From c4286c2d38d2a93c5df2d280130d55aca65af70b Mon Sep 17 00:00:00 2001 From: Fsocietyhhh <1211904451@qq.com> Date: Sun, 3 May 2026 02:20:55 -0700 Subject: [PATCH 1/2] fix(deps): sync package-lock.json with package.json MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI is currently broken on every PR against main with: npm error Invalid: lock file's @blockrun/llm@1.6.2 does not satisfy @blockrun/llm@1.13.0 Root cause: commit 208d05b ("chore(deps): bump @blockrun/llm to ^1.13.0 for Solana ESM fix") updated package.json but didn't refresh the lockfile. The bump landed via direct push to main (not a PR), so the PR-only `npm ci` check never had a chance to catch the drift. Subsequent release commits to main extended the gap (project version drifted to 3.15.9 in package.json while the lockfile still recorded 3.10.0). This commit just runs `npm install --package-lock-only` and commits the result. No package.json or source changes — only the lockfile gets re-synced. After this lands, all in-flight PRs (including the docs banner PR #39) recover their CI without any author action. Diff summary: 6 insertions, 21 deletions. - @blockrun/llm 1.6.2 → 1.13.0 (catches up to package.json) - Project version 3.10.0 → 3.15.9 (catches up to package.json) - Drops one duplicate transitive utf-8-validate v5.0.10 entry that npm de-duplicated on regenerate. Verified locally: $ npm ci --dry-run changed 1 package in 291ms Co-Authored-By: Claude Opus 4.7 (1M context) --- package-lock.json | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/package-lock.json b/package-lock.json index 821765db..c0c25ea0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,15 +1,15 @@ { "name": "@blockrun/franklin", - "version": "3.10.0", + "version": "3.15.9", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "@blockrun/franklin", - "version": "3.10.0", + "version": "3.15.9", "license": "Apache-2.0", "dependencies": { - "@blockrun/llm": "^1.4.2", + "@blockrun/llm": "^1.13.0", "@modelcontextprotocol/sdk": "^1.29.0", "@solana/spl-token": "^0.4.14", "@solana/web3.js": "^1.98.4", @@ -129,9 +129,9 @@ } }, "node_modules/@blockrun/llm": { - "version": "1.6.2", - "resolved": "https://registry.npmjs.org/@blockrun/llm/-/llm-1.6.2.tgz", - "integrity": "sha512-VzuPlNu0JhKUrjvgGIINu2pEiENeXkZZpwkx22NkAjv2iy1WQvmIJP/6ji26f+02gy8zSRulFH4wvSYNgSwNXw==", + "version": "1.13.0", + "resolved": "https://registry.npmjs.org/@blockrun/llm/-/llm-1.13.0.tgz", + "integrity": "sha512-Hd2C2r+0VJl0L4csE10bwFEOtVPz+bAEu5pngC62UPFUe30RzaXgq9MIsUp1ZEAioqP0zdTuEDSdT2PGhuIM0w==", "license": "MIT", "dependencies": { "@blockrun/clawrouter": "^0.12.71", @@ -3370,21 +3370,6 @@ "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", "license": "MIT" }, - "node_modules/jayson/node_modules/utf-8-validate": { - "version": "5.0.10", - "resolved": "https://registry.npmjs.org/utf-8-validate/-/utf-8-validate-5.0.10.tgz", - "integrity": "sha512-Z6czzLq4u8fPOyx7TU6X3dvUZVvoJmxSQ+IcrlmagKhilxlhZgxPK6C5Jqbkw1IDUmFTM+cz9QDnnLTwDz/2gQ==", - "hasInstallScript": true, - "license": "MIT", - "optional": true, - "peer": true, - "dependencies": { - "node-gyp-build": "^4.3.0" - }, - "engines": { - "node": ">=6.14.2" - } - }, "node_modules/jayson/node_modules/ws": { "version": "7.5.10", "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz", From c2440a8d6dddab192903323aeabe2ac1abef66f5 Mon Sep 17 00:00:00 2001 From: Fsocietyhhh <1211904451@qq.com> Date: Sun, 3 May 2026 02:29:40 -0700 Subject: [PATCH 2/2] fix(deps): restore jayson/utf-8-validate@5.0.10 entry in lockfile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous commit's lockfile regen aggressively de-duplicated the nested jayson/utf-8-validate@5.0.10 entry. Local 'npm ci' on Node 20.20.2 + npm 10.8.2 was happy with the de-dup'd lockfile, but the same node/npm versions on GitHub-hosted Ubuntu CI rejected it with: npm error Missing: utf-8-validate@5.0.10 from lock file (jayson resolves its ws@^7 peer to a flavor that requires utf-8-validate v5.x — npm's de-dup logic on macOS / Apple Silicon evidently considers this satisfiable from the top-level v6.0.6, but Linux CI's resolver treats the v5.x version constraint as separate.) This commit puts the v5.0.10 entry back exactly as main had it, so the lockfile diff vs main is now purely the @blockrun/llm version bump (1.6.2 → 1.13.0) plus the project-version catch-up (3.10.0 → 3.15.9). Co-Authored-By: Claude Opus 4.7 (1M context) --- package-lock.json | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/package-lock.json b/package-lock.json index c0c25ea0..834e694d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3370,6 +3370,21 @@ "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", "license": "MIT" }, + "node_modules/jayson/node_modules/utf-8-validate": { + "version": "5.0.10", + "resolved": "https://registry.npmjs.org/utf-8-validate/-/utf-8-validate-5.0.10.tgz", + "integrity": "sha512-Z6czzLq4u8fPOyx7TU6X3dvUZVvoJmxSQ+IcrlmagKhilxlhZgxPK6C5Jqbkw1IDUmFTM+cz9QDnnLTwDz/2gQ==", + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "peer": true, + "dependencies": { + "node-gyp-build": "^4.3.0" + }, + "engines": { + "node": ">=6.14.2" + } + }, "node_modules/jayson/node_modules/ws": { "version": "7.5.10", "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz",