chore: Lock file maintenance#1950
Merged
Merged
Conversation
renovate
Bot
added
dependencies
Contributor
Dependency ReviewThe following issues were found:
License Issuesuv.lock
OpenSSF ScorecardScorecard details
Scanned Files
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1950 +/- ##
=======================================
Coverage 84.89% 84.89%
=======================================
Files 1857 1857
Lines 109871 109871
Branches 9397 9397
=======================================
Hits 93277 93277
Misses 14291 14291
Partials 2303 2303 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
renovate
Bot
force-pushed
the
renovate/lock-file-maintenance-lock-files
branch
from
c83c073 to
4836263
Compare
renovate
Bot
force-pushed
the
renovate/lock-file-maintenance-lock-files
branch
from
4836263 to
0f93d75
Compare
Aureliolo
approved these changes
May 17, 2026
Owner
Aureliolo
left a comment
Aureliolo
left a comment
There was a problem hiding this comment.
Decision: Renovate lockFileMaintenance refresh (non-semver; uv.lock + web/site package-lock.json) within existing pyproject/package.json ranges; rebased onto current main; full CI green including CodSpeed; merging as-is.
Changelog digest:
Covered the lockfile-only refresh (no manifest/range changes). uv.lock moved 6 packages: click 8.3.3->8.4.0, huggingface-hub 1.14.0->1.15.0, numpy 2.4.4->2.4.5, nvidia-cublas 13.1.0.3->13.1.1.3, openai 2.36.0->2.37.0, tiktoken 0.12.0->0.13.0. web/site package-lock.json: transitive-only refreshes (caniuse-lite, electron-to-chromium, baseline-browser-mapping, @reduxjs/toolkit 2.11.2->2.12.0, qs 6.15.1->6.15.2, p-queue 9.2.0->9.3.0, proxy-agent/agent-base reshuffles).
- Relevant: none requiring action. All bumps are minor/patch within existing constraints; all transitive except click/huggingface-hub/openai/tiktoken which are still pulled via typer/litellm/sentence-transformers with unchanged ranges. Full functional CI (Test Unit/Integration/E2E/Conformance, Type Check, Lint, Dashboard suite) green confirms no behavioural break.
- Reviewed but not relevant: pre-rebase CodSpeed flagged
resolveLocale x1000 (full-fallback)-33.97%. Investigated and confirmed cross-runner measurement noise, not a real regression: zero web source changed (only lockfiles), zero bench-harness deps changed (vitest/tinybench/@codspeed/vite/esbuild all unchanged), resolveLocale has no npm dependency in its path (Intl.getCanonicalLocales + string ops), only 1 of 4 same-function bench variants flagged, stale base comparison, and CodSpeed's own "different runtime environments" warning. Rebasing onto current main produced a fresh CodSpeed run that is now SUCCESS, confirming the diagnosis. Dependency Review "unknown license" flags for click/tiktoken are SBOM-metadata false positives (both OSI-licensed); that check passed.
Follow-ups: none.
Aureliolo
temporarily deployed
to
cloudflare-preview
GitHub Actions
Inactive
Aureliolo
pushed a commit
that referenced
this pull request
May 17, 2026
<!-- HIGHLIGHTS_START --> ## Highlights > _AI-generated summary (model: `openai/gpt-4.1-mini` via GitHub Models). Commit-based changelog below._ ### What you'll notice - Frontend WP-6 update with UX polish improves user interface and workflow. - Dashboard and training endpoint improvements enhance observability and dispatch behavior. - Web storybook now supports change detection for more responsive UI interactions. - Git hooks now isolated per worktree for cleaner repository management. - Providers automatically detect native streaming support in Litellm models. ### What's new - Added a new pipeline to convert Pydantic DTOs to TypeScript for better front-end compatibility. ### Under the hood - Refactored settings to three precedence categories, removing YAML tier for simpler configuration. - Completed RootConfig mirror coverage for enhanced configuration consistency. - Adopted API conventions with better query performance and forbidden extra fields for stricter validation. - Improved persistence, layer discipline, and restart safety in core work packages. - CI updated with split test jobs and tightened coverage gates for better test quality. - Switched to direct Trivy binary for security scans, removing previous Trivy action dependency. - Enhanced memory management with per-call processing options and better observability during speech-to-text encoding. - Various dependency updates for Python, infrastructure, and lock files maintain security and stability. - Removed TypeScript DTO type-tightening overlays to simplify type management. - Codebase audit tightened skill sets to prevent false positivity in class detection by 2026. <!-- HIGHLIGHTS_END --> :robot: I have created a release *beep* *boop* --- ## [0.8.5](v0.8.4...v0.8.5) (2026-05-17) ### Features * **codegen:** pydantic-to-typescript DTO pipeline + parity gate (closes [#1889](#1889)) ([#1909](#1909)) ([0265ef5](0265ef5)) * **storybook:** enable changeDetection + trim web/CLAUDE.md ([#1939](#1939)) ([3b1f4c0](3b1f4c0)) * **web,setup:** WP-6 frontend + UX polish ([#1941](#1941)) ([d9ca76d](d9ca76d)) ### Bug Fixes * correct invalid git for-each-ref syntax in post-merge-cleanup skill ([#1946](#1946)) ([69a1649](69a1649)) * dashboard polish, training endpoint dispatch, and observability cleanup ([#1911](#1911)) ([b61e9e8](b61e9e8)) * per-worktree git-hook isolation + hookify gate migration + MSW drift fix ([#1949](#1949)) ([e3f8495](e3f8495)) * **providers:** read supports_native_streaming from litellm model info ([#1942](#1942)) ([60364ca](60364ca)) * security and audit coverage (closes [#1883](#1883)) ([#1904](#1904)) ([d8ebf55](d8ebf55)) ### Performance * **ci:** mypy --num-workers=4 + enable ruff TID255 ([#1944](#1944)) ([484c1d3](484c1d3)) ### Refactoring * **ci:** drop aquasecurity/trivy-action, use direct trivy binary ([#1940](#1940)) ([df1f946](df1f946)) * **memory:** per-call processing_kwargs + observability for ST encode ([#1943](#1943)) ([3aa9d20](3aa9d20)) * Phase 7 follow-up — complete RootConfig mirror coverage (closes [#1907](#1907)) ([#1914](#1914)) ([605500b](605500b)) * **settings:** collapse precedence to three categories; drop YAML tier (closes [#1890](#1890)) ([#1910](#1910)) ([efd54c9](efd54c9)) * WP-3 API conventions + query performance + project-wide extra=forbid ([#1953](#1953)) ([504d579](504d579)), closes [#1918](#1918) * WP-4 settings + cross-cutting (clock seam, contextvars, dispatch, plugin surfaces) ([#1954](#1954)) ([7207d92](7207d92)) * **wp1:** persistence + layer discipline + restart safety ([#1945](#1945)) ([57586fb](57586fb)) ### Documentation * **wp5:** public-facing truth refresh ([#1924](#1924)) ([afb5cc5](afb5cc5)) ### CI/CD * split test job by marker with airtight aggregate coverage gate ([#1948](#1948)) ([0b818d5](0b818d5)), closes [#1938](#1938) [#1937](#1937) ### Maintenance * **codebase-audit:** tighten skill to prevent 2026-05-15 FP classes ([#1923](#1923)) ([9317ed1](9317ed1)) * Lock file maintenance ([#1913](#1913)) ([c08a355](c08a355)) * Lock file maintenance ([#1950](#1950)) ([8940ab1](8940ab1)) * remove TS DTO type-tightening overlays ([#1915](#1915)) ([d296214](d296214)), closes [#1906](#1906) * Update Infrastructure dependencies ([#1928](#1928)) ([d19fae5](d19fae5)) * Update Python dependencies ([#1929](#1929)) ([75cc2c8](75cc2c8)) * **wp7:** hygiene, stubs, test/CI/tooling, doc gaps, boundary patterns doc ([#1926](#1926)) ([c29eb32](c29eb32)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: synthorg-repo-bot[bot] <279117679+synthorg-repo-bot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: (in timezone Etc/UTC)
* 0-6 * * 0)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.