Dependency Update Tracking#

Last Updated: June 2025

This file tracks dependency versions and updates across the aesthetic-computer project.

📦 system/package.json (Node Dependencies)#

Updated via npx ncu -u on June 2025:

Action Taken ✅#

• Run npm install in /workspaces/aesthetic-computer/system
• Review Stripe 20.x breaking changes: https://github.com/stripe/stripe-node/releases

Stripe 19→20 Migration Notes#

The v20 breaking changes are LOW IMPACT for this project:

• V2 API array serialization changes - Only affects /v2 endpoints (not used here)
• V2 Event namespace moves - Not using V2 events
• Node.js 16+ required - Already on Node 20+

Usage locations reviewed:

• system/netlify/functions/email.js - customers.search, customers.update
• system/netlify/functions/print.js - checkout.sessions, webhooks, refunds
• system/netlify/functions/gives.mjs - sessions.list, subscriptions.list
• system/netlify/functions/mug.js - checkout.sessions, webhooks

All use standard v1 APIs unaffected by v20 breaking changes.

📁 /dep Folder (Vendored Client Libraries)#

These are manually copied client-side dependencies in system/public/aesthetic.computer/dep/:

/dep Subfolders#

• @akamfoad/ - Custom/fork dependency
• @mediapipe/ - MediaPipe vision models
• ffmpeg/ - WASM FFmpeg
• gif/, gifenc/ - GIF encoding
• gpt3-tokenizer/ - GPT tokenizer
• sm/ - Unknown
• tasks-vision/ - MediaPipe tasks
• wasmboy/ - GameBoy emulator
• webpxmux/ - WebP muxer

Three.js Update ✅ COMPLETED#

The vendored Three.js has been updated from r145 to 0.182.0.

Files updated:

• three.core.js (1.4MB) - New modular core
• three.module.js (631KB) - ES module entry
• All addon files with fixed import paths (from './three.module.js')

Action Required:

• Test 3D pieces thoroughly (use 3d.mjs or similar pieces)

🐳 Dockerfile (CLI Tool Versions)#

Located at /workspaces/aesthetic-computer/Dockerfile:

Action Taken ✅#

• Update Stripe CLI: v1.30.0 → v1.34.0
• Update doctl: 1.109.0 → 1.149.0
• Update Deno: v2.4.5 → v2.6.6

Action Required#

• Rebuild devcontainer to apply Dockerfile changes
• Consider Node.js 22 LTS upgrade

📝 entry.fish (Startup Script)#

The 818-line startup script at /workspaces/aesthetic-computer/entry.fish handles:

• Environment setup
• Tool installation
• Service initialization

No pinned versions found in script - versions come from Dockerfile or package managers.

🔄 Update Procedures#

For package.json dependencies:#

cd /workspaces/aesthetic-computer/system
npm install
npm test  # Run tests to verify

For /dep vendored libraries:#

1. Download new version from source
2. Replace files in /dep/<library>/
3. Test affected pieces thoroughly
4. Update this tracking document

For Dockerfile:#

1. Update version in Dockerfile
2. Rebuild devcontainer: devcontainer rebuild
3. Test all tools work correctly

⚠️ Known Issues#

1. Three.js Version Mismatch: /dep/three/ is r145, package.json is 0.182.0

   • Potential incompatibility if both are used
   • 37+ releases of bug fixes and features missing

2. Stripe Major Update: 19.x → 20.x may have breaking API changes

   • Review: https://github.com/stripe/stripe-node/blob/master/CHANGELOG.md

� Security Audit (system/package.json)#

After npm install, 31 vulnerabilities reported (20 low, 3 moderate, 8 high).

Most vulnerabilities stem from blockchain/wallet dependencies:

• elliptic - Cryptographic primitive issues
• @taquito/* - Tezos SDK chain
• @walletconnect/* - WalletConnect chain
• @airgap/beacon-* - Beacon wallet chain

Note: These are in the Tezos integration and may require major version upgrades to fix.

📅 Update History#