akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

fix(dependencies): update @emnapi/core and @emnapi/runtime to version 1.8.1; update @napi-rs/wasm-runtime to version 1.1.1; add funding information

Browse Source
This commit is contained in:
GitHub Actions
2026-01-25 04:22:21 +00:00
parent 89ca4f258a
commit 6f670dd097
2 changed files with 233 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

192
docs/plans/merge-resolution-plan.md Normal file
View File

@@ -0,0 +1,192 @@
# Merge Conflict Resolution Plan: `feature/beta-release` → `main`
**Plan ID**: MERGE-2026-001
**Status**: 🔄 PENDING
**Priority**: High
**Created**: 2026-01-25
---
## Summary
This plan addresses merge conflicts in the `feature/beta-release` branch that need resolution against `main`. After analyzing all conflicting files, here is the recommended resolution strategy.
---
## File Analysis
### 1. `.github/workflows/codeql.yml`
**Conflict Likelihood**: Low-Medium
**Current State**: No visible conflict markers
**Key Features in Current Version**:
- Go version: `1.25.6`
- Forked PR handling (skips when `fork == true`)
- CodeQL config file: `.github/codeql/codeql-config.yml`
- SARIF analysis with error/warning/note counting
**Resolution Strategy**: **Accept feature branch changes**
- Feature branch likely has updated Go version and security improvements
- Verify `GO_VERSION` env var matches other workflows after merge
---
### 2. `.github/workflows/docker-build.yml`
**Conflict Likelihood**: Medium
**Current State**: No visible conflict markers
**Key Features in Current Version**:
- SBOM generation and attestation
- CVE-2025-68156 verification for Caddy/CrowdSec
- Feature branch detection and artifact handling
- Multi-platform builds (amd64/arm64)
- Trivy vulnerability scanning
**Resolution Strategy**: **Accept feature branch changes**
- Feature branch contains critical security patches
- Verify image tag logic matches expected patterns
- Confirm `SYFT_VERSION` and `GRYPE_VERSION` are current
---
### 3. `Dockerfile`
**Conflict Likelihood**: High (likely PR #550 Debian Trixie migration)
**Current State**: Already using `debian:trixie-slim`
**Key Features in Current Version**:
- Base image: `debian:trixie-slim` (Debian 13 testing)
- Go version: `1.25` (builder stages)
- Caddy version: `2.11.0-beta.2`
- CrowdSec version: `1.7.6`
- gosu version: `1.17`
- Security patches for `expr-lang/expr@v1.17.7`
- Multi-stage build with cross-compilation helpers
**Resolution Strategy**: **Accept feature branch changes (post-Trixie migration)**
- If main still uses `bookworm-slim`, take feature branch version
- Critical: Preserve all CVE patches (CVE-2025-68156, CVE-2025-58183, etc.)
- Ensure all `renovate:` comments are preserved for automated updates
---
### 4. `backend/go.sum`
**Conflict Likelihood**: High
**Current State**: 167 packages, no conflict markers
**Key Versions Detected**:
- `golang.org/x/crypto@v0.47.0`
- `google.golang.org/grpc@v1.75.0`
- `gorm.io/gorm@v1.31.1`
- `github.com/gin-gonic/gin@v1.11.0`
**Resolution Strategy**: **Regenerate after merge**
- Dependency lock files should never be manually merged
- After resolving other conflicts, run:
```bash
cd backend && go mod tidy && go mod download
```
---
### 5. `frontend/package-lock.json` ⚠️ (Not `backend/`)
**Conflict Likelihood**: High
**Current State**: 7499 lines, lockfileVersion 3
**Resolution Strategy**: **Regenerate after merge**
- Delete the file and regenerate:
```bash
cd frontend && rm package-lock.json && npm install
```
---
### 6. `frontend/package.json` ⚠️ (Not `backend/`)
**Conflict Likelihood**: Medium
**Current State**: Version `0.3.0`, no conflict markers
**Key Dependencies**:
- React: `^19.2.3`
- Vite: `^7.3.1`
- Playwright: `^1.57.0`
- TypeScript: `^5.9.3`
**Resolution Strategy**: **Manual review required**
- Compare `main` and feature branch versions
- Keep higher version numbers when there are conflicts
- Ensure no duplicate entries
---
## Command Sequence for Resolution
```bash
# 1. Ensure you're on the feature branch
git checkout feature/beta-release
# 2. Fetch latest main
git fetch origin main
# 3. Start the merge (this will show conflicts)
git merge origin/main
# 4. For workflow files (if conflicts exist):
# Accept feature branch changes, then verify
git checkout --theirs .github/workflows/codeql.yml
git checkout --theirs .github/workflows/docker-build.yml
git add .github/workflows/
# 5. For Dockerfile (if conflicts exist):
# Accept feature branch (Trixie migration)
git checkout --theirs Dockerfile
git add Dockerfile
# 6. For Go dependencies:
git checkout --theirs backend/go.sum
cd backend && go mod tidy
cd ..
git add backend/go.sum backend/go.mod
# 7. For frontend dependencies:
cd frontend
rm -f package-lock.json
# Manually resolve package.json if needed
npm install
cd ..
git add frontend/package.json frontend/package-lock.json
# 8. Complete the merge
git commit -m "Merge main into feature/beta-release - resolve conflicts"
# 9. Validate
make lint
make test
```
---
## Post-Merge Validation Checklist
- [ ] `go mod tidy` completes without errors
- [ ] `npm install` (frontend) completes without errors
- [ ] Docker build succeeds: `docker build -t charon:test .`
- [ ] CI workflows pass on push
- [ ] Go version consistent across all workflows (`1.25.6`)
- [ ] Debian Trixie base image in Dockerfile
---
## Notes
1. **File Path Correction**: The conflicting package files are in `frontend/`, not `backend/`. The Go backend uses `go.mod`/`go.sum`, not npm.
2. **Conflict markers not visible**: The files read don't show `<<<<<<<` markers, suggesting either:
- The merge hasn't been attempted yet
- Conflicts would appear after running `git merge`
3. **PR #550 Reference**: The Dockerfile already shows Trixie migration is complete in the current branch.

128
frontend/package-lock.json generated
View File

@@ -576,9 +576,9 @@
}
},
"node_modules/@emnapi/core": {
"version": "1.7.1",
"resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.7.1.tgz",
"integrity": "sha512-o1uhUASyo921r2XtHYOHy7gdkGLge8ghBEQHMWmyJFoXlpU58kIrhhN3w26lpQb6dspetweapMn2CSNwQ8I4wg==",
"version": "1.8.1",
"resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.8.1.tgz",
"integrity": "sha512-AvT9QFpxK0Zd8J0jopedNm+w/2fIzvtPKPjqyw9jwvBaReTTqPBk9Hixaz7KbjimP+QNz605/XnjFcDAL2pqBg==",
"dev": true,
"license": "MIT",
"optional": true,
@@ -588,9 +588,9 @@
}
},
"node_modules/@emnapi/runtime": {
"version": "1.7.1",
"resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.7.1.tgz",
"integrity": "sha512-PVtJr5CmLwYAU9PZDMITZoR5iAOShYREoR45EyyLrbntV50mdePTgUn4AmOw90Ifcj+x2kRjdzr1HP3RrNiHGA==",
"version": "1.8.1",
"resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.8.1.tgz",
"integrity": "sha512-mehfKSMWjjNol8659Z8KxEMrdSJDDot5SXMq00dM8BN4o+CLNXQ0xH2V7EchNHV4RmbZLmmPdEaXZc5H2FXmDg==",
"dev": true,
"license": "MIT",
"optional": true,
@@ -1388,9 +1388,9 @@
}
},
"node_modules/@napi-rs/wasm-runtime": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.0.tgz",
"integrity": "sha512-Fq6DJW+Bb5jaWE69/qOE0D1TUN9+6uWhCeZpdnSBk14pjLcCWR7Q8n49PTSPHazM37JqrsdpEthXy2xn6jWWiA==",
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.1.tgz",
"integrity": "sha512-p64ah1M1ld8xjWv3qbvFwHiFVWrq1yFvV4f7w+mzaqiR4IlSgkqhcRdHwsGgomwzBH51sRY4NEowLxnaBjcW/A==",
"dev": true,
"license": "MIT",
"optional": true,
@@ -1398,6 +1398,10 @@
"@emnapi/core": "^1.7.1",
"@emnapi/runtime": "^1.7.1",
"@tybys/wasm-util": "^0.10.1"
},
"funding": {
"type": "github",
"url": "https://github.com/sponsors/Brooooooklyn"
}
},
"node_modules/@nodelib/fs.scandir": {
@@ -3046,66 +3050,6 @@
"node": ">=14.0.0"
}
},
"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/core": {
"version": "1.7.1",
"dev": true,
"inBundle": true,
"license": "MIT",
"optional": true,
"dependencies": {
"@emnapi/wasi-threads": "1.1.0",
"tslib": "^2.4.0"
}
},
"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/runtime": {
"version": "1.7.1",
"dev": true,
"inBundle": true,
"license": "MIT",
"optional": true,
"dependencies": {
"tslib": "^2.4.0"
}
},
"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@emnapi/wasi-threads": {
"version": "1.1.0",
"dev": true,
"inBundle": true,
"license": "MIT",
"optional": true,
"dependencies": {
"tslib": "^2.4.0"
}
},
"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@napi-rs/wasm-runtime": {
"version": "1.1.0",
"dev": true,
"inBundle": true,
"license": "MIT",
"optional": true,
"dependencies": {
"@emnapi/core": "^1.7.1",
"@emnapi/runtime": "^1.7.1",
"@tybys/wasm-util": "^0.10.1"
}
},
"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/@tybys/wasm-util": {
"version": "0.10.1",
"dev": true,
"inBundle": true,
"license": "MIT",
"optional": true,
"dependencies": {
"tslib": "^2.4.0"
}
},
"node_modules/@tailwindcss/oxide-wasm32-wasi/node_modules/tslib": {
"version": "2.8.1",
"dev": true,
"inBundle": true,
"license": "0BSD",
"optional": true
},
"node_modules/@tailwindcss/oxide-win32-arm64-msvc": {
"version": "4.1.18",
"resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.1.18.tgz",
@@ -4986,11 +4930,12 @@
}
},
"node_modules/fsevents": {
"version": "2.3.3",
"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
"integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
"version": "2.3.2",
"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
"integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
"dev": true,
"hasInstallScript": true,
"license": "MIT",
"optional": true,
"os": [
"darwin"
@@ -5628,6 +5573,7 @@
"arm64"
],
"dev": true,
"license": "MPL-2.0",
"optional": true,
"os": [
"android"
@@ -5648,6 +5594,7 @@
"arm64"
],
"dev": true,
"license": "MPL-2.0",
"optional": true,
"os": [
"darwin"
@@ -5668,6 +5615,7 @@
"x64"
],
"dev": true,
"license": "MPL-2.0",
"optional": true,
"os": [
"darwin"
@@ -5688,6 +5636,7 @@
"x64"
],
"dev": true,
"license": "MPL-2.0",
"optional": true,
"os": [
"freebsd"
@@ -5708,6 +5657,7 @@
"arm"
],
"dev": true,
"license": "MPL-2.0",
"optional": true,
"os": [
"linux"
@@ -5728,6 +5678,7 @@
"arm64"
],
"dev": true,
"license": "MPL-2.0",
"optional": true,
"os": [
"linux"
@@ -5748,6 +5699,7 @@
"arm64"
],
"dev": true,
"license": "MPL-2.0",
"optional": true,
"os": [
"linux"
@@ -5808,6 +5760,7 @@
"arm64"
],
"dev": true,
"license": "MPL-2.0",
"optional": true,
"os": [
"win32"
@@ -5828,6 +5781,7 @@
"x64"
],
"dev": true,
"license": "MPL-2.0",
"optional": true,
"os": [
"win32"
@@ -6263,21 +6217,6 @@
"node": ">=18"
}
},
"node_modules/playwright/node_modules/fsevents": {
"version": "2.3.2",
"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
"integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
"dev": true,
"hasInstallScript": true,
"license": "MIT",
"optional": true,
"os": [
"darwin"
],
"engines": {
"node": "^8.16.0 || ^10.6.0 || >=11.0.0"
}
},
"node_modules/postcss": {
"version": "8.5.6",
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
@@ -7237,6 +7176,21 @@
}
}
},
"node_modules/vite/node_modules/fsevents": {
"version": "2.3.3",
"resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
"integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
"dev": true,
"hasInstallScript": true,
"license": "MIT",
"optional": true,
"os": [
"darwin"
],
"engines": {
"node": "^8.16.0 || ^10.6.0 || >=11.0.0"
}
},
"node_modules/vitest": {
"version": "4.0.17",
"resolved": "https://registry.npmjs.org/vitest/-/vitest-4.0.17.tgz",