Bump actions/setup-node from 4 to 6#3
Merged
Conversation
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
2 tasks
s977043
added a commit
that referenced
this pull request
Feb 21, 2026
- Remove unused `import matter from 'gray-matter'` (Copilot #4) - Add explicit ID collision deduplication in convertAgentSkillToRR() so duplicate frontmatter IDs get `-2` suffix instead of silent overwrite (Sentry #1, Copilot #2) - Resolve fromPath relative to projectRoot instead of CWD in discoverAgentSkillPaths() (Copilot #3) - Clarify --to help text for import/export subcommands (Gemini #5) - Add test for colliding explicit IDs Co-Authored-By: Claude Opus 4.6 <[email protected]>
3 tasks
9 tasks
3 tasks
s977043
added a commit
that referenced
this pull request
May 25, 2026
* docs(runbook): add release-smoke.md (codex final-pass review item #3) Close the third drift item from Codex's final-pass review (after the v0.51.0–v0.55.0 sprint). Items #1 and #2 already landed: - #1 README Epic 1 status drift (PR #889) - #2 risk-map example (PR #896) - #3 release smoke runbook (this PR) Add docs/runbook/release-smoke.md as a sibling to docs/runbook/dev.md. It is not a release runbook (release-please handles tagging), but the smoke test that confirms a fresh tag installs cleanly for an adopter. Sections - When to run: post release-please merge, post dependabot prod-dep bump, pre announcement. - What it verifies: lint/tests/skills validate, river run dry-run, npm pack --dry-run, npm audit --omit=dev, GitHub Release presence. - Smoke sequence: single bash block, all commands must exit 0. - Release confirmation via gh: tagName / publishedAt / changelog body. - When the smoke fails: concrete recovery moves for the 5 common failure modes (lockfile drift, dist staleness, audit vuln, release 404, skill loader error), pointing at the existing docs and PRs that document each fix. - Out of scope: cross-platform install, npx river try, real LLM, Vercel. No code change. Refs: PRs #889, #896 (sibling Codex final-pass items), docs/development/npm-distribution-design.md, AGENT_LEARNINGS.md gh-api empty-commit entry. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]> * docs(runbook): apply gemini PR #897 review on release-smoke Both gemini comments are valid; apply. 1. Resolve TAG via the upstream GitHub Release instead of the local package.json. The previous form trusted that the operator had already pulled main after the release-please merge; if they had not, the local package.json could point at the previous version and the smoke would run against the wrong commit. Use `gh release view --json tagName --jq .tagName` so the upstream release is the source of truth. 2. The "feedback_release_please_workflow_race.md memory if available" pointer was misleading — that file is Claude's internal memory, not a repo doc. Replace with a concrete pointer to the AGENT_LEARNINGS.md 2026-05-24 entry that actually carries the gh-api empty-commit pattern in the repo. No content change beyond these two clarifications. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]> --------- Co-authored-by: Claude Opus 4.7 (1M context) <[email protected]>
This was referenced Jun 3, 2026
s977043
added a commit
that referenced
this pull request
Jun 29, 2026
…alidation - Consume positional target path after subcommand in review parse block (#1) - Pass targetPath to routeReviewMode (#1) - Warn instead of silently dropping riskMap load errors (#3) - Reject unsupported --format values with exit code 3 (#7) Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
s977043
added a commit
that referenced
this pull request
Jun 30, 2026
…1324) * feat: add Review Mode Router for risk-based review depth selection - Add `src/lib/review-mode-router.mjs`: routeReviewMode() and formatRouterResultMarkdown() — pure heuristic, no LLM calls - Add `tests/review-mode-router.test.mjs`: 17 unit tests (all pass) - Add `river review route` CLI subcommand (--format json|markdown) - Add `docs/development/review-mode-router-design.md`: design doc Routing priority: risk-map require_human_review > escalate > migration/schema > large diff (≥20 files or ≥500 lines) > infra/config > docs/test-only > standard (default). Fixes #1323 Co-Authored-By: Claude Sonnet 4.6 <[email protected]> * fix: cli route handler path parsing, riskMap error handling, format validation - Consume positional target path after subcommand in review parse block (#1) - Pass targetPath to routeReviewMode (#1) - Warn instead of silently dropping riskMap load errors (#3) - Reject unsupported --format values with exit code 3 (#7) Co-Authored-By: Claude Sonnet 4.6 <[email protected]> * docs: sync review-policy.md SSoT with Review Mode Router vocabulary Add mode taxonomy (light/standard/team/human-required), routing triggers, and CLI usage for `river review route`. Closes SSoT gap from PR #1324 (#4). Co-Authored-By: Claude Sonnet 4.6 <[email protected]> * fix(review-mode-router): address second review cycle findings - fix: river review route without --format flags defaulted to parsed.output='text' and always exited code 3; use formatExplicit/outputExplicit to default to json - fix: quote targetPath in buildNextCommand when path contains spaces - refactor: hasAnyFiles now uses fileCount > 0 (dedup with existing var) - docs: add comment to Rule 5 guard explaining suppression intent - docs: add §8 Review Mode Router section to review-policy.en.md (SSoT sync) - docs: update review-mode-router-design.md — add targetPath to RouterInput, narrow confidence to 'high'|'medium', parameterize nextCommand examples Co-Authored-By: Claude Sonnet 4.6 <[email protected]> * build: rebuild action dist after cli.mjs changes src/cli.mjs is bundled into runners/github-action/dist/index.mjs via ncc. Rebuild required after route handler and format validation fixes. Co-Authored-By: Claude Sonnet 4.6 <[email protected]> * fix(review-mode-router): address CodeQL and Gemini bot review findings - fix: escape backslashes before double-quotes in buildNextCommand (CodeQL: incomplete string escaping in shell command suggestion) - fix: treat unknown file types as substantive to prevent incorrect demotion to light mode (Gemini: .rs/.py files classified as unknown were erroneously routed to light) - test: add unknown-file-only → standard mode regression test - build: rebuild action dist Co-Authored-By: Claude Sonnet 4.6 <[email protected]> --------- Co-authored-by: Claude Sonnet 4.6 <[email protected]>
This was referenced Jul 4, 2026
s977043
added a commit
that referenced
this pull request
Jul 4, 2026
…iveTo, awesome-devsecops (#1393) Prepare copy-paste-ready submission materials for the top remaining external-listing candidates (awareness backlog #2/#3/#8), so the maintainer can submit quickly. Each draft's submission method was researched against the live list: - awesome-claude-code: ISSUE FORM only (recommend-resource.yml) — NOT a PR / gh CLI (CONTRIBUTING forbids it); category 'Infrastructure & DevOps'; exact form field values included. - AlternativeTo: website 'Suggest new application' wizard (no PR); note the ~1-week new-account wait; field values included. Applied review fixes: dropped the misleading 'static-code-analysis' tag (River Review is not a SAST scanner) and neutralized comparative phrasing. - awesome-devsecops: fork+PR to the MAINTAINED TaptuIT/awesome-devsecops (the higher-star devsecops/awesome-devsecops is abandoned since 2021); honest 'marginal' fit noted; entry frames it as complementing SAST. Built via a research+verify workflow; drafts checked for rule compliance, accuracy, and non-promotional tone. Actual submission is a maintainer action per the repo's external-listing policy. Co-authored-by: Antigravity <[email protected]> Co-authored-by: Claude Opus 4.8 (1M context) <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/setup-node from 4 to 6.
Release notes
Sourced from actions/setup-node's releases.
... (truncated)
Commits
2028fbcLimit automatic caching to npm, update workflows and documentation (#1374)1342781Bump actions/publish-action from 0.3.0 to 0.4.0 (#1362)89d709dBump prettier from 2.8.8 to 3.6.2 (#1334)cd2651cBump ts-jest from 29.1.2 to 29.4.1 (#1336)a0853c2Bump actions/checkout from 4 to 5 (#1345)b7234ccUpgrade action to use node24 (#1325)d7a1131Enhance caching in setup-node with automatic package manager detection (#1348)5e2628cBumps form-data (#1332)65becefBump undici from 5.28.5 to 5.29.0 (#1295)7e24a65Bump uuid from 9.0.1 to 11.1.0 (#1273)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)