chore: Update CLI dependencies#1702
Merged
Merged
Conversation
renovate
Bot
added
dependencies
Contributor
Dependency ReviewThe following issues were found:
License Issuescli/go.mod
OpenSSF Scorecard
Scanned Files
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1702 +/- ##
==========================================
- Coverage 84.69% 84.69% -0.01%
==========================================
Files 1786 1786
Lines 102259 102259
Branches 8980 8980
==========================================
- Hits 86613 86612 -1
- Misses 13457 13458 +1
Partials 2189 2189 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Aureliolo
temporarily deployed
to
cloudflare-preview
GitHub Actions
Inactive
Aureliolo
added a commit
that referenced
this pull request
May 3, 2026
## Summary Adds a cross-PR file-overlap analysis step to the `/review-dep-pr` skill so that batch reviews surface merge conflicts upfront and the user can pick a sequencing strategy before triage. ### What changed - **New Phase 5 — Cross-PR File Overlap Analysis** (skipped for single-PR runs): - Pulls each PR's changed-file list via `gh pr view --json files`. - Builds a per-file conflict map and classifies overlaps as **none / lockfile-only / config / source**. - Treats `package-lock.json`, `pnpm-lock.yaml`, `uv.lock`, `go.sum`, `atlas.sum`, etc. as lockfile-only (rebase needed, not a hard blocker). - Groups PRs into merge **waves** (Wave 1 = parallel-safe, Wave 2+ = sequential after rebase). - **Phase 6 (Present Findings)** now leads with a "Batch Overlap Summary" header and adds a `Files touched / conflicts with` row to each per-PR card. - **Phase 7 (User Decision)** opens with a strategy question whenever ≥ 2 PRs share files: - Wave-based parallel - Strict sequential - Combine into one PR - Defer the conflicting subset - **Phase 8 (Execute Decisions)** honours the chosen strategy when sequencing merges (parallel waves, rebase between waves, etc.). - New rule: multi-PR runs always compute the conflict map; lockfile-only overlaps are acceptable but expect rebase between merges. ### Why Without this, the skill would propose merging in parallel any PRs whose CI is green, then run into surprise conflicts on the second/third merge — most often on workflow YAMLs and lockfiles. The new phase makes the conflict surface explicit before the user picks a strategy, and the strategy choice is then carried through to execution. ### Test plan Dogfooded against the 8 open Renovate PRs in this repo (#1698-#1705). Surfaced three conflict clusters (`docker.yml` between #1698/#1701/#1703, `cli.yml` between #1702/#1703, `web/package.json` between #1700/#1704) plus the expected lockfile-only overlaps. The Wave-based strategy successfully merged 5 PRs sequentially with `--squash --admin` and the lockfile PR (#1705) was rebased via Renovate. ### Review coverage `/pre-pr-review quick` — docs-only change to a `.claude/` skill file, no code/agents required. Pre-commit hooks passed (trailing whitespace, EOF, secrets, em-dashes).
Aureliolo
pushed a commit
that referenced
this pull request
May 3, 2026
<!-- HIGHLIGHTS_START --> ## Highlights > _AI-generated summary (model: `openai/gpt-4.1-mini` via GitHub Models). Commit-based changelog below._ ### What you'll notice - Frontend and UX polishing improves user interface responsiveness and visual consistency. - API hygiene and validation enhancements provide smoother and more reliable interactions. ### What's new - Introduced typed-boundary helpers enabling better type safety and parse_typed workflows. - Added codebase-audit skill prompt tuning for improved project auditing. ### Under the hood - Eliminated flaky tests caused by module-level state for more stable test outcomes. - Unified image tag management under CLI and Renovate for consistent dependency updates. - Added cross-PR file-overlap analysis to the review dependency pull request skill. - Updated multiple dependencies including Python, Web, CLI, and container libraries. - Improved CI tooling and lock file maintenance for better build reliability. <!-- HIGHLIGHTS_END --> :robot: I have created a release *beep* *boop* --- ## [0.7.8](v0.7.7...v0.7.8) (2026-05-03) ### Features * **api:** typed-boundary helper + codebase-audit skill prompt tuning ([#1712](#1712)) ([40ee65b](40ee65b)) * **boundary:** RFC [#1711](#1711) Phases 2 + 3 — typed boundaries via parse_typed ([#1720](#1720)) ([7b9f409](7b9f409)) ### Bug Fixes * **api:** audit cleanup B -- API hygiene & validation ([#1719](#1719)) ([3d790d9](3d790d9)) * audit cleanup C - persistence, concurrency & data integrity ([#1708](#1708)) ([#1717](#1717)) ([bcce097](bcce097)) * **test:** exterminate xdist-flaky tests with module-level state ([#1713](#1713)) ([#1721](#1721)) ([8d258dd](8d258dd)) * **web:** audit cleanup E -- frontend & UX polish ([#1710](#1710)) ([#1718](#1718)) ([3a3591a](3a3591a)) ### Refactoring * **cli:** single source of truth for DHI image tags + Renovate manager ([#1723](#1723)) ([57980a2](57980a2)) ### Documentation * audit cleanup D -- public-facing & docs sync ([#1709](#1709)) ([#1715](#1715)) ([ade03b7](ade03b7)) ### Tests * **engine:** make TestDrainTimeout deterministic + preserve subclass type in [@Ontology](https://github.com/ontology)_entity ([#1729](#1729)) ([b00fb05](b00fb05)) ### CI/CD * Update CI tool dependencies ([#1703](#1703)) ([355a9ff](355a9ff)) ### Maintenance * add cross-PR file-overlap analysis to review-dep-pr skill ([#1722](#1722)) ([3861d8a](3861d8a)) * **ci:** unify apko-version under workflow env so Renovate manages it everywhere ([#1724](#1724)) ([9c0a7fd](9c0a7fd)) * consolidate DHI image-pin custom regex managers ([#1726](#1726)) ([b8b0cba](b8b0cba)) * **deps:** update dependency chainguard-dev/melange to v0.50.4 ([#1701](#1701)) ([8cbf83a](8cbf83a)) * Lock file maintenance ([#1705](#1705)) ([414cfea](414cfea)) * Lock file maintenance ([#1727](#1727)) ([5cb1212](5cb1212)) * Update CLI dependencies ([#1702](#1702)) ([9fb57b9](9fb57b9)) * Update Container dependencies ([#1698](#1698)) ([6d24fd6](6d24fd6)) * Update dependency @eslint-react/eslint-plugin to v5 ([#1704](#1704)) ([1cb1294](1cb1294)) * Update Python dependencies ([#1699](#1699)) ([8e7af3a](8e7af3a)) * Update Python dependencies to v4.15.0 ([#1725](#1725)) ([69164c8](69164c8)) * Update Web dependencies ([#1700](#1700)) ([715300d](715300d)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: synthorg-repo-bot[bot] <279117679+synthorg-repo-bot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v2.11.4→v2.12.1v0.0.21→v0.0.22v2.11.4→v2.12.1Release Notes
golangci/golangci-lint (github.com/golangci/golangci-lint/v2/cmd/golangci-lint)
v2.12.1Compare Source
Released on 2026-05-01
gomodguard_v2: fix panic with migration suggestioninstall.shscript (if you are still using an URL based on the branchmaster, please update to usehttps://golangci-lint.run/install.sh)v2.12.0Compare Source
Released on 2026-05-01
clickhouselintlinter https://github.com/ClickHouse/clickhouse-go-linterdupl: fromf665c8dtoc99c5cf(extended detection)funcorder: from 0.5.0 to 0.6.0 (new option:function)goconst: add an option to ignore strings from testsgoconst: from 1.8.2 to 1.10.0 (extended detection)gomodguard_v2: from 1.4.1 to 2.1.0 (major version with new configuration)gosec: from619ce21to 2.26.1 (new checks:G124,G708,G709,G710)govet: addinlineanalyzermakezero: from 2.1.0 to 2.2.1 (support slice type aliases)paralleltest: exposecheckcleanupoptionsloglint: from 0.11.1 to 0.12.0 (new options:allowed-keys,custom-funcs)wsl_v5: from 5.6.0 to 5.8.0 (new option:cuddle-max-statements; new checks:after-decl,after-defer,after-expr,after-go,cuddle-group)forbidigo: from 2.3.0 to 2.3.1godot: from 1.5.4 to 1.5.6govet-modernize: from 0.43.0 to 0.44.0ireturn: from 0.4.0 to 0.4.1rowserrcheck: from 1.1.1 toc5f79b8customcommandmattn/go-isatty (github.com/mattn/go-isatty)
v0.0.22Compare Source
Configuration
📅 Schedule: (in timezone Etc/UTC)
* 0-6 * * 6)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.