[pull] main from 5L-Labs:main#115
Open
pull[bot] wants to merge 52 commits into
Open
Conversation
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.12.6 to 6.14.0. - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.12.6...v6.14.0) --- updated-dependencies: - dependency-name: ajv dependency-version: 6.14.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash-es](https://github.com/lodash/lodash) and [mermaid](https://github.com/mermaid-js/mermaid). These dependencies needed to be updated together. Updates `lodash-es` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) Updates `mermaid` from 11.12.2 to 11.12.3 - [Release notes](https://github.com/mermaid-js/mermaid/releases) - [Commits](https://github.com/mermaid-js/mermaid/compare/mermaid@11.12.2...mermaid@11.12.3) --- updated-dependencies: - dependency-name: lodash-es dependency-version: 4.17.23 dependency-type: indirect - dependency-name: mermaid dependency-version: 11.12.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [svgo](https://github.com/svg/svgo) from 3.3.2 to 3.3.3. - [Release notes](https://github.com/svg/svgo/releases) - [Commits](svg/svgo@v3.3.2...v3.3.3) --- updated-dependencies: - dependency-name: svgo dependency-version: 3.3.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…to test-all-prs-v2
Adds Cross-Origin-Opener-Policy (same-origin) to mitigate cross-origin window interaction attacks (e.g., reverse tabnabbing and spectre). Enhances Strict-Transport-Security (HSTS) with the preload directive to bolster protocol downgrade attack protection. Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
Implements the 5L Labs Homepage design handoff as a live preview at /homepage-preview — all 4 directions (Manifesto, Journal, Terminal, Schematic) in a pannable/zoomable canvas with a tweaks panel for density, accent color, and annotation visibility. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Monospace index layout: dark terminal banner, sortable content table pulling from real blog/release data, projects and consulting panels. Real links wired to existing routes and external properties. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- generate-latest-post.js now emits all-posts.json (19 real entries) - Homepage pulls top 7 from all-posts.json; "load more" links to /archive - /archive shows full table with live area filter chips - Removed all placeholder/wireframe content from the index Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- homepage.js: add consulting block (availability, blurb, services, inquireUrl) and areas array as single source of truth for both UI and generate script - index.js: drive terminal areas and consulting panel from config; fix redundant filter computation; use entry.url as React key; fix mobile column hiding (apply .hideOnMobile to th/td, not col); add empty state; make ↗ column a real link - archive.js: read location.hash on mount to honour deep-links from homepage filter; same key/empty-state/link fixes as index.js - generate-latest-post.js: support MDX truncate marker; add LIST_ITEMS_RE before BOLD_ITALIC_RE to prevent list-bullet corruption; read type from frontmatter; remove dead blog-misc AREA_LABELS entry with comment - .gitignore: add explicit src/generated/ paths for generated JSON files Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- New /inquiry page with name, email, phone, project description fields - SMS opt-in checkbox with required legal language (STOP/HELP/rates) - Links to /privacy-policy; form falls back to mailto if no Formspree ID - Formspree-ready: set FORMSPREE_ID env var to wire up submissions - consulting.inquireUrl updated from /docs to /inquiry - Restore privacy-policy.md from upstream/main (was missing from branch) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
- Add type="button", aria-label, aria-pressed to all filter chips - Guard window.location.href in mailto fallback with typeof check - Update privacy policy Last Updated date Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…#100 - Add title attribute to external link spread in HomepageContent (from #110) - WebP hero image and PNG removal already present on this branch (from #111) - Closes NickJLange#110 NickJLange#111 (incorporated here) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- inquiry.js: enforce SMS consent — add !fields.smsConsent to submit disabled check (P1) - areas.json: create src/config/areas.json as true single source of truth for area taxonomy - homepage.js: import areas from areas.json via Object.values() instead of duplicating list - generate-latest-post.js: require areas.json; derive BLOG_DIRS from Object.keys() — eliminates dual-maintenance risk - .gitignore + git rm: remove openspec/tooling/claude/settings.local.json (contained hardcoded absolute paths) HomepageRedesign wireframe components (Manifesto/Journal/PreviewApp) flagged for <a> without href are dev-only scaffolding behind /homepage-preview — not production paths. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds package.json overrides to force patched transitive dependency versions: - lodash-es >= 4.18.0 (fixes CVE-2026-4800: code injection via _.template) - lodash >= 4.18.0 (same advisory) - serialize-javascript >= 7.0.3 (fixes GHSA-5c6j-r48x-rmvq: RCE via RegExp.flags) - path-to-regexp >= 0.1.13 (fixes GHSA-37ch-88jc-xwx2: ReDoS via route params) All 4 packages are transitive deps of Docusaurus/mermaid/webpack. Overrides unblock the fix without waiting for upstream to update their pinned ranges. Reduces npm audit HIGH count from 27 → 0. Remaining 24 moderate are uuid via sockjs/webpack-dev-server (dev-server-only, not exploitable in static serving). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Feat: Terminal-style homepage redesign with archive, inquiry form, and Twilio opt-in
…1495617868960970 🛡️ Sentinel: [HIGH] Fix socket connection leak DoS
…168263382425 🛡️ Sentinel: [security improvement] Add advanced security headers
Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
…108109253 🎨 Palette: Fix heading hierarchy in LatestPost component
…mbedding generation Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
…4900771773 ⚡ Bolt: [performance improvement] Add connection pooling for faster embedding generation
Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
…ader experience Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
…56117680 🛡️ Sentinel: [CRITICAL/HIGH] Fix Connection Leak DoS in Fetcher
…30172526683879274 🎨 Palette: [UX improvement] Enhance keyboard navigation and screen reader experience
Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
…0032200 🎨 Palette: Expand project hit areas and improve hover states
…embedding file exists Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
Verify the cached-embedding path lives inside embeddings_dir before calling .exists() so a malformed sitemap URL can't probe arbitrary filesystem locations. Track skipped (already-cached) entries separately from successfully generated ones so the summary log is accurate. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
…alls-5175676149678226627 ⚡ Bolt: [performance improvement] Avoid redundant network calls when embedding file exists
…5117146095350 🎨 Palette: Expand index table hit areas
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
Add new frontier blog post
Added aria-pressed to toggle buttons. Added aria-label and title to color swatches. Added :focus-visible states to preview toolbar buttons. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
* Add anatomy of an AI agent skill post by Hermes Bot Documents the common structure of 11 custom agent skills: - Three archetypes: Pipeline, Reference, Design Decision - Recurring sections: Frontmatter, Pitfalls, Workflows, References - Cross-cutting patterns: cache conventions, version numbering, skill composition - What's NOT in any skill (templates/, scripts/, emoji, transcripts) * Add model dependency split section
* Added SHA-256 hash checking of fetched content in `generate_embeddings.py` to securely skip unchanged pages, replacing the naive file-existence check. * Passed all existing `verify_security_fixes.py` checks. * Documented learning in `.jules/sentinel.md`. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
…reen readers (#113) 💡 What: Added `aria-hidden="true"` to text-based directional arrows (`→` and `↗`) used throughout the `HomepageRedesign` components (`Journal`, `Manifesto`, `Schematic`, `Terminal`). 🎯 Why: Text-based directional arrows provide visual affordance for links, but they are read out loud by screen readers (e.g., reading "Start an inquiry rightwards arrow"), creating confusing auditory clutter. Hiding them preserves the visual UX while vastly improving the screen reader experience. 📸 Before/After: Visuals remain unchanged. ♿ Accessibility: Reduces screen reader noise by explicitly hiding decorative text-based symbols. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com> Co-authored-by: NickJLange <1529105+NickJLange@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )