fix(deps): bump @tastehub/ckb-win32-x64 from 8.0.0 to 8.0.5 in /npm

[dependabot]

Bumps @tastehub/ckb-win32-x64 from 8.0.0 to 8.0.5.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🟢 Change Impact Analysis

Metric	Value
Risk Level	LOW 🟢
Files Changed	1
Symbols Changed	1
Directly Affected	0
Transitively Affected	0

Blast Radius: 0 modules, 0 files, 0 unique callers

📝 Changed Symbols (1)

Symbol	File	Type	Confidence
npm/package.json	npm/package.json	modified	30%

Recommendations

• ℹ️ coverage: 1 symbols have low mapping confidence. Index may be stale.
  • Action: Run 'ckb index' to refresh the SCIP index

---

_{Generated by CKB}

[github-actions]

CKB Analysis

🎯 1 changed → 0 affected · 📚 143 stale

Risk factors: Small, focused change

Metric	Value
Impact Analysis	1 symbols → 0 affected	🟢
Doc Coverage	9.090909090909092%	⚠️
Complexity	0 violations	✅
Coupling	0 gaps	✅
Blast Radius	0 modules, 0 files	✅
Index	indexed (1s)	🆕

🎯 Change Impact Analysis · 🟢 LOW · 1 changed → 0 affected

Metric	Value
Symbols Changed	1
Directly Affected	0
Transitively Affected	0
Modules in Blast Radius	0
Files in Blast Radius	0

Symbols changed in this PR:

• npm/package.json [modified] (30%) — npm/package.json

Recommendations:

• ℹ️ 1 symbols have low mapping confidence. Index may be stale.
  • Action: Run 'ckb index' to refresh the SCIP index

💡 Quick wins · 10 suggestions

• 🟡 Add tests → internal/query/engine_test.go
• 🟡 Add tests → internal/incremental/indexer_test.go
• 🟡 Add tests → internal/incremental/store_test.go
• 🟡 Add tests → internal/api/index_processor.go
• 🟡 Add tests → internal/incremental/extractor_test.go
• 🟢 Assign backup owner → internal/query/engine_test.go
• 🟢 Assign backup owner → internal/incremental/indexer_test.go
• 🟢 Assign backup owner → internal/incremental/store_test.go

📚 Stale docs · 143 broken references

• docs/CONTRIBUTING.md:108 → errors.New
• docs/CONTRIBUTING.md:108 → errors.SYMBOL_NOT_FOUND
• docs/CONTRIBUTING.md:111 → errors.Wrap
• docs/backlog/index-refresh-improvements.md:36 → watcher.Add
• docs/backlog/index-refresh-improvements.md:36 → filepath.Join
• docs/backlog/index-refresh-improvements.md:97 → time.Second
• docs/featureplans/change-impact-analysis-checklist.md:208 → coverage.out
• docs/featureplans/change-impact-analysis-checklist.md:214 → lcov.info
• docs/featureplans/change-impact-analysis-checklist.md:309 → coverage.out
• docs/featureplans/change-impact-analysis.md:448 → scip.SCIPIndex
• docs/featureplans/change-impact-analysis.md:478 → context.Context
• docs/featureplans/change-impact-analysis.md:669 → coverage.out
• docs/ideas.md:16 → provenance.backends
• docs/ideas.md:21 → queryPolicy.coalesceWindowMs
• docs/ideas.md:302 → confidence.factors

---

_{Generated by CKB · Run details}

[github-actions]

🔐 Security Audit Results

⚠️ Security gate passed with warnings - 7 issue(s) found (review recommended)

Category	Findings
🔑 Secrets	✅ 0
🛡️ SAST	✅ 0
📦 Dependencies	⚠️ 7
📜 Licenses	⚠️ 119 non-permissive

📦 Dependency Vulnerabilities

Found 7 vulnerability(ies) across 2 scanner(s)

Details

Trivy (4 findings)

• CVE-2026-22036 (MEDIUM): undici - undici: Undici: Denial of Service via excessive de...
• CVE-2025-54410 (LOW): github.com/docker/docker - github.com/moby/moby: Moby's Firewalld reload remo...
• GHSA-vrw8-fxc6-2r93 (MEDIUM): github.com/go-chi/chi/v5 - chi Allows Host Header Injection which Leads to Op...
• CVE-2025-47908 (MEDIUM): github.com/rs/cors - github.com/rs/cors: Denial of service via maliciou...

OSV-Scanner (3 findings)

• github.com/docker/docker: 2 vulnerabilities
• github.com/go-chi/chi/v5: 1 vulnerabilities
• github.com/rs/cors: 2 vulnerabilities

📜 License Issues

Found 119 non-permissive license(s)

Details

• github.com/BurntSushi/toml: MIT (notice)
• github.com/google/uuid: BSD-3-Clause (notice)
• github.com/klauspost/compress: Apache-2.0 (notice)
• github.com/klauspost/compress: BSD-3-Clause (notice)
• github.com/klauspost/compress: MIT (notice)
• github.com/pelletier/go-toml/v2: MIT (notice)
• github.com/smacker/go-tree-sitter: MIT (notice)
• github.com/sourcegraph/go-diff: MIT (notice)
• github.com/sourcegraph/scip: Apache-2.0 (notice)
• github.com/spf13/cobra: Apache-2.0 (notice)
• ... and 109 more

---

_{Generated by CKB Security Audit | View Details | Security Tab}