From 3040e57759a5d6862483a6fad377adbe7557ac3e Mon Sep 17 00:00:00 2001 From: Claude Date: Thu, 28 May 2026 09:26:41 -0400 Subject: [PATCH] =?UTF-8?q?fix(.mise.toml):=20bump=20uv=200.11.8=20?= =?UTF-8?q?=E2=86=92=200.11.16=20=E2=80=94=20cascade-unblocks=20all=20CI?= =?UTF-8?q?=20lint?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Empirical: every open PR's `lint (semgrep)` (required) plus ~10 non-required lint checks were FAILING because the mise toolchain install step exited with: aqua:astral-sh/uv@0.11.8: HTTP status client error (404 Not Found) for url (https://api.github.com/repos/astral-sh/uv/releases/tags/0.11.8) pipx:semgrep@1.161.0: Skipped due to failed dependency The install bails before lint actually runs, so every lint job reports FAILURE on every PR. Affects 8 BLOCKED + 13 UNSTABLE = 21 of 25 open PRs in today's snapshot. Per `.claude/rules/dep-pin-search-first-authority.md`: WebSearched + cross-checked authoritative upstream: - `gh api repos/astral-sh/uv/releases/latest` → tag_name = "0.11.16", published_at = "2026-05-21T22:11:32Z" - WebSearch 2026-05-28: confirmed 0.11.16 is current stable per https://github.com/astral-sh/uv/releases (top result 2026-05-21) Root cause hypothesis (whichever is actual, the fix is the same): either (a) aqua's release cache pruned 0.11.8 between release time and the recent CI run, or (b) anonymous-API-rate-limit on the GitHub runner converted into 404 from aqua's perspective. Bumping to current latest stable resolves both cases — fresh asset cache upstream + most-recent release least likely to have been pruned. uv ships semver-disciplined; 0.11.8 → 0.11.16 is 8 patch releases, no breaking changes expected. The toolchain consumes `uv` only via the `pipx:semgrep` backend (mise auto-routes `pipx:` through `uv tool install`); semgrep@1.161.0 install discipline is unchanged. Composes with: - `.claude/rules/dep-pin-search-first-authority.md` — empirical- anchor sibling to cascade #4 (NixOS 24.11 EOL) + cascade #5 (ISO grub path); same "Otto-defaults-to-plausible-but-unverified" root cause class at version-pin scope - `.claude/rules/blocked-green-ci-investigate-threads.md` — Pattern resolved by single-pin-bump unblocking many PRs at once Verification path: post-merge, the 8 currently-BLOCKED PRs and the 13 UNSTABLE PRs should rebase clean against this and clear most or all of their lint failures. Per-PR thread + remaining-issue triage proceeds from there. Co-Authored-By: Claude Opus 4.7 --- .mise.toml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.mise.toml b/.mise.toml index 62c3fab003..9b62834c74 100644 --- a/.mise.toml +++ b/.mise.toml @@ -38,7 +38,18 @@ bun = "1.3" # powers mise's `pipx:` backend below (mise auto-routes `pipx:` # tools through `uv tool install` when uv is available — no # pipx package needed, faster + already in our toolchain). -uv = "0.11.8" +# +# Bumped 0.11.8 → 0.11.16 (2026-05-28) — 0.11.8 was empirically +# failing in `mise install` with `aqua:astral-sh/uv@0.11.8: HTTP +# status client error (404 Not Found)`, cascading all 11 lint +# jobs into FAILURE on every open PR (the install step exits 1 +# before lint runs). Per `.claude/rules/dep-pin-search-first- +# authority.md`: bumped to current upstream latest stable per +# WebSearch 2026-05-28 + `gh api repos/astral-sh/uv/releases/ +# latest` (both authoritative; tag_name = "0.11.16", +# published_at = 2026-05-21T22:11:32Z). Source: +# https://github.com/astral-sh/uv/releases/tag/0.11.16 +uv = "0.11.16" # actionlint: GitHub Actions workflow linter. Declarative install # (GOVERNANCE §24 three-way-parity) so dev laptops + CI runners # (including ubuntu-slim which doesn't ship with it) have identical