Skip to content

fix(deps): sync bun.lock with release-please 3.6.0 version bump#227

Merged
buremba merged 1 commit into
mainfrom
fix/bun-lockfile-sync-3.6.0
Apr 20, 2026
Merged

fix(deps): sync bun.lock with release-please 3.6.0 version bump#227
buremba merged 1 commit into
mainfrom
fix/bun-lockfile-sync-3.6.0

Conversation

@buremba
Copy link
Copy Markdown
Member

@buremba buremba commented Apr 20, 2026

Summary

  • Sync workspace package versions in bun.lock (3.5.0 → 3.6.0, 1.6.0 → 3.6.0) to match release-please's version bump in chore(main): release lobu 3.6.0 #204
  • Unblocks Cloudflare Pages landing deploy, which fails bun install --frozen-lockfile on every push since the 3.6.0 release

Context

release-please bumped package.json files but doesn't touch bun.lock, so CI sees stale workspace versions and fails fast. Every deploy after 1c0d926 has been red.

Test plan

@buremba buremba merged commit e14500c into main Apr 20, 2026
6 of 7 checks passed
@buremba buremba mentioned this pull request Apr 20, 2026
Merged
@buremba buremba deleted the fix/bun-lockfile-sync-3.6.0 branch April 21, 2026 21:41
buremba added a commit that referenced this pull request May 26, 2026
@buremba
chore(submodule): bump owletto to main (consent UI + clears pre-exist…
f6e3ac2 
…ing drift)

Advances packages/owletto to owletto/main (79932d7): brings the device-consent
'who + scopes' change (owletto#230) and clears the pre-existing pointer drift
from owletto#226/#227/#228 (deploy/monitoring commits, no frontend impact) that
check-drift was flagging on every lobu PR.
buremba added a commit that referenced this pull request May 26, 2026
@buremba
feat(server): informed consent for agent user_claimed flow (#1081)
48cd6ea 
* feat(server): informed consent for agent user_claimed flow

Two informed-consent additions for the agent email-claim flow:
- GET /oauth/device/info?user_code=... (auth-gated) returns the requesting
  client name + scopes for a pending device code, so the consent page can show
  WHO is asking and WHAT they get instead of approving a blind code.
- The magic-link email reframes as an authorization request (subject + body)
  when its callbackURL targets the device consent page — so a user doesn't grant
  third-party access thinking they're completing a routine sign-in. Normal
  login emails are unchanged.

The consent gate itself is already explicit (no auto-approve in the current
build, confirmed e2e on prod). Tests cover the info endpoint (authed/401/400)
alongside the existing discovery + full-loop suite.

* chore(submodule): bump owletto to main (consent UI + clears pre-existing drift)

Advances packages/owletto to owletto/main (79932d7): brings the device-consent
'who + scopes' change (owletto#230) and clears the pre-existing pointer drift
from owletto#226/#227/#228 (deploy/monitoring commits, no frontend impact) that
check-drift was flagging on every lobu PR.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@buremba