Skip to content

chore(deps-dev): bump @types/node from 20.19.41 to 25.9.1#8

Open
dependabot[bot] wants to merge 8 commits into
mainfrom
dependabot/npm_and_yarn/types/node-25.9.1
Open

chore(deps-dev): bump @types/node from 20.19.41 to 25.9.1#8
dependabot[bot] wants to merge 8 commits into
mainfrom
dependabot/npm_and_yarn/types/node-25.9.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 2, 2026

Copy link
Copy Markdown

Bumps @types/node from 20.19.41 to 25.9.1.

Commits

feat: scaffold agent-native magnus-cli (download + capture, v0.1.0)
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 2, 2026
aedneth and others added 2 commits June 2, 2026 12:16
- Fix CI badge URL: eduardoborjas → aedneth (was pointing at wrong username)
- Add npm version badge to README header
- Add "Why magnus?" section: positions vs raw yt-dlp, browser extensions, and
  manual Apify runs with outcome-first reasoning
- Add Roadmap section (v0.1.0 checked, v0.2.0–v1.0.0 milestones)
- Promote CHANGELOG [Unreleased] → [0.1.0] 2026-06-02 with Fixed entries for
  the two CI bugs resolved on the branch
- Fix wrong GitHub username in CONTRIBUTING.md clone URL and
  .github/ISSUE_TEMPLATE/config.yml security policy link

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… cost)

C1 — queue.ts: narrow table params to QueueTable union type; use bound
  LIMIT parameter instead of string-interpolated Number(limit) to close
  the SQL concatenation pattern in an agent-callable tool.

M1 — capture runners: coerce --budget-cap/--limit from string (Commander
  returns option values as strings; runners were casting string as number,
  making assertCanaryAcceptable compare number > string via JS coercion).

M2 — capture runners: wire --limit across all three runners (instagram,
  tiktok, youtube); the flag existed in the manifest but was never read.

M3 — capture runners: pass projected next-batch cost to assertWithinBudget
  before each runActor call so the hard cap fires pre-charge, not post-
  charge. Track per-URL canary rate and multiply by batch size.

M4 — youtube.ts: rethrow non-ENOENT yt-dlp startup errors as
  MagnusError(Network) instead of silently continuing into a render loop
  that finds no info.json and exits 0 with 0 notes processed.

M5 — db.ts: key openDb cache by resolved file path (was module-global
  singleton, so --config dir isolation did not affect the DB handle).

m1 — redact.ts: add Bearer token and generic key=VALUE patterns alongside
  the existing Apify token regex.

m2 — apify.ts: warn to stderr when Apify cost fields are absent (schema
  drift) instead of silently recording $0; budget guard would not fire.

m3 — instagram.ts: add shortCode-based fallback lookup for dataset items
  (URL normalization mismatch on query-string variants like ?igshid=).

m4 — config.ts: remove duplicate ctx.log.info in config list that wrote
  the config JSON to both stderr and stdout.

m5 — cli.ts: guard injectDefaultCommand against argv.length < 2; replace
  non-null assertions with typed casts.

s1 — remove dead ink, react, @types/react dependencies (zero imports).

s5 — cli.ts: use process.exitCode in main().catch for consistency with
  the execute() drain pattern; avoids premature stream teardown.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/types/node-25.9.1 branch from ecd7d35 to 7bbd22a Compare June 2, 2026 18:53
aedneth and others added 5 commits June 3, 2026 00:43
Portable three-layer knowledge graph integration: SessionStart/PostToolUse/
UserPromptSubmit/Stop/PreToolUse hooks, graphify graph (auto-updates on commit),
decisions + bugs ADRs committed, runtime artifacts gitignored. No-ops gracefully
without local CKIS vault — external contributors unaffected.

Registered in Dev Brain (~/Documents/Dev Brain/); graph-report auto-synced to CKIS
02-projects/<slug>/graph-report.md on each commit.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
- Add .npmrc: ignore-scripts=true, registry pin, save-exact=true
- Patch GHSA-5xrq-8626-4rwp: vitest → ^4.1.8 (critical — arbitrary file read/exec)
- Pin all GitHub Actions to commit SHAs (not mutable tags)
- Add --ignore-scripts to all npm ci / pnpm install steps in CI
- Add explicit native module whitelist with npm_config_ignore_scripts=false rebuild
- Add npm audit --audit-level=high gate to all CI and release workflows
- Add permissions: {} (deny-all default) with per-job minimum grants
- Add persist-credentials: false to all checkout steps
- Add weekly security-audit.yml workflow (runs every Monday 09:00 UTC)
- Add SECURITY.md with supply chain security policy and vulnerability disclosure

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Track C — `magnus capture <instagram|tiktok> --watch`: real-time system-audio
capture via recmp3. Records the PulseAudio .monitor source, transcribes with
Groq Whisper ($0 Apify), and files one CKIS Type-B note with
transcript_source: recmp3-whisper into <vault>/00-inbox/. Interactive
ENTER-to-stop or headless --duration; monitor source auto-detect with
--source / RECMP3_SOURCE / config override.

- Rename package to @aedneth/magnus-cli (both unscoped names taken on npm);
  binary stays `magnus`. First public npm release.
- Fix package.json homepage/repository/bugs URLs (eduardoborjas -> aedneth).
- Add capture.recmp3Source + capture.inboxSubdir config; add recmp3-whisper
  to the TranscriptSource union.
- Record 6 architecture decisions as ADRs in .brain/decisions/.
- Bump 0.1.0 -> 1.0.0; update CHANGELOG, README (install/quickstart/roadmap).

Tests: 52 passing (12 new for watch). Build/lint/typecheck/audit clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.19.41 to 25.9.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.9.1
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/types/node-25.9.1 branch from 7bbd22a to 549f8d4 Compare June 3, 2026 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant