Patel-Raj11 · dependabot · Jul 3, 2025 · Jul 7, 2025 · Jul 7, 2025 · Jul 9, 2025
diff --git a/.ci-config/rippled.cfg → .ci-config/xrpld.cfg b/.ci-config/rippled.cfg → .ci-config/xrpld.cfg
@@ -43,7 +43,7 @@ small
 
 [node_db]
 type=NuDB
-path=/var/lib/rippled/db/nudb
+path=/var/lib/xrpld/db/nudb
 advisory_delete=0
 
 # How many ledgers do we want to keep (history)?
@@ -58,10 +58,10 @@ online_delete=256
 256
 
 [database_path]
-/var/lib/rippled/db
+/var/lib/xrpld/db
 
 [debug_logfile]
-/var/log/rippled/debug.log
+/var/log/xrpld/debug.log
 
 [network_id]
 0
@@ -101,7 +101,6 @@ online_delete=256
 # Devnet amendments as of June 28th, 2023
 NegativeUNL
 fixRemoveNFTokenAutoTrustLine
-NonFungibleTokensV1
 CheckCashMakesTrustLine
 fixRmSmallIncreasedQOffers
 fixSTAmountCanonicalize
@@ -144,10 +143,8 @@ fix1512
 fix1373
 MultiSign
 Checks
-NonFungibleTokensV1_1
 # 1.10.0 Amendments
 DisallowIncoming
-fixNonFungibleTokensV1_2
 fixTrustLinesToSelf
 fixUniversalNumber
 ImmediateOfferKilled
@@ -158,7 +155,6 @@ ExpandedSignerList
 AMM
 Clawback
 fixReducedOffersV1
-fixNFTokenRemint
 # 2.0.0 Amendments
 XChainBridge
 DID
@@ -188,8 +184,17 @@ PermissionedDomains
 fixFrozenLPTokenTransfer
 fixInvalidTxFlags
 # 2.5.0 Amendments
-PermissionDelegation
 Batch
+PermissionedDEX
+TokenEscrow
+PermissionDelegationV1_1
+# 3.1.0 Amendments
+SingleAssetVault
+LendingProtocol
+# 3.1.3 Amendments
+fixCleanup3_1_3
+# 3.2.0 Amendments
+fixCleanup3_2_0
 
 # This section can be used to simulate various FeeSettings scenarios for rippled node in standalone mode
 [voting]

diff --git a/.claude/skills/batch-deps-upgrade/README.md b/.claude/skills/batch-deps-upgrade/README.md
@@ -0,0 +1,30 @@
+# Batch Dependency Upgrade
+
+Batches all open Dependabot PRs into a single upgrade PR.
+
+## Prerequisites
+
+- `gh auth login` -- needed to list open Dependabot PRs
+- Docker daemon running -- the skill starts a rippled container for integration/browser tests
+
+## Usage
+
+From the xrpl.js repo root, start a new Claude Code session and run:
+
+```
+/batch-deps-upgrade
+```
+
+## What it does
+
+1. Discovers all open Dependabot PRs via `gh pr list`
+2. Applies upgrades to package.json files, runs `npm install`
+3. Validates with build, lint, unit tests, integration tests, browser tests and faucet tests
+4. Generates output files and a commit message for the human to use
+
+## After it finishes
+
+1. Review the changes and generated files. Ask Claude questions about specific changes if they don't make sense — the code changes may need multiple rounds of discussion and correction before they're ready.
+2. Stage and commit using the suggested commit message (the skill already creates a branch)
+3. Push and open a PR using the generated PR description
+4. After merge, close the superseded Dependabot PRs listed in the description
diff --git a/.claude/skills/batch-deps-upgrade/SKILL.md b/.claude/skills/batch-deps-upgrade/SKILL.md
@@ -0,0 +1,85 @@
+---
+name: batch-deps-upgrade
+description: Batch all open Dependabot dependency upgrade PRs into a single PR
+disable-model-invocation: true
+---
+
+Batch all open Dependabot dependency upgrade PRs into a single PR for this repository.
+
+## Step 1: Discover
+
+Run: gh pr list --repo XRPLF/xrpl.js --label dependencies --state open --limit 500 --json number,title,headRefName,body,url
+
+Parse each PR to extract package names and versions. Dependabot PRs come in two formats:
+- **Single-package PRs**: title is `Bump <pkg> from <old> to <new>` — parse from title
+- **Grouped PRs** (e.g. #3266, #3051, #3013): title is `bump <pkg1> and <pkg2>` with no versions — parse from PR body, which contains a structured list of package updates with version ranges
+
+If any PR can't be parsed from either title or body, flag it for manual review. Build a table of all proposed upgrades. Report the table to the user before proceeding.
+
+## Step 2: Apply
+
+1. Create a branch from main: deps/batch-deps-upgrade-YYYY-QN (use current year and quarter)
+2. Check for **peer dependency conflicts** before upgrading. For each proposed upgrade, run `npm ls <pkg>` and check if any workspace package pins a peer dep that would block the upgrade (e.g., `@xrplf/eslint-config@^3` requires `eslint@^9`, blocking eslint 10). Mark these as Skipped (peer dep conflict: <details>) and do not attempt them.
+3. For each remaining Dependabot PR, determine if it's a direct dep (listed in a package.json) or transitive dep (only in package-lock.json):
+   - Direct deps: update the version in the relevant package.json file(s)
+   - Transitive deps: run `npm update <pkg>` to update within semver range
+4. Run `npm install` to update package-lock.json. **Do NOT delete package-lock.json and regenerate from scratch** — this can change hoisted dependency resolution and break builds even when no versions changed.
+5. Diff package.json and package-lock.json against main to classify each Dependabot PR as:
+   - Upgraded: version changed
+   - No-op: version was already current or newer
+6. If any upgrade changes the public API of a package (new errors, changed return types, removed functionality) and result in a breaking change, add an entry under `## Unreleased` in that package's `HISTORY.md`.
+7. Verify completeness: every PR from step 1 must have a status (Upgraded, No-op, or Skipped). If any PR is unaccounted for, stop and report it before proceeding.
+
+## Step 3: Validate
+
+Run the full test suite in order:
+1. npm run build && npm run lint
+2. npm test
+3. Start xrpld Docker container (based on CONTRIBUTING.md):
+   - Pre-run cleanup (in case a previous run left a container behind): `docker rm -f xrpld-service 2>/dev/null || true`
+   - Start the container: `docker run --detach --rm --publish 6006:6006 --volume "$PWD/.ci-config:/etc/xrpld/" --name xrpld-service rippleci/xrpld:develop --standalone`
+   - Wait for port 6006 with a bounded timeout and halt on failure:
+     ```bash
+     SECONDS=0
+     until nc -z localhost 6006 || [ $SECONDS -gt 120 ]; do sleep 2; done
+     if ! nc -z localhost 6006; then
+       echo "Error: xrpld did not start within 120s"
+       docker logs xrpld-service
+       exit 1
+     fi
+     ```
+   - Run: `npm run test:integration && npm run test:browser`
+   - Stop container: `docker stop xrpld-service` (auto-removed via `--rm`)
+4. npm run test:faucet
+
+If any step fails, **attempt to fix the breaking change with code modifications before rolling back**. Common patterns:
+
+- **BigNumber.js major bumps**: v10+ throws on invalid input instead of returning NaN. Wrap `new BigNumber(val)` calls in try-catch where the code previously checked for NaN.
+- **ESM-only packages** (e.g., https-proxy-agent): Add transform entries and `transformIgnorePatterns` exclusions in `jest.config.base.js` so Jest can parse ESM imports.
+- **Type compatibility** (e.g., @scure/base 2.0 changing Uint8Array generics): Widen variable type annotations (e.g., `let buf: Uint8Array = ...` instead of `let buf = ...`).
+- **Hoisting breakage** (e.g., webpack-merge): If a transitive dep's major version is shadowed by a different transitive dep's older version, add the correct version as an explicit dependency.
+
+Only roll back and mark as Skipped if:
+- The fix requires a large-scale migration (e.g., TypeScript moduleResolution changes across the entire monorepo)
+- The upgrade is blocked by an external peer dependency constraint you cannot update
+
+If a failure persists after investigation and you cannot identify a fix, roll back the upgrade and mark it as Skipped. Re-run validation until green.
+
+## Step 4: Generate Outputs
+
+Do NOT commit or create a PR. Instead, generate the following outputs for the human to use:
+
+1. **Code changes note** — write a markdown file (`.claude/skills/batch-deps-upgrade/code-changes.md`) documenting every non-package.json source code change, explaining what broke, why, and the minimal fix applied.
+
+2. **Commit message** — output a concise commit message the human can copy-paste into `git commit -m "..."`. Format: `chore(deps): quarterly batch dependency upgrade YYYY-QN` followed by a brief summary of upgrades, skips, and removals.
+
+3. **PR description** — write a markdown file (`.claude/skills/batch-deps-upgrade/pr-description.md`) following the repo's PR template (.github/pull_request_template.md):
+   - For "Type of Change", determine dynamically:
+     - Check "Breaking change" ONLY if the upgrade visibly changes the library's public API (e.g., error messages, return types, removed functions). This aligns with whether a `HISTORY.md` entry was added in Step 2.6.
+     - Otherwise, do not check any Type of Change — dependency upgrades are maintenance and don't fit "Refactor" (which means restructuring code without behavior change). Note in the PR body that the upgrade is maintenance.
+   - Include a "Superseded Dependabot PRs" section with a table: PR (linked), Package, From, To, Status, MajorVersionUpgrade
+     - Status values: Upgraded, No-op (reason), Skipped (peer dep conflict / CI failure: error)
+     - MajorVersionUpgrade: `No` if the major version number did not change. Otherwise `Yes` plus a link for each major version crossed. For example, 7.x → 9.x yields `Yes ([v8](url), [v9](url))`. Each link should point to the package's release notes or changelog for that major version. Verify each link returns HTTP 200 and has meaningful content (e.g., `curl -sL -o /dev/null -w "%{http_code}" <url>`); if a package doesn't publish per-version GitHub releases (e.g., TypeScript sometimes skips `x.0.0`/`x.0.1` tags, bignumber.js puts details in CHANGELOG.md), fall back to the CHANGELOG.md file or the closest valid release tag.
+   - Closing instructions with two paragraphs:
+     1. "After merging, close the following superseded PRs (Skipped ones remain open for future handling): #X, #Y, #Z" — list only Upgraded and No-op PRs.
+     2. "The following PRs were Skipped and should remain open: #A (package-a), #B (package-b), ..." — annotate each with the package name. These stay open so Dependabot keeps rebasing them.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -3,6 +3,6 @@ updates:
 - package-ecosystem: npm
   directory: "/"
   schedule:
-    interval: weekly
+    interval: quarterly
     time: "15:00"
-  open-pull-requests-limit: 10
+  open-pull-requests-limit: 30
diff --git a/.github/workflows/faucet_test.yml b/.github/workflows/faucet_test.yml
@@ -4,9 +4,22 @@ on:
   push:
     branches: [main]
   workflow_dispatch:
+  workflow_call:
+    inputs:
+      git_ref:
+        description: 'Git ref to checkout (branch, tag, or commit SHA)'
+        required: true
+        type: string
+      run_faucet_tests:
+        description: 'Run faucet tests job'
+        required: false
+        type: boolean
+        default: true
+
 
 jobs:
   faucet-test:
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.run_faucet_tests != false }}
     runs-on: ubuntu-latest
     timeout-minutes: 15
 
@@ -17,6 +30,9 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.git_ref || github.ref }}
+          fetch-depth: 0
       - name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v4
         with:

diff --git a/.github/workflows/generate-documentation.yml b/.github/workflows/generate-documentation.yml
@@ -0,0 +1,77 @@
+name: Generate Documentation
+
+on:
+  workflow_call:
+    inputs:
+      git_ref:
+        description: 'Git ref to checkout (branch, tag, or commit SHA)'
+        required: true
+        type: string
+
+env:
+  GIT_REF: ${{ inputs.git_ref }}
+
+jobs:
+  generate-documentation:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [22.x]
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ env.GIT_REF }}
+          fetch-depth: 0
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Setup npm version 10
+        run: |
+          npm i -g npm@10 --registry=https://registry.npmjs.org
+      - name: Cache node modules
+        id: cache-nodemodules
+        uses: actions/cache@v4
+        env:
+          cache-name: cache-node-modules
+        with:
+          # caching node_modules
+          path: |
+            node_modules
+            */*/node_modules
+          key: ${{ runner.os }}-deps-${{ matrix.node-version }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-deps-${{ matrix.node-version }}-
+      - name: Install Dependencies
+        if: steps.cache-nodemodules.outputs.cache-hit != 'true'
+        run: npm ci
+
+      - run: npm run build
+
+      - name: Generate Documentation
+        run: npm run docgen
+
+      - name: Upload documentation files as artifact
+        id: docs-artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: docs/
+          retention-days: 10
+
+  deploy-docs-pages:
+    permissions:
+      id-token: write  # Needed for OIDC authentication
+      pages: write # this permission is needed for deploying into Github Pages
+    environment:
+      name: github-pages
+      url: ${{ steps.docs-artifact.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: generate-documentation
+    steps:
+      - name: Deploy to Documentation to GitHub Pages
+        id: docs-artifact
+        uses: actions/deploy-pages@v4