chore: Lock file maintenance#1913
Merged
Merged
Conversation
renovate
Bot
added
dependencies
Contributor
Dependency ReviewThe following issues were found:
|
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
Aureliolo
approved these changes
May 14, 2026
Owner
Aureliolo
left a comment
Aureliolo
left a comment
There was a problem hiding this comment.
Decision: Lockfile-only refresh (Renovate lockFileMaintenance); no package.json / pyproject.toml constraints changed; every refreshed entry is a transitive within an existing pin range. Merging on user override while substantive CI checks (Test Python 3.14, Type Check, Dashboard Test/Build/Lint, CodSpeed, Lighthouse, CodeQL Python/Go/JS, Build Backend Base apko) were still IN_PROGRESS; all checks that had completed at merge time were SUCCESS / SKIPPED / NEUTRAL (Lint, Schema Validation, Doc Drift Gate, Dashboard Lint, Dashboard Storybook Build, Dashboard Security Audit, Python Security Audit, OpenAPI Liveness, Dependency Review, Gitleaks, Socket Security, CodeQL actions).
Changelog digest:
- Covered three lockfiles:
uv.lock(15 transitive bumps),web/package-lock.json(~17 transitive bumps incl. resolver restructuring around the pinnedtypescript-eslint@8.59.2meta),site/package-lock.json(~14 transitive bumps incl. rolldown / @rolldown/* RC→1.0.1 GA). - Reviewed but not relevant: every bumped package is transitive in this repo (no direct dependency in
pyproject.toml[project].dependenciesor inweb/package.json/site/package.jsondirect deps); the single direct-dep adjacency istypescript-eslint(pinned8.59.2) which the resolver keeps at 8.59.2 by creating nested copies undertypescript-eslint/node_modules/,@typescript-eslint/parser/node_modules/, and@typescript-eslint/eslint-plugin/node_modules/while floating unpinned top-level@typescript-eslint/*peers to 8.59.3 for other consumers; Dashboard Lint already returned SUCCESS on this head so the lint chain still resolves consistently. - Relevant for downstream awareness only:
qs6.14.2 → 6.15.1 (top-level subsumes the previously-nestedbody-parser/node_modules/qscopy);rolldownrc.18 → 1.0.1 (first GA on the site bundler, used at build time only);devalue5.8.1 will also satisfy the open Dependabotsite/devalue-5.8.1sibling PR, which Renovate/Dependabot will rebase or close on its next cycle.
Follow-ups: none.
Aureliolo
temporarily deployed
to
cloudflare-preview
GitHub Actions
Inactive
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1913 +/- ##
==========================================
- Coverage 85.06% 85.06% -0.01%
==========================================
Files 1834 1834
Lines 107149 107149
Branches 9241 9241
==========================================
- Hits 91146 91145 -1
Misses 13772 13772
- Partials 2231 2232 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Aureliolo
pushed a commit
that referenced
this pull request
May 17, 2026
<!-- HIGHLIGHTS_START --> ## Highlights > _AI-generated summary (model: `openai/gpt-4.1-mini` via GitHub Models). Commit-based changelog below._ ### What you'll notice - Frontend WP-6 update with UX polish improves user interface and workflow. - Dashboard and training endpoint improvements enhance observability and dispatch behavior. - Web storybook now supports change detection for more responsive UI interactions. - Git hooks now isolated per worktree for cleaner repository management. - Providers automatically detect native streaming support in Litellm models. ### What's new - Added a new pipeline to convert Pydantic DTOs to TypeScript for better front-end compatibility. ### Under the hood - Refactored settings to three precedence categories, removing YAML tier for simpler configuration. - Completed RootConfig mirror coverage for enhanced configuration consistency. - Adopted API conventions with better query performance and forbidden extra fields for stricter validation. - Improved persistence, layer discipline, and restart safety in core work packages. - CI updated with split test jobs and tightened coverage gates for better test quality. - Switched to direct Trivy binary for security scans, removing previous Trivy action dependency. - Enhanced memory management with per-call processing options and better observability during speech-to-text encoding. - Various dependency updates for Python, infrastructure, and lock files maintain security and stability. - Removed TypeScript DTO type-tightening overlays to simplify type management. - Codebase audit tightened skill sets to prevent false positivity in class detection by 2026. <!-- HIGHLIGHTS_END --> :robot: I have created a release *beep* *boop* --- ## [0.8.5](v0.8.4...v0.8.5) (2026-05-17) ### Features * **codegen:** pydantic-to-typescript DTO pipeline + parity gate (closes [#1889](#1889)) ([#1909](#1909)) ([0265ef5](0265ef5)) * **storybook:** enable changeDetection + trim web/CLAUDE.md ([#1939](#1939)) ([3b1f4c0](3b1f4c0)) * **web,setup:** WP-6 frontend + UX polish ([#1941](#1941)) ([d9ca76d](d9ca76d)) ### Bug Fixes * correct invalid git for-each-ref syntax in post-merge-cleanup skill ([#1946](#1946)) ([69a1649](69a1649)) * dashboard polish, training endpoint dispatch, and observability cleanup ([#1911](#1911)) ([b61e9e8](b61e9e8)) * per-worktree git-hook isolation + hookify gate migration + MSW drift fix ([#1949](#1949)) ([e3f8495](e3f8495)) * **providers:** read supports_native_streaming from litellm model info ([#1942](#1942)) ([60364ca](60364ca)) * security and audit coverage (closes [#1883](#1883)) ([#1904](#1904)) ([d8ebf55](d8ebf55)) ### Performance * **ci:** mypy --num-workers=4 + enable ruff TID255 ([#1944](#1944)) ([484c1d3](484c1d3)) ### Refactoring * **ci:** drop aquasecurity/trivy-action, use direct trivy binary ([#1940](#1940)) ([df1f946](df1f946)) * **memory:** per-call processing_kwargs + observability for ST encode ([#1943](#1943)) ([3aa9d20](3aa9d20)) * Phase 7 follow-up — complete RootConfig mirror coverage (closes [#1907](#1907)) ([#1914](#1914)) ([605500b](605500b)) * **settings:** collapse precedence to three categories; drop YAML tier (closes [#1890](#1890)) ([#1910](#1910)) ([efd54c9](efd54c9)) * WP-3 API conventions + query performance + project-wide extra=forbid ([#1953](#1953)) ([504d579](504d579)), closes [#1918](#1918) * WP-4 settings + cross-cutting (clock seam, contextvars, dispatch, plugin surfaces) ([#1954](#1954)) ([7207d92](7207d92)) * **wp1:** persistence + layer discipline + restart safety ([#1945](#1945)) ([57586fb](57586fb)) ### Documentation * **wp5:** public-facing truth refresh ([#1924](#1924)) ([afb5cc5](afb5cc5)) ### CI/CD * split test job by marker with airtight aggregate coverage gate ([#1948](#1948)) ([0b818d5](0b818d5)), closes [#1938](#1938) [#1937](#1937) ### Maintenance * **codebase-audit:** tighten skill to prevent 2026-05-15 FP classes ([#1923](#1923)) ([9317ed1](9317ed1)) * Lock file maintenance ([#1913](#1913)) ([c08a355](c08a355)) * Lock file maintenance ([#1950](#1950)) ([8940ab1](8940ab1)) * remove TS DTO type-tightening overlays ([#1915](#1915)) ([d296214](d296214)), closes [#1906](#1906) * Update Infrastructure dependencies ([#1928](#1928)) ([d19fae5](d19fae5)) * Update Python dependencies ([#1929](#1929)) ([75cc2c8](75cc2c8)) * **wp7:** hygiene, stubs, test/CI/tooling, doc gaps, boundary patterns doc ([#1926](#1926)) ([c29eb32](c29eb32)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: synthorg-repo-bot[bot] <279117679+synthorg-repo-bot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: (in timezone Etc/UTC)
* 0-6 * * 0)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.