build(deps): bump picomatch from 4.0.3 to 4.0.4 in the npm_and_yarn group across 1 directory#1
Open
dependabot[bot] wants to merge 1 commit intomainfrom
Open
Conversation
Bumps the npm_and_yarn group with 1 update in the / directory: [picomatch](https://github.com/micromatch/picomatch). Updates `picomatch` from 4.0.3 to 4.0.4 - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](micromatch/picomatch@4.0.3...4.0.4) --- updated-dependencies: - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
cjangrist
added a commit
that referenced
this pull request
May 2, 2026
…ed sentinel detection
Two MEDIUM-consensus items from the round 6 hh synthesis. Both touch
small isolated functions; no behavioral risk to the happy path.
## (1) close_unbalanced_fence: count only line-start fences
Pre-fix: regex `/```/g` counts ALL triple-backticks anywhere — including
literal ``` inside prose (e.g., "use the ``` syntax for code blocks") and
inside fenced code blocks (e.g., a markdown tutorial that quotes fence
syntax in its example). A correctly-balanced snippet with literal ``` in
content gets an odd count → spurious closing fence appended → broken
markdown for the user.
Fix: change regex to `/^[ ]{0,3}```/gm` per CommonMark spec — only count
fences at start of line with up to 3 spaces of indent (the actual
markdown fence definition).
Verified with 8 unit cases:
- line-start fence → 2 (counted)
- 2-space indent → 2 (counted)
- 4-space indent (too far per CommonMark) → 0 (correctly ignored)
- inline literal "use the ``` syntax" → 0 (correctly ignored)
- tutorial nesting (outer fence wrapping ```bash example) → 4
- unbalanced from truncation → 1
- no fences → 0
- CRLF line endings → 2
## (2) detect_grounded_sentinel: bounded substring fallback
Pre-fix: R1H1 already handles wrap chars + trailing punct (e.g.,
"**[no usable content]**" or "[no usable content]."). But if the model
emits the sentinel inside a short prose framing — "This page is
[no usable content]." — exact-match still fails and the literal
sentinel string + framing leaks to users.
Fix: after exact-match, fall back to a length-bounded substring match.
Cap at 200 chars so a short prose-framed sentinel matches but a long
article rhetorically mentioning the bracketed phrase does not.
Verified with 10 unit cases:
R1H1 cases (must still pass):
- "[no usable content]" → matches (exact)
- "[no usable content]." → matches (R1H1)
- "**[no usable content]**" → matches (R1H1)
R6 prose-framed cases (newly fixed):
- "This page is [no usable content]." → matches
- "Body content: [navigation only]" → matches
- "Found: [page not found]" → matches
- "Result: [login required]." → matches
Counterexamples (must NOT match):
- 300+ char article mentioning "[no usable content]" rhetorically
→ undefined (above 200-char cap)
- "legit prose without sentinel" → undefined
- "the page is no usable content" (no brackets) → undefined
Production smoke (fresh "markdown fenced code block syntax tutorial
backticks bash python" — query specifically loaded with literal ```
references in tutorial-style results): 16/16 grounded (100%), 25.3s
wall, 0 retries, 0 timeouts.
Refs:
tmp/2026-05-02-10-39-01_*/synthesis_round6.md (R6 mediums #1 + #2)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 1 update in the / directory: picomatch.
Updates
picomatchfrom 4.0.3 to 4.0.4Release notes
Sourced from picomatch's releases.
Commits
e5474fcPublish 4.0.44516eb5Merge commit from fork5eceecdMerge commit from fork0db7dd7Run benchmark again against latest minimatch version (#161)9500377docs: clarify what brace expansion syntax is and isn't supported (#134)2661f23fix typo in globstars.js test name (#138)1798b07docs: fixmakeReexample (#143)9d76bc5chore: undocument removed options (#146)e4d718bRemove unused time-require (#160)38dffebchore(deps): pin dependencies (#158)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.