chore(deps): bump golang.org/x/term from 0.40.0 to 0.42.0#934
Closed
dependabot[bot] wants to merge 1951 commits intodevelopfrom
Closed
chore(deps): bump golang.org/x/term from 0.40.0 to 0.42.0#934dependabot[bot] wants to merge 1951 commits intodevelopfrom
dependabot[bot] wants to merge 1951 commits intodevelopfrom
Conversation
Investigates why GitHub labels are not being applied to PRs (never) and inconsistently to issues (only when envoy is running). Identifies root causes: PR labeling was never assigned to any agent, envoy has no startup catch-up for issues missed during downtime. Provides concrete agent definition changes for merge-queue, envoy, and supervisor.
docs: label usage gap analysis — research artifact
…72.4) Based on label usage gap analysis (PR #806). Wire label application into agent workflows: merge-queue PR labeling (title-prefix inference), envoy startup catch-up + context exhaustion warning + mutual exclusivity, supervisor label discipline, and retroactive cleanup. Agent definition and operational doc changes only — no application code.
docs: plan Epic 72 — Operationalize GitHub Label Usage (4 stories)
… mutual exclusivity (Story 72.2) - Add startup catch-up scan to envoy rhythm: scan open issues for zero labels, apply triage.new + type.* to catch issues created during downtime - Add Context Exhaustion Risk section matching merge-queue/pr-shepherd format - Add Label Mutual Exclusivity enforcement subsection with remove-before-add protocol for exclusive scopes (type.*, priority.*, triage.*, scope.*, resolution.*)
feat: Story 72.2 — Envoy Label Resilience
Add PR Labeling section to merge-queue.md with rules for inferring type.*, scope.in-scope, and agent.worker labels from PR metadata. Update the Labels reference table, Authority table, and label-authority.md to reflect merge-queue's new labeling capabilities.
…tory 71.1) Drop Apple Intel (darwin/amd64) build targets from: - .goreleaser.yml: added darwin/amd64 to ignore list - justfile: removed amd64 line from build-all recipe - ci.yml: removed amd64 builds, signing, notarization, app bundles, DMG, pkg, artifact uploads, release notes, and Homebrew formula Intel branch Only darwin/arm64 (Apple Silicon) and linux/amd64 remain as targets. Saves CI runner minutes by eliminating expensive macOS Intel signing.
docs: Story 72.1 — Merge-Queue PR Labeling
docs: governance sync — Stories 72.1, 72.2 Done (Epic 72 2/4)
chore: sync operational data
…on (#813) * docs: supervisor label discipline & resolution.wontfix label (Story 72.3) Add label discipline section to supervisor agent definition with instructions for applying agent.worker, scope.*, and resolution.* labels during issue lifecycle. Create missing resolution.wontfix label on GitHub. Update label-authority.md summary table to include resolution.* in supervisor's Can Set column. * docs: mark Story 72.3 Done (PR #813)
feat: Story 71.1 — Remove darwin/amd64 from CI build and alpha release pipeline
* docs: retroactive label cleanup — fix mutual exclusivity violations (Story 72.4) Fixed mutual exclusivity violations on three closed issues: - #330: removed triage.in-progress (kept triage.complete) - #296: removed type.bug (kept type.infra) - #283: removed type.bug (kept type.infra) All seven originally unlabeled issues were already closed; per dev notes, retroactive labeling of closed issues was skipped. Final scan of all issues: zero violations remaining. * docs: update story 72.4 status with PR number (Story 72.4)
Remove all darwin/amd64 references from the sign-stable job in release.yml. Since only arm64 remains, loops are eliminated in favor of direct commands for: download, sign, notarize, pkg build, pkg notarize, checksums, and re-upload steps.
…tests, and agent definitions (#817) * docs: remove darwin/amd64 (Intel Mac) references from docs, tests, and agent definitions (Story 71.3) After Stories 71.1 and 71.2 dropped Intel builds from the build and release pipelines, remaining references to darwin/amd64 in documentation, test tables, and agent definitions are now stale. This cleans them up: - README.md: Remove Intel rows from pkg installer and binary download tables - docs-site installation page: Remove Intel mention from pre-built binary tab - Architecture doc: Remove darwin/amd64 from cross-compile target lists - codesign_test.go: Remove amd64 test case from SignMultipleBinaries - pkg_builder_test.go: Remove amd64 test case from Build_PerArchitecture - release-manager.md: Remove darwin-amd64 from cross-compile description * docs: update Story 71.3 status to Done (PR #817)
…plete docs: governance sync — Epic 76 3/6, Epic 77 COMPLETE
…6.5) Implement SnapshotRecord type and SnapshotWriter for recording quota usage snapshots to docs/operations/quota-usage.jsonl. Snapshots contain aggregated metrics (usage %, per-agent breakdown, tier, peak flag, window timing) — no raw per-interaction duplication. OTEL metric mapping documented in type comments for Phase 3 Marvel portability. Provenance: L3
Provenance: L3
feat: /stats usage data integration (Story 76.5)
- Story 76.3 (Warning Threshold Engine): Not Started → Done (PR #883) - Epic 76 progress: 3/6 → 4/6
docs: governance sync — Story 76.3 Done, Epic 76 4/6
Research investigating how to install BMAD as a shared sidecar across multiple repos. Evaluates 7 techniques (symlinks, overlayfs, git submodules, --add-dir wrappers, MCP server, user-level commands). Recommends two-phase approach: Phase 1 copies command stubs to ~/.claude/commands/ for instant global availability; Phase 2 adds symlinks to shared runtime files for power users with 3+ repos. Provenance: L3
docs: BMAD sidecar installation architecture research
- SC2015: Replace A && B || C with if/then in test-cron-scripts.sh - SC2317/SC2329: Suppress false-positive unreachable function warnings in test-verify-mcp-bridge.sh (caused by exit in heredocs) - SC2034: Remove unused variables (QUOTA_SCRIPT, OUTPUT, SESSION, YELLOW, recent_work_commands, TOTAL_TOKENS) - SC2034: Suppress for color vars used in embedded Python (quota-status.sh) - SC2086: Double-quote variable in date flag (sm-sprint-health.sh) - SC2001: Suppress for sed backreference (handover-history.sh) - SC2016: Suppress for intentional literal template tokens (validate-alpha-formula.sh) All scripts now pass shellcheck cleanly. Provenance: L3
fix: resolve pre-existing ShellCheck warnings in test scripts
The git-safety.sh hook from Story 73.3 (PR #840) blocked sync operations (fetch, pull, rebase, merge) universally for ALL Claude agents. This was over-broad -- persistent agents (merge-queue, pr-shepherd) and the multiclaude CLI itself need these operations. Two failure modes: 1. Persistent agents couldn't update PR branches or stay current with main 2. multiclaude CLI couldn't spawn workers (fetch is used internally to create worktrees), creating a catch-22 where the system couldn't self-heal Fix: detect worker worktrees via path pattern (~/.multiclaude/wts/) and only enforce sync restrictions there. Universal protections (unsigned commits, push to main, Co-Authored-By) remain enforced in all contexts. Test suite expanded from 38 to 68 cases covering both worker and main checkout contexts with explicit edge cases for context detection. Provenance: L3
Provenance: L3
- SC2016: disable for intentional literal ${VAR} patterns in validate-alpha-formula.sh
- SC2034: disable for color vars used in embedded Python (quota-status.sh),
remove genuinely unused TOTAL_TOKENS and QUOTA_SCRIPT vars
- SC2034: remove unused YELLOW from rollcall.sh, recent_work_commands from shift-clock.sh
- SC2086: quote variable in date expansion (sm-sprint-health.sh)
- SC2069: fix redirect order in test-shift-snapshot.sh
- SC2001: replace sed with shell builtins in handover-history.sh
- SC2329: suppress false positive for indirectly-invoked function (test-verify-mcp-bridge.sh)
Provenance: L3
fix: scope git safety hook to worker worktrees only (Story 73.8)
Layer 1: 35 ADR nodes (34 bedrock + 1 frontier/deferred) Layer 2: 26 BOARD nodes (18 open questions + 8 research/recommendations) Layer 3: 4 incident report nodes (bedrock — validated by failure) 65 nodes total, 0 validation warnings. Key early signal: adr-0026 (self-driving pipeline) contradicted by 3 of 4 incidents. All incidents share a pattern: assumptions about isolation, atomicity, or message routing never architecturally enforced. Layers 4-6 (architecture, PRD, dark factory) pending.
Switch CI from trunk-based (main) to gitflow (develop + main): - Push trigger: main -> develop for CI, docs, alpha releases - PR trigger: main -> [develop, main] for CI and scope-check - Remove stable binary builds from CI (stable releases via tag-triggered release.yml) - Alpha-only signing: remove installer cert, app bundle, dmg, pkg steps - Update release-verify to watch develop instead of main for alpha tap
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Bumps [golang.org/x/term](https://github.com/golang/term) from 0.40.0 to 0.42.0. - [Commits](golang/term@v0.40.0...v0.42.0) --- updated-dependencies: - dependency-name: golang.org/x/term dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/go_modules/golang.org/x/term-0.42.0
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps golang.org/x/term from 0.40.0 to 0.42.0.
Commits
52b71d3go.mod: update golang.org/x dependencies9d2dc07go.mod: update golang.org/x dependenciesd954e03all: upgrade go directive to at least 1.25.0 [generated]Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)