Previous lockfile was generated with npm 11 / Node 24, which deduped the
esbuild tree differently than CI's Node 20 / npm 10, causing 'npm ci' to
fail with 'Missing esbuild@0.28.1'. Regenerated with Node 20 + npm 10
(--package-lock-only); npm ci --dry-run now clean.
The committed lockfile was out of sync with package.json (missing
esbuild@0.28.1 transitive entries), which made the CI 'npm ci' step
fail. Regenerated with npm install; npm ci --dry-run now clean.
The weekly Security workflow started failing after a critical advisory
was published for vitest <4.1.0 (arbitrary file read/execute via the
Vitest UI server). npm audit fix bumps vitest and @vitest/coverage-v8
to 4.1.x within existing semver ranges, plus a few moderate fixes
(yaml, flatted, etc.). No package.json changes.
Verified: npm audit reports 0 critical; vitest run 92 passed; vite
build succeeds.
- Fix prettier formatting across all P2P files
- Fix setState-in-useEffect by using useCallback pattern
- Add missing React import for keyboard event type
- Wrap fetch functions in useCallback for exhaustive-deps
- Single tx (applyForCitizenship) instead of 2-step setIdentity+applyForKyc
- Keccak-256 identity hash via js-sha3
- Referral code replaced with referrer SS58 address
- Success screen shows pending referral status instead of citizen ID
- Updated all 6 translation files with new keys
pezkuwichain