chore(ci)(deps): bump codecov/codecov-action from 4 to 5 #6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ted script\n\nReplace broken UV_PYTHON_SPEC preview with neutral Python stack preview.\nRoute uv install to scripts/install_uv.sh reconcile.
…ilities - Show npm, pnpm, yarn prompts unconditionally (outside Node block) - Update via Corepack; fallback to npm global installs - Re-audit after each action - Include black in Python utilities prompt
… prefer yarn@stable - Ensure corepack enable on update - corepack prepare pnpm@latest --activate || npm i -g pnpm@latest - corepack prepare yarn@stable --activate || npm i -g yarn@latest - Keep npm/eslint/prettier updated
…e/rename.ul - Skip Corepack shim package.json; invoke real pnpm/yarn for versions - Prefer Yarn stable and Yarn tags endpoint; upstream_method=yarn-tags - Detect uv-managed tools via 'uv tool list' and symlink targets; report 'uv tool' - Separate perl 'prename' and util-linux 'rename.ul' and parse versions
…d via official installer Detect ~/.local/bin/uv and label as 'github binary'; keep pipx/user for pipx venv symlinks.
Detect pipx-installed Python CLIs and prompt to reinstall with 'uv tool', uninstalling pipx version to avoid shim conflicts; re-audit after action.
- audit: show upstream_method as 'uv tool' for PyPI tools - guide: migrate any pipx/pip-installed Python CLIs (incl. pip/pipx/ansible-core) to uv tool with uninstall of old shims
…y as 'uv venv'/'uv python'\n\n- Prefer ~/.venvs/dev/bin/python or /home/sme/.local/share/uv/python/cpython-3.13.6-linux-x86_64-gnu/bin/python3.13 for installed Python\n- Show proper installed_method for uv-managed Python\n- Keeps PATH scan fallback for non-uv setups
…- Prefer ansible-community for community version; keep ansible-core CLI present\n- Ensure install_ansible.sh also installs ansible-core via uv to retain ansible shim\n- Detect uv-managed tools via real target path; refine pipx detection\n- Classify npm global installs (user/system) via node_modules real path\n- Improve unknown -> /home/.local/bin classification where appropriate
…Add installed_path_resolved and classification_reason in JSON output\n- Introduce CLI_AUDIT_DEBUG to surface suppressed exceptions\n- Refresh AUDIT_JSON after Ansible install in guide.sh\n- Refactor classification into helper for transparency
…asdf/shims and installs as 'asdf'\n- Classify ~/.nodenv/shims and versions as 'nodenv'
…t DPKG path/owner/version caches to CLI_AUDIT_DPKG_CACHE_LIMIT (default 1024)\n- Prevent unbounded growth during repeated audits
…install-method classifiers
…on' to avoid engine version
…ble; remove dead constant
…-origin caps; delegate http_get
…ual normalization
… Introduce COLLECT_ONLY/RENDER_ONLY env modes\n- Add snapshot write/read (tools_snapshot.json) with __meta__\n- Render audit strictly from snapshot in render-only mode\n- Persist upstream lookup method to latest_versions.json on success\n- Improve version detection flags (jq, fzf, ctags, ripgrep, ast-grep) and filter error/usage lines\n- Narrow state column and remove subheaders for compact table\n- Add readiness summary and optional streaming rows
Add comprehensive root agent guide covering: - Overview (Phase 1 complete, Phase 2 planned) - Setup with Python 3.10+ requirements - Build & tests (make audit, update, lint) - Code style (PEP 8, type hints, frozen dataclasses) - Security (HTTPS-only, no secrets, rate limiting) - PR/commit checklist (Conventional Commits) - Good vs bad examples (dataclasses, locks, parallelization) - When stuck (troubleshooting workflows) - House Rules (SOLID, DRY, KISS, testing, docs currency) Thin root file references scoped AGENTS.md files. Follows https://github.com/anthropics/claude-code convention. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Add comprehensive guide for 13+ installation scripts: - Overview (install/update/uninstall/reconcile actions) - Setup (INSTALL_PREFIX, FORCE_INSTALL, DEBUG) - Build & tests (individual scripts, Make targets, debug mode) - Code style (Bash 4.0+, set -euo pipefail, error handling) - Security (HTTPS downloads, checksum verification, sudo safety) - PR/commit checklist (shellcheck, test all actions) - Good vs bad examples (robust downloads, version comparison, cleanup) - When stuck (debug workflows, PATH issues, reconciliation) - House Rules (vendor tools preferred, parallel reconciliation) References Phase 2 ADRs for installation strategy decisions. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Add CLAUDE.md, GEMINI.md, COPILOT.md pointer files directing to AGENTS.md as canonical source. Maintains compatibility with various AI coding assistants while following the public agents.md convention. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Update .envrc to follow AGENTS.md convention: - Export PROJECT_NAME from basename - Display welcome message with quick start commands - Show first-time user guidance Maintains compatibility with existing Makefile env loading. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Improvements: - Replace custom help with awk-based format (AGENTS.md convention) - Add ## annotations to all targets for help display - Document all audit, install, update, uninstall, reconcile targets Example output: audit Render audit from snapshot (no network, <100ms) install-python Install Python toolchain via uv update-python Update Python toolchain reconcile-node Reconcile Node.js to nvm-managed 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Phase 2 Planning (PRD & ADRs): - PRD.md (29KB): Product requirements, Phase 1 summary, Phase 2 spec - PHASE2_IMPLEMENTATION.md (58KB): 8-week roadmap, 5 phases - CONFIGURATION_SPEC.md (33KB): .cli-audit.yml schema reference - adr/README.md: ADR process and index - ADR-001: Context-aware installation (workstation/server/ci modes) - ADR-002: Package manager hierarchy (vendor→GitHub→system) - ADR-003: Parallel installation approach (keep both, PATH ordering) - ADR-004: Always-latest version policy (warn on major upgrades) - ADR-005: Environment detection logic (CI/server/workstation) - ADR-006: Configuration file format (YAML, multi-location precedence) Technical Documentation Updates: - INDEX.md: Added Phase 2 planning section, navigation updates - QUICK_REFERENCE.md: One-liners, env vars, jq queries - ARCHITECTURE.md: System design, threading model, cache hierarchy - API_REFERENCE.md: 50+ functions, environment variables - FUNCTION_REFERENCE.md: Categorized function catalog - DEVELOPER_GUIDE.md: Contributing guide, testing strategies - TOOL_ECOSYSTEM.md: 50+ tool catalog with categories - DEPLOYMENT.md: Makefile targets, CI/CD integration - TROUBLESHOOTING.md: Common issues and solutions AI Agent Context: - claudedocs/project_context.md: Quick reference for AI agents - claudedocs/session_summary.md: Session documentation and insights Total: 12 docs files (189KB), 8 ADRs (71KB), 2 AI context files (19KB) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Document all 13+ installation scripts: - Overview of multi-action support (install/update/uninstall/reconcile) - Per-script detailed documentation - Actions explained (install, update, uninstall, reconcile) - Usage examples via Make targets - Troubleshooting per script - Shared utilities (lib/ directory) - Best practices and patterns Scripts covered: - install_core.sh: fd, fzf, ripgrep, jq, yq, bat, delta, just - install_python.sh: uv-based Python toolchain - install_node.sh: nvm-based Node.js - install_rust.sh: rustup-based Rust - install_go.sh, install_aws.sh, install_kubectl.sh - install_terraform.sh, install_ansible.sh, install_docker.sh - install_brew.sh, install_uv.sh - guide.sh: Interactive upgrade guide - test_smoke.sh: Smoke testing 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Add @anthropic-ai/claude-code ^2.0.11 for AI agent integration. This dependency ensures AI coding agents (like Claude Code) have proper tooling support. Package required for AI agent context and project integration. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Mode enhancements: - Add COLLECT_ONLY mode (CLI_AUDIT_COLLECT=1): write snapshot, no output - Add RENDER_ONLY mode (CLI_AUDIT_RENDER=1): read snapshot, no network - Snapshot includes __meta__ (schema_version, created_at, count) - write_snapshot() now returns meta dict Tracing and diagnostics: - Add CLI_AUDIT_TRACE for ultra-verbose output - Add CLI_AUDIT_TRACE_NET for HTTP request tracing - Add _vlog(), _tlog() helper functions - Add SLOW_MS threshold for performance tracking HTTP improvements: - Make http_fetch() retry parameters configurable via env vars - Add HTTP_RETRIES, HTTP_BACKOFF_BASE, HTTP_BACKOFF_JITTER - Add network tracing (request status, retries, errors) Version detection improvements: - Filter error/usage lines from version output - Improve jq, fzf, ctags, ripgrep, ast-grep version detection - Handle --help output that contains version info Performance: - Persist upstream lookup method to latest_versions.json on success - Narrow state column in table output - Remove subheaders for more compact display - Add readiness summary - Optional streaming rows 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Version updates: - npm: 10.8.3 → 11.6.2 - pipx: 1.7.1 → 1.8.0 - poetry: 1.8.3 → 2.2.1 - yarn: 4.5.1 → 4.9.4 Method persistence: - Add __methods__ section tracking upstream lookup methods - Persist successful lookup methods for faster future queries This cache update improves performance by recording which upstream API (pypi, npm, github, crates) successfully resolved each tool's latest version. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Ignore node_modules/ directory from @anthropic-ai/claude-code dependency. Minimal Node.js usage (AI agent integration only). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Major documentation reorganization following best practices: Documentation Organization: - Move PROJECT_GUIDE.md to docs/ for proper organization - Move ARCHITECTURE_DIAGRAM.md to docs/ for technical documentation - Move DEVELOPMENT_QUICKSTART.md to docs/ for developer resources - Preserve important claudedocs/ content in committed docs/ - logging_framework.md → docs/LOGGING.md - phase2_completion_report.md → docs/PHASE2_COMPLETION_REPORT.md - comprehensive_code_review.md → docs/CODE_REVIEW.md - Add docs/DOCUMENTATION_ORGANIZATION.md for organization rationale - Update .gitignore to exclude claudedocs/ (AI agent session context) Phase 2 Implementation (Complete): - Add cli_audit package with 11 modules (5,338 LOC) - Phase 2.1: Foundation (environment, config, package_managers, install_plan) - Phase 2.2: Core installation (installer with retry and validation) - Phase 2.3: Bulk operations (parallel installation with progress tracking) - Phase 2.4: Upgrade management (version comparison, breaking changes) - Phase 2.5: Reconciliation (multi-installation detection and management) - Phase 2.6: Logging framework (structured logging with console/file output) Testing Infrastructure: - Add comprehensive test suite (292 tests, 4,907 LOC) - Unit tests for all 11 Phase 2 modules - Integration tests for end-to-end workflows - Test fixtures for configuration validation Development Infrastructure: - Add CI/CD workflows (GitHub Actions) - ci.yml: Matrix testing (Python 3.10-3.12, Linux/macOS) - release.yml: Automated releases with PyPI publishing - dependabot.yml: Automated dependency updates - Add development tooling configuration - .flake8: Linting rules - mypy.ini: Type checking configuration - pytest.ini: Test configuration - pyproject.toml: Package metadata and dependencies - Add CONTRIBUTING.md with comprehensive contributor guide Documentation: - Add docs/PHASE2_API_REFERENCE.md (78 API symbols across 11 modules) - Add docs/phase2_api/environment.md (detailed module documentation) - Add docs/CODE_REVIEW.md (comprehensive quality assessment: 9.3/10) - Add docs/LOGGING.md (logging framework documentation) - Update README.md with Phase 2 features and code examples Quality: - Zero circular dependencies across 11 modules - Comprehensive type hints throughout - Frozen dataclasses for immutability - Thread-safe progress tracking - Retry logic with exponential backoff - Checksum verification for downloads - Breaking change detection and warnings - System tool safelist (26 protected tools) Cross-references updated in PHASE2_API_REFERENCE.md and environment.md to reflect new documentation locations. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v4...v5) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
bot
deleted the
dependabot/github_actions/codecov/codecov-action-5
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps codecov/codecov-action from 4 to 5.
Release notes
Sourced from codecov/codecov-action's releases.
... (truncated)
Changelog
Sourced from codecov/codecov-action's changelog.
... (truncated)
Commits
5a10915chore(release): 5.5.1 (#1873)3e0ce21fix: overwrite pr number on fork (#1871)c4741c8build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1868)17370e8build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 (#1867)18fdacffix: update to use local app/ dir (#1872)206148cdocs: fix typo in README (#1866)3cb13a1Document acodecov-cliversion reference example (#1774)a4803c1build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 (#1861)3139621build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#1833)fdcc847chore(release): 5.5.0 (#1865)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)