build(deps): bump actions/upload-artifact from 4.6.2 to 7.0.1#3
build(deps): bump actions/upload-artifact from 4.6.2 to 7.0.1#3dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.2 to 7.0.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...043fb46) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
|
Closing: mobile is a frozen scaffold and its CI is being quieted until the rebuild (see #14, which removes the dependabot version-updates config and switches CI to workflow_dispatch). These version bumps will be regenerated against the real dependency tree at rebuild. Security alerts are unaffected. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
…nvalidated recovery) (#29) Stage-2 slice A3 — the locked-phase unlock screen, closing the Stage-2 loop: create (A2) → cold start → unlock. ## What - `UnlockPin` screen (flipbook "Вход — Locked" frame, English strings): PIN path via the A1c ladder, biometric-circle shortcut, 1s lockout countdown (persists across force-quit), 200ms spinner threshold. - `deviceWallet.unlock` single-flight (mirrors `commitWallet`; sync `NoWalletError` precondition outside the slot). - `walletStore.unlock` action publishing the live `UnlockedSession`; no `reconcile` (A1c contract). - `PinKeypad` `disabled` prop (lockout/verifying), A2 callers untouched. - `KeyPermanentlyInvalidated` → recovery banner → verbatim-tested confirm (`Delete & start over`) → `wipeWallet` → onboarding. Never auto-wipes. - Keychain mock extended (`getSupportedBiometryType`, `BIOMETRY_TYPE`, hang helper); `keystoreSecret` docstring fixed (save-side auth prompt — carry-over #20 resolved). ## Evidence - Gates (exact CI commands, local — CI is workflow_dispatch-muted, carry-over #3/#16): `npm run typecheck` clean, `npm run lint` 0 errors, `npm test -- --coverage` **150/150** (was 125). Coverage: stores 100%, UnlockPin 93%. `gradlew assembleDebug` proven by the smoke build. - Red→green proven: 3 red runs + 4 mutations (error-toggle, lock predicate, KPI predicate ×2), each failing exactly its guarding tests. - Device smoke PASS (Captain-witnessed, JFLFG6MZSSL7WCF6): lock screen live, shake, lockout+countdown+force-quit persistence, PIN→OS sheet→Home, biometric circle→Home. KPI recovery UNVERIFIED-on-device (destructive to provoke; jest-proven). - Gate-1 APPROVED WITH NITS; Gate-2 APPROVED WITH NITS, M1–M6 applied in-round (delta in `core/.claude/reports/2026-07-06-stage2-a3-unlock-locked.md`). Carry-overs recorded: #21 (import inert until A4 — go-live blocker), #23 (no-biometrics unlock/PIN-reset path — gate before real users). Spec: `core/.claude/specs/2026-07-06-stage2-a3-unlock-locked.md`
## Что и зачем (A4 · Этап 2, последний A-слайс) Восстановление кошелька записанной 12-словной BIP-39-фразой: **Welcome → ImportPhrase → CreatePin → ConfirmPin → commit → unlocked**. Активирует инертную кнопку «Импортировать фразу». **Закрывает go-live-блокер #21** (KPI-recovery — после потери устройства/ключа фраза снова ведёт к кошельку). Второй из двух PR арки; core-часть (`validate_mnemonic`) уже на main (rustok-org/core#85), сабмодуль бампнут на неё. ## Ключевое - **Валидность решает ТОЛЬКО Rust FFI** (`validateMnemonic`, без KDF, честный тег `InvalidInput`). JS-словарь — лишь подсказка (полоса автодополнения + подчёркивание), не гейт. - **Экран ввода = самая чувствительная поверхность:** фраза живёт только в JS-памяти, стирается на success/cancel/back; анти-утечка-пропсы на всех 12 полях (`visible-password` глушит Gboard-подсказки); ноль чтений клипборда/сети/логов/persist. - **Paste** — только OS-нативный: пробел-в-конце фиксирует слово; multi-word раскладывается по полям; >12 слов → ошибка целиком (без обрезки). - **Полоса автодополнения** под 3 замками: локальный словарь / без кэша / только явный tap. - **Таксономия ошибок коммита:** exists / ffi / storage — три различимых сообщения + Retry. ## Гейты - `npm run typecheck` → чисто - `npm run lint` → 0 ошибок (изменённые файлы 0/0) - `npm test` → **196 passed / 196** (+46 новых; покрытие phraseInput+onboardingStore 100%, ImportPhrase 95.8%, ConfirmPin 85.7%) - Red→green доказан мутациями (prefix-guard, lowercase, таксономия-collapse, invalid-дискриминация, overflow index-blind, словарь-корозия) - **Device-smoke 8/8 при Капитане** (round-trip #21: создать→wipe→импорт→адрес совпал; Gboard-подсказки отсутствуют) Гейт-1 и Гейт-2 (fleet 5 линз + security ЧИСТО) — оба APPROVED; МИНОРы вшиты. Mobile CI = workflow_dispatch (заглушён, #3/#16) → мерж по локальному зелёному, build-android остаётся #16. **Вне скоупа (записано):** #22 (ru→en sweep существующих экранов), #19 (FLAG_SECURE для ImportPhrase), #23 (вход без биометрии).
Bumps actions/upload-artifact from 4.6.2 to 7.0.1.
Release notes
Sourced from actions/upload-artifact's releases.
... (truncated)
Commits
043fb46Merge pull request #797 from actions/yacaovsnc/update-dependency634250cInclude changes in typespec/ts-http-runtime 0.3.5e454baaReadme: bump all the example versions to v7 (#796)74fad66Update the readme with direct upload details (#795)bbbca2dSupport direct file uploads (#764)589182cUpgrade the module to ESM and bump dependencies (#762)47309c9Merge pull request #754 from actions/Link-/add-proxy-integration-tests02a8460Add proxy integration testb7c566aMerge pull request #745 from actions/upload-artifact-v6-releasee516bc8docs: correct description of Node.js 24 support in READMEDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)