chore: Lock file maintenance#1820
Merged
Merged
Conversation
Contributor
Dependency ReviewThe following issues were found:
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1820 +/- ##
==========================================
- Coverage 84.76% 84.75% -0.01%
==========================================
Files 1798 1798
Lines 103991 103991
Branches 9109 9109
==========================================
- Hits 88145 88140 -5
- Misses 13638 13641 +3
- Partials 2208 2210 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Aureliolo
approved these changes
May 8, 2026
Owner
Aureliolo
left a comment
Aureliolo
left a comment
There was a problem hiding this comment.
Decision: Renovate lockFileMaintenance refresh of uv.lock, web/package-lock.json, site/package-lock.json; CI green; no source/config diffs; all transitive bumps stay within existing pyproject.toml and package.json constraints.
Changelog digest:
- Scope: lockfile-only (3 files, 0 source/config). Reviewed every distinct version delta in the diff.
- Reviewed but not relevant (transitive churn within unchanged top-level constraints):
- Python:
googleapis-common-protos1.74.0 -> 1.75.0,hf-xet1.4.3 -> 1.5.0,huggingface-hub1.13.0 -> 1.14.0,markdown-it-py4.0.0 -> 4.2.0,openai2.33.0 -> 2.36.0 (still satisfiespyproject.tomlflooropenai>=2.33and CI provider tests pass),pip26.1 -> 26.1.1,pydantic-settings2.14.0 -> 2.14.1,python-discovery1.2.2 -> 1.3.0,pytz2026.1.post1 -> 2026.2 (tzdata refresh),sse-starlette3.4.1 -> 3.4.2,transformers5.7.0 -> 5.8.0,urllib32.6.3 -> 2.7.0,uv0.11.8 -> 0.11.11,virtualenv21.3.0 -> 21.3.1. - Web:
@puppeteer/browsers2.13.0 -> 2.13.1,immer11.1.4 -> 11.1.7,@storybook/icons2.0.1 -> 2.0.2,@types/estree1.0.8 -> 1.0.9,caniuse-lite/electron-to-chromium/baseline-browser-mappingdata refreshes,enhanced-resolve5.21.0 -> 5.21.2,graphql16.13.2 -> 16.14.0,get-east-asian-width1.5.0 -> 1.6.0. - Site (Astro):
vite7.3.2 -> 7.3.3,@oxc-project/types0.127.0 -> 0.128.0,@rolldown/binding-*rc.17 -> rc.18,@rollup/rollup-*4.60.2 -> 4.60.3.
- Python:
- Marker simplification in
uv.lock(e.g.scikit-learn,scipy,sentence-transformers,sympylose redundantextra ==markers on transitive deps): pure resolver bookkeeping, no behaviour change. - Reviewed but not relevant (no items affected us): no breaking changes touching any first-party usage; no deprecations on APIs we call; no security advisories surfaced by Dependency Review or Socket.
- Relevant: none (lockfile maintenance does not adopt new top-level features; Renovate's
lockFileMaintenanceonly refreshes resolved versions within existing constraints).
Follow-ups: none.
Aureliolo
temporarily deployed
to
cloudflare-preview
GitHub Actions
Inactive
Aureliolo
pushed a commit
that referenced
this pull request
May 10, 2026
<!-- HIGHLIGHTS_START --> ## Highlights > _AI-generated summary (model: `openai/gpt-4.1-mini` via GitHub Models). Commit-based changelog below._ ### What you'll notice - Improved error logging and Prometheus instrumentation provide better system monitoring. - Eliminated race conditions in CI tagging for more reliable development releases. - Fixed critical configuration access and kill-switch bugs to enhance system stability. - Enhanced client experience with retry-after headers and better websocket reconnect behavior. ### What's new - Introduced composite indexes and cursor pagination for faster data queries. - Added server-sent events rate limiting and Ollama input sanitization for improved security. ### Under the hood - Centralized workflow error mappings to standardize error handling. - Refactored API lifecycle fallback to use a configuration snapshot for consistency. - Tightened startup settings baseline and reduced controller error baseline to zero. - Replaced flaky contributor-assistant GitHub action with a custom stable step. - Consolidated Renovate dependency groups to avoid update conflicts. - Upgraded in-toto-golang dependency to fix security vulnerabilities and dropped unnecessary CVE waivers. - Extensive lock file maintenance and multiple infrastructure and Python dependency updates. <!-- HIGHLIGHTS_END --> :robot: I have created a release *beep* *boop* --- ## [0.8.2](v0.8.1...v0.8.2) (2026-05-10) ### Features * close audit gaps in error logging and Prometheus instrumentation ([#1821](#1821)) ([ef00fdc](ef00fdc)) ### Bug Fixes * **ci:** eliminate dev-release tag-vs-downstream race + CI hygiene audit ([#1827](#1827)) ([b7b9a59](b7b9a59)) * **config:** close 6 settings reachability + kill-switch gaps ([#1798](#1798)) ([410cb3b](410cb3b)) * correctness / safety fixes from 2026-05-05 audit (Wave 28) ([#1823](#1823)) ([d01e624](d01e624)) ### Performance * composite indexes + cursor pagination + clock seam + SSE rate-limit + Ollama sanitization + retry-after web client + WS reconnect jitter ([#1822](#1822)) ([d1faf86](d1faf86)) ### Refactoring * **api:** move activities lifecycle-cap fallback to ApiBridgeConfig snapshot ([#1840](#1840)) ([7a56e9c](7a56e9c)) * centralise workflow error mapping and shared error codes ([#1778](#1778) sub-tasks A + E) ([#1843](#1843)) ([11132cd](11132cd)) * drive controller-error baseline to zero ([#1778](#1778) sub-task A tail) ([#1846](#1846)) ([e96ae20](e96ae20)) * slim CLAUDE.md, port pr-review-toolkit agents, sync .opencode parity ([#1833](#1833)) ([e6372b8](e6372b8)) * tighten settings → startup-trace baseline (8 → 0) ([#1847](#1847)) ([3376ee2](3376ee2)) ### Documentation * fix CLAUDE.md inaccuracies and drop drift-prone counts ([#1844](#1844)) ([371925f](371925f)) ### Tests * replace test placeholders with real subsystem wiring ([#1845](#1845)) ([ddbb666](ddbb666)) ### CI/CD * **cla:** replace flaky contributor-assistant action with custom read-path step ([#1819](#1819)) ([11aeafe](11aeafe)) * tidy dev-release notes + stagger renovate lockfile day ([#1824](#1824)) ([ec746a9](ec746a9)) ### Maintenance * cleanup roundup, sub-tasks a/c/d/g/h/j/l/m of [#1781](#1781) ([#1838](#1838)) ([099b871](099b871)) * close remaining 5 sub-tasks of [#1781](#1781) (b/e/f/i/k) ([#1852](#1852)) ([59cf0b2](59cf0b2)) * collapse Renovate dep groups into Python / Web / Infrastructure to remove cross-PR overlap ([#1813](#1813)) ([4cbd857](4cbd857)) * **deps,security:** bump in-toto-golang v0.11.0 + drop two patched CVE waivers ([#1851](#1851)) ([0b8b5bb](0b8b5bb)) * disable Renovate vulnerabilityAlerts so security flows into normal updates ([#1834](#1834)) ([6b7d15f](6b7d15f)) * Lock file maintenance ([#1820](#1820)) ([ccbad73](ccbad73)) * Lock file maintenance ([#1842](#1842)) ([13b68a5](13b68a5)) * Lock file maintenance ([#1853](#1853)) ([db6650b](db6650b)) * Update dhi.io/nats:2.14-debian13 Docker digest to eb768bf ([#1841](#1841)) ([37f84fc](37f84fc)) * Update Infrastructure dependencies ([#1815](#1815)) ([75b12fe](75b12fe)) * Update Infrastructure dependencies ([#1831](#1831)) ([3f3c50b](3f3c50b)) * Update Python dependencies ([#1817](#1817)) ([e11332f](e11332f)) * Update Python dependencies ([#1832](#1832)) ([4515c8e](4515c8e)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: synthorg-repo-bot[bot] <279117679+synthorg-repo-bot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: (in timezone Etc/UTC)
* 0-6 * * 6)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.