From 86a3c75e65928c157394c4196e3ee4ccb7270751 Mon Sep 17 00:00:00 2001
From: dormouse-bot <287024035+dormouse-bot@users.noreply.github.com>
Date: Sat, 20 Jun 2026 07:47:22 +0000
Subject: [PATCH] fix: regenerate dependencies-cargo.json to match Cargo.lock

The base64 0.22.1 crate was promoted from a transitive to a direct Cargo
dependency without regenerating the supply-chain data, so a clean run of
website/scripts/generate-deps.js modified the committed JSON and the
nightly security audit failed its supply-chain FAIL IF check.

Regenerate the file: base64 moves to the direct section with a
declaredName field. Re-running the generator now produces no diff.

Fixes #159

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 website/src/data/dependencies-cargo.json | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/website/src/data/dependencies-cargo.json b/website/src/data/dependencies-cargo.json
index 4b8d04a8..73ea0d06 100644
--- a/website/src/data/dependencies-cargo.json
+++ b/website/src/data/dependencies-cargo.json
@@ -1,5 +1,13 @@
 {
   "direct": [
+    {
+      "name": "base64",
+      "version": "0.22.1",
+      "license": "MIT OR Apache-2.0",
+      "author": "Marshall Pierce <marshall@mpierce.org>",
+      "homepage": "https://github.com/marshallpierce/rust-base64",
+      "declaredName": "base64"
+    },
     {
       "name": "process-wrap",
       "version": "9.1.0",
@@ -150,13 +158,6 @@
       "author": "Alice Maz <alice@alicemaz.com>, Marshall Pierce <marshall@mpierce.org>",
       "homepage": "https://github.com/marshallpierce/rust-base64"
     },
-    {
-      "name": "base64",
-      "version": "0.22.1",
-      "license": "MIT OR Apache-2.0",
-      "author": "Marshall Pierce <marshall@mpierce.org>",
-      "homepage": "https://github.com/marshallpierce/rust-base64"
-    },
     {
       "name": "bit-set",
       "version": "0.8.0",