From 2b27c62daee557452a01246a19376bc36b03b51a Mon Sep 17 00:00:00 2001
From: Dengke Tang <dengket@amazon.com>
Date: Tue, 25 Nov 2025 10:09:35 -0800
Subject: [PATCH] remove the dependency update

---
 .github/workflows/dependency-updates.yml | 268 -----------------------
 package-lock.json                        |   6 +-
 2 files changed, 3 insertions(+), 271 deletions(-)
 delete mode 100644 .github/workflows/dependency-updates.yml

diff --git a/.github/workflows/dependency-updates.yml b/.github/workflows/dependency-updates.yml
deleted file mode 100644
index b4140a615..000000000
--- a/.github/workflows/dependency-updates.yml
+++ /dev/null
@@ -1,268 +0,0 @@
-name: Daily Dependency Updates
-
-on:
-  schedule:
-    # Run daily at 2 AM UTC
-    - cron: '0 2 * * *'
-  workflow_dispatch:
-
-
-env:
-  NODE_VERSION: '18'
-
-permissions:
-  contents: write
-  pull-requests: write
-  id-token: write
-
-jobs:
-  dependency-updates:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-            submodules: true
-            token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-            node-version: ${{ env.NODE_VERSION }}
-            cache: 'npm'
-
-      - name: Configure Git
-        run: |
-            git config --global user.name 'github-actions[bot]'
-            git config --global user.email 'github-actions[bot]@users.noreply.github.com'
-
-      - name: Create branch name with timestamp
-        id: branch
-        run: |
-            TIMESTAMP=$(date +%Y%m%d-%H%M%S)
-            BRANCH_NAME="dependency-updates/${TIMESTAMP}"
-            echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT
-            echo "timestamp=${TIMESTAMP}" >> $GITHUB_OUTPUT
-
-      - name: Install current dependencies
-        run: npm ci
-
-      - name: Run npm audit fix
-        run: |
-            echo "Running npm audit fix..."
-            npm audit --audit-level=moderate --json > audit_results.json || true
-            npm audit fix --audit-level=moderate || true
-            echo "npm audit fix completed"
-
-      - name: Reinstall with lockfile version 1
-        run: |
-            echo "Reinstalling dependencies with lockfile version 1..."
-            npm install --lockfile-version=1
-            echo "Dependencies reinstalled"
-
-      - name: Check for changes
-        id: changes
-        run: |
-          git add package-lock.json
-          git add package.json
-          if git diff --staged --quiet; then
-            echo "No changes detected"
-            echo "has_changes=false" >> $GITHUB_OUTPUT
-          else
-            echo "Changes detected"
-            echo "has_changes=true" >> $GITHUB_OUTPUT
-
-            # Get summary of changes
-            echo "## Changes Summary" > changes_summary.md
-            echo "" >> changes_summary.md
-
-            # Check if package-lock.json changed
-            if git diff --staged --name-only | grep -q "package-lock.json"; then
-              echo "- 📦 package-lock.json updated" >> changes_summary.md
-            fi
-
-            # Check if package.json changed
-            if git diff --staged --name-only | grep -q "package.json"; then
-              echo "- 📋 package.json updated" >> changes_summary.md
-            fi
-
-            # Get audit results
-            echo "" >> changes_summary.md
-            echo "### Audit Results" >> changes_summary.md
-
-            # Parse audit results for summary
-            if [ -f audit_results.json ]; then
-                # Check if there are any vulnerabilities
-                TOTAL_VULNS=$(jq -r '.metadata.vulnerabilities.total // 0' audit_results.json 2>/dev/null)
-
-                if [ "$TOTAL_VULNS" -gt 0 ]; then
-                  echo "**Security Vulnerabilities Found ($TOTAL_VULNS total):**" >> changes_summary.md
-                  echo "" >> changes_summary.md
-
-                  # Get list of vulnerable packages
-                  PACKAGES=$(jq -r '.vulnerabilities | keys[]' audit_results.json 2>/dev/null)
-
-                  # Process each package
-                  for PACKAGE in $PACKAGES; do
-                    SEVERITY=$(jq -r ".vulnerabilities[\"$PACKAGE\"].severity" audit_results.json 2>/dev/null)
-                    RANGE=$(jq -r ".vulnerabilities[\"$PACKAGE\"].range" audit_results.json 2>/dev/null)
-                    IS_DIRECT=$(jq -r ".vulnerabilities[\"$PACKAGE\"].isDirect" audit_results.json 2>/dev/null)
-                    FIX_AVAILABLE=$(jq -r ".vulnerabilities[\"$PACKAGE\"].fixAvailable" audit_results.json 2>/dev/null)
-                    NODES=$(jq -r ".vulnerabilities[\"$PACKAGE\"].nodes | join(\", \")" audit_results.json 2>/dev/null)
-
-                    echo "### 🚨 $PACKAGE ($SEVERITY severity)" >> changes_summary.md
-                    echo "- **Affected versions:** $RANGE" >> changes_summary.md
-                    echo "- **Direct dependency:** $([ "$IS_DIRECT" = "true" ] && echo "Yes" || echo "No")" >> changes_summary.md
-                    echo "- **Fix available:** $([ "$FIX_AVAILABLE" = "true" ] && echo "✅ Yes" || echo "❌ No")" >> changes_summary.md
-                    echo "- **Installed locations:** $NODES" >> changes_summary.md
-                    echo "- **Advisories:**" >> changes_summary.md
-
-                    # Get advisories for this package
-                    ADVISORY_COUNT=$(jq -r ".vulnerabilities[\"$PACKAGE\"].via | length" audit_results.json 2>/dev/null)
-                    for ((i=0; i<ADVISORY_COUNT; i++)); do
-                      TITLE=$(jq -r ".vulnerabilities[\"$PACKAGE\"].via[$i].title" audit_results.json 2>/dev/null)
-                      URL=$(jq -r ".vulnerabilities[\"$PACKAGE\"].via[$i].url" audit_results.json 2>/dev/null)
-                      CVSS_SCORE=$(jq -r ".vulnerabilities[\"$PACKAGE\"].via[$i].cvss.score // 0" audit_results.json 2>/dev/null)
-
-                      if [ "$CVSS_SCORE" != "0" ] && [ "$CVSS_SCORE" != "null" ]; then
-                        echo "  - [$TITLE]($URL) (CVSS: $CVSS_SCORE)" >> changes_summary.md
-                      else
-                        echo "  - [$TITLE]($URL)" >> changes_summary.md
-                      fi
-                    done
-
-                    echo "" >> changes_summary.md
-                  done
-
-                  echo "" >> changes_summary.md
-
-                  # Summary by severity
-                  echo "**Vulnerability Summary by Severity:**" >> changes_summary.md
-                  jq -r '.metadata.vulnerabilities | to_entries[] | select(.value > 0) |
-                    if .key == "critical" then "🔴 Critical: " + (.value | tostring)
-                    elif .key == "high" then "🟠 High: " + (.value | tostring)
-                    elif .key == "moderate" then "🟡 Moderate: " + (.value | tostring)
-                    elif .key == "low" then "🟢 Low: " + (.value | tostring)
-                    elif .key == "info" then "ℹ️ Info: " + (.value | tostring)
-                    else .key + ": " + (.value | tostring)
-                    end' audit_results.json 2>/dev/null | while read line; do
-                    echo "- $line" >> changes_summary.md
-                  done
-
-                  echo "" >> changes_summary.md
-
-                  # Recommendations
-                  echo "**Recommended Actions:**" >> changes_summary.md
-
-                  # Check for packages with fixes available
-                  FIXABLE_COUNT=$(jq -r '[.vulnerabilities[] | select(.fixAvailable == true)] | length' audit_results.json 2>/dev/null)
-                  if [ "$FIXABLE_COUNT" -gt 0 ]; then
-                    echo "- 🔧 Run \`npm audit fix\` to automatically fix $FIXABLE_COUNT vulnerable package(s)" >> changes_summary.md
-                  fi
-
-                  # Check for direct dependencies
-                  DIRECT_VULNS=$(jq -r '[.vulnerabilities[] | select(.isDirect == true)] | length' audit_results.json 2>/dev/null)
-                  if [ "$DIRECT_VULNS" -gt 0 ]; then
-                    echo "- ⚠️ $DIRECT_VULNS direct dependencies have vulnerabilities - consider updating or replacing" >> changes_summary.md
-                  fi
-
-                  # Check for critical/high severity
-                  CRITICAL_HIGH=$(jq -r '(.metadata.vulnerabilities.critical // 0) + (.metadata.vulnerabilities.high // 0)' audit_results.json 2>/dev/null)
-                  if [ "$CRITICAL_HIGH" -gt 0 ]; then
-                    echo "- 🚨 $CRITICAL_HIGH critical/high severity vulnerabilities require immediate attention" >> changes_summary.md
-                  fi
-
-                else
-                  echo "✅ **No security vulnerabilities found**" >> changes_summary.md
-                fi
-
-                # Add dependency summary
-                echo "" >> changes_summary.md
-                echo "**Dependency Summary:**" >> changes_summary.md
-                jq -r '.metadata.dependencies |
-                  "- Total dependencies: " + (.total | tostring) + "\n" +
-                  "- Production: " + (.prod | tostring) + "\n" +
-                  "- Development: " + (.dev | tostring) + "\n" +
-                  "- Optional: " + (.optional | tostring)' audit_results.json 2>/dev/null >> changes_summary.md
-            else
-                echo "✅ No vulnerabilities found" >> changes_summary.md
-            fi
-
-            echo "" >> changes_summary.md
-            echo "### Files Changed" >> changes_summary.md
-            git diff --staged --name-only | sed 's/^/- /' >> changes_summary.md
-          fi
-
-      - name: Create branch and commit changes
-        if: steps.changes.outputs.has_changes == 'true'
-        run: |
-          git checkout -b ${{ steps.branch.outputs.branch_name }}
-          git commit -m "chore: automated dependency updates
-
-          - Run npm audit fix to address security vulnerabilities
-          - Reinstall dependencies with lockfile-version=1
-          - Automated update on ${{ steps.branch.outputs.timestamp }}
-
-          🤖 Assisted by GenAI"
-
-      - name: Push branch
-        if: steps.changes.outputs.has_changes == 'true'
-        run: |
-          git push origin ${{ steps.branch.outputs.branch_name }}
-
-      - name: Create Pull Request
-        if: steps.changes.outputs.has_changes == 'true'
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const fs = require('fs');
-
-            // Read the changes summary
-            let body = '';
-            try {
-              body = fs.readFileSync('changes_summary.md', 'utf8');
-            } catch (error) {
-              body = 'Automated dependency updates performed.';
-            }
-
-            // Add additional context to PR body
-            const fullBody = `# 🔄 Automated Dependency Updates
-
-            This PR contains automated dependency updates performed by the daily maintenance workflow.
-
-            ${body}
-
-            ## What was done:
-            1. ✅ Ran \`npm audit fix\` to address security vulnerabilities
-            2. ✅ Ran \`npm install --lockfile-version=1\` to ensure lockfile compatibility
-            3. ✅ Committed any resulting changes
-
-            ## Review Guidelines:
-            - 🔍 Review the changes in \`package-lock.json\` for any unexpected updates
-            - 🧪 Ensure CI tests pass before merging
-            - 🚀 This PR can be safely merged if all checks pass
-
-            ---
-            *This PR was automatically created by the dependency-updates workflow.*
-            `;
-
-            const { data: pr } = await github.rest.pulls.create({
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              title: `chore: automated dependency updates (${{ steps.branch.outputs.timestamp }})`,
-              head: '${{ steps.branch.outputs.branch_name }}',
-              base: 'main',
-              body: fullBody,
-              draft: false
-            });
-
-            console.log(`Created PR #${pr.number}: ${pr.html_url}`);
-
-      - name: Summary
-        run: |
-          if [ "${{ steps.changes.outputs.has_changes }}" == "true" ]; then
-            echo "✅ Dependency updates completed and PR created"
-            echo "Branch: ${{ steps.branch.outputs.branch_name }}"
-          else
-            echo "ℹ️ No dependency updates needed"
-          fi
diff --git a/package-lock.json b/package-lock.json
index ac5801894..313ff5f90 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -3096,9 +3096,9 @@
       "dev": true
     },
     "js-yaml": {
-      "version": "3.14.1",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
-      "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
+      "version": "3.14.2",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
+      "integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
       "dev": true,
       "requires": {
         "argparse": "^1.0.7",