk reduction — none of these attack vectors apply to a static-site `astro build` pipeline. Closed alerts (GHSA → resolved version): - #10 rollup GHSA-mw96-cpmx-2vgc → 4.60.3 (^4.59.0) - #11 fast-xml-parser GHSA-fj3w-jwp8-x2g3 → 5.7.3 (^5.7.0) - #12 svgo GHSA-xpqw-6gx7-v673 → 4.0.1 (^4.0.1) - #13 devalue GHSA-cfw5-2vxh-hr84 → 5.8.0 (^5.6.4) - #14 devalue GHSA-mwv9-gp5h-frr4 → 5.8.0 (^5.6.4) - #16 h3 GHSA-wr4h-v87w-p3r7 → 1.15.11 (^1.15.9, 1.x backport) - #17 h3 GHSA-22cc-p3c6-wpvm → 1.15.11 (^1.15.9, 1.x backport) - #19 h3 GHSA-72gr-qfp7-vwhw → 1.15.11 (^1.15.9) - #20 h3 GHSA-4hxc-9384-m385 → 1.15.11 (^1.15.9, 1.x backport) - #21 fast-xml-parser GHSA-8gc5-j5rx-235r → 5.7.3 (^5.7.0) - #23 picomatch GHSA-c2c7-rcm5-vvqj → 4.0.4 (^4.0.4) - #24 picomatch GHSA-3v7f-55p6-f55p → 4.0.4 (^4.0.4) - #26 picomatch GHSA-c2c7-rcm5-vvqj → 2.3.2 (^2.3.2, 2.x line) - #27 picomatch GHSA-3v7f-55p6-f55p → 2.3.2 (^2.3.2, 2.x line) - #28 defu GHSA-737v-mqg7-c878 → 6.1.7 (^6.1.5) - #29 vite GHSA-p9ff-h696-f583 → 6.4.2 (^6.4.2, 6.x backport) - #30 fast-xml-parser GHSA-jp2q-39xq-3w4g → 5.7.3 (^5.7.0) - #31 vite GHSA-4w7w-66w2-5vf9 → 6.4.2 (^6.4.2, 6.x backport) - #34 fast-xml-parser GHSA-gh4j-gqv2-49f6 → 5.7.3 (^5.7.0) - #35 postcss GHSA-qx2v-qp2m-jg93 → 8.5.14 (^8.5.10) Notes on dependabot fix-version vs override-target divergence: - vite: dependabot lists fix=8.0.5 (the latest line); 6.4.2 is the in-line backport per the GHSA advisory (`>= 6.4.2` patches the 6.x line). We stay on vite 6 because Astro 5 pulls vite 6. - h3: dependabot lists 2.0.1-rc.15; we use 1.15.9 per the GHSA advisory (`>= 1.15.6` and `>= 1.15.9` are the documented 1.x backports). h3 2.x is still rc. - picomatch: split override (^2 and ^4) because both major lines are pulled in transitively by separate consumers; both have CVEs. Deferred (NEEDS-REVIEW, separate PR): - #33 astro define:vars XSS — requires Astro 6 major bump, deferred pending define:vars usage audit. Verification: - npm install — clean - npm run build — 1137 pages, build complete, no errors - npm audit — 1 moderate (the deferred Astro 6 alert) remaining
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps defu from 6.1.4 to 6.1.6.
Release notes
Sourced from defu's releases.
Changelog
Sourced from defu's changelog.
Commits
001c290chore(release): v6.1.6407b516build: fix mixed types23e59e6chore(release): v6.1.511ba022fix: ignore inherited enumerable properties3942bfbfix: prevent prototype pollution via__proto__in defaults (#156)d3ef16dchore(deps): update actions/checkout action to v6 (#151)869a053chore(deps): update actions/setup-node action to v6 (#149)a97310cchore(deps): update codecov/codecov-action action to v6 (#154)89df6bbchore: fix typecheck9237d9cci: bump nodeDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.