update deploy-notes skill for rarely updated programs

[metapileks]

No description provided.

[github-actions]

Repository Guard

• Cargo.lock: pass
• yarn.lock (root): pass
• yarn.lock (sdk): pass
• Repo guard: pass

Repository Guard

Cargo dependency pinning

• Status: pass
• Every programs/*/Cargo.toml dep uses =x.y.z, a path = .. workspace ref, or a git dep with a 40-char rev.

Cross-program Anchor/Solana version consistency

• Status: pass
• anchor-lang and anchor-spl are pinned to the version declared in repo-guard.toml across every program.

solana-program crate pin

• Status: pass
• Every solana-program = "=X" declaration is =1.17.14 (locked to match Cargo.lock).

Anchor.toml solana_version

• Status: pass
• Anchor.toml declares solana_version = "1.17.34" (local-dev install for anchor test).

Crate minimum age

• Status: pass
• All Cargo deps changed by this PR are at least 14 days old on crates.io.

Yarn package.json pinning

• Status: pass
• All package.json deps use exact versions (no ^, ~, ranges).

npm minimum age

• Status: pass
• All npm deps changed by this PR are at least 14 days old.

Workflow toolchain consistency

• Status: pass
• Every workflow declares anchor-version: 0.29.0.
• Per-file solana-cli-version values match [toolchain.workflow_solana_cli] in repo-guard.toml.

GitHub Action SHA pinning

• Status: pass
• Every third-party action is pinned to a SHA in [actions.sha_allowlist].

Sensitive program / config changes

• Status: pass
• No suspicious changes to program IDs, error enums, or sensitive files detected.

Overall status: pass

Lockfile freshness (Cargo.lock + yarn.lock) is checked by the workflow directly and cannot be bypassed. The sensitive-diff section is a review hint - CODEOWNERS handles the actual merge gate.