Merged
Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix prepared a fix for the issue found in the latest run.
- ✅ Fixed: Ripgrep not installed on runner, usage hints silently empty
- Replaced the unavailable
rgcommand with portable recursivegrepso local usage hints are collected on default GitHub Ubuntu runners.
- Replaced the unavailable
Or push these changes by commenting:
@cursor push 43e6240dd1
Preview (43e6240dd1)
diff --git a/.github/workflows/dependabot-cursor-review.yml b/.github/workflows/dependabot-cursor-review.yml
--- a/.github/workflows/dependabot-cursor-review.yml
+++ b/.github/workflows/dependabot-cursor-review.yml
@@ -222,7 +222,7 @@
{
echo "Search pattern: $PACKAGE_NAME"
echo
- rg -n --fixed-strings --hidden --glob '!.git' --glob '!node_modules' --glob '!.upstream-dependency/**' -- "$PACKAGE_NAME" . || true
+ grep -R -n --fixed-strings --exclude-dir=.git --exclude-dir=node_modules --exclude-dir=.upstream-dependency -- "$PACKAGE_NAME" . || true
} > package_usage.txt
fiThis Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.
ChiaAutomation
force-pushed
the
managed-files
branch
from
dec1964 to
b20caf6
Compare
cmmarslender
approved these changes
Mar 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
Medium Risk
Adds a new CI workflow that downloads and executes an external installer and posts automated comments using a repository secret; failures or mis-scoping could affect CI reliability and comment noise, and the remote install step increases supply-chain exposure.
Overview
Introduces a new GitHub Actions workflow,
dependabot-cursor-review.yml, that triggers on Dependabot-authored PRs (or via manualworkflow_dispatch) to generate an automated dependency-impact review.The job parses the Dependabot PR body/title for upstream repo, release notes, commit info, and version metadata; checks out both the PR head and the upstream dependency repo; greps for local usage; runs Cursor CLI (
agent) usingsecrets.CURSOR_API_KEY; and creates/updates a marked PR comment with the analysis output.Written by Cursor Bugbot for commit b20caf6. This will update automatically on new commits. Configure here.