Skip to content

chore(deps): bump ora from 5.4.1 to 9.4.0#4

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/ora-9.4.0
Open

chore(deps): bump ora from 5.4.1 to 9.4.0#4
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/ora-9.4.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Copy link
Copy Markdown

Bumps ora from 5.4.1 to 9.4.0.

Release notes

Sourced from ora's releases.

v9.4.0

  • Add successSymbol and failSymbol options to oraPromise 3d2e0a9

sindresorhus/ora@v9.3.0...v9.4.0

v9.3.0

  • Reduce flicker in rendering 2ab4f76

sindresorhus/ora@v9.2.0...v9.3.0

v9.2.0

  • Update stdin-discarder dependency (#251) 020eaba

sindresorhus/ora@v9.1.0...v9.2.0

v9.1.0

  • Support external writes to stream (console.log) while spinning d2b543a
  • Replace strip-ansi dependency with native stripVTControlCharacters (#249) 68d50e5

sindresorhus/ora@v9.0.0...v9.1.0

v9.0.0

Breaking

  • Require Node.js 20 7aca06d

Fixes

  • Fix clearing in some cases aa51538
  • Fix frame() not displaying dynamic prefixText/suffixText from functions 0f19f57
  • Fix multiline text exceeding console height leaving garbage when scrolling 45d30ad

sindresorhus/ora@v8.2.0...v9.0.0

v8.2.0

  • Add support for boolean value for color option (#244) fe951e5

sindresorhus/ora@v8.1.1...v8.2.0

... (truncated)

Commits

@dependabot @github

dependabot Bot commented on behalf of github May 11, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

CodingKylo added a commit that referenced this pull request May 17, 2026
@CodingKylo @claude
feat(cli): add doctor repo-scope check + close git-remote-drift gap
cc582e9 
Adds a 7th `doctor` check that warns when the git-remote-inferred repo
isn't in the team's recently-assessed set. Catches the failure mode that
wasted ~2 hours of debug time over the past two days: a stale `git
remote` (e.g. after an org rename) makes every CLI call return
SCOPE_VIOLATION with no obvious clue that `git remote -v` is the culprit.

Mechanism: derives monitored-repo set from `list_recent_assessments`
(cheap DB read, no LLM). Compares against `readRemoteOriginUrl()`'s
output after canonicalising both sides via `normaliseRepoSlug` (strip
trailing `.git`, lowercase, trim). Always returns `skip` or `warn`,
never `fail` — doctor is informational, not a gate.

Other hardening from gate iteration:
- `.gitignore` now excludes `*.tgz` so `npm pack` artefacts don't get
  accidentally committed.
- Backend lookup catches ALL errors and degrades to `skip` so a
  transient backend issue can't make `doctor` exit non-zero in CI.
- The swallow logs the error CLASS (`err.constructor.name`) to stderr,
  never `err.message`, in case upstream errors ever embed request
  context that includes the Authorization header.
- Format contract documented inline so a future maintainer doesn't
  silently break the `owner/repo` comparison.

16 jest tests cover every status branch + the normalisation case
(`Owner/Repo.git` mixed-case+suffix against backend's `owner/repo`).

GATE OVERRIDE: pre_commit_check scored 74/high/safe=false at commit
time, above the team's 60 auto-block threshold. Override authorised by
operator (explicit decision). The remaining gate findings are
design-philosophy meta-concerns (cross-vendor URL parsing robustness,
extra MCP call latency on a diagnostic command, observability
tradeoffs); none flag actual incorrect behaviour. Reasoning:
  - Manually verified end-to-end from both monitored and non-monitored
    cwd — produces correct `ok` and `warn` outputs with actionable copy.
  - 16/16 unit tests pass including normalisation drift case.
  - The doctor command is run ad-hoc, not in a CI hot loop — the extra
    MCP call (~300ms p50) is not a latency concern in its actual use.
  - The original issue (CLI Finding #4 — stale git remote causing
    silent SCOPE_VIOLATION) is preventatively closed; the hardening
    finds the problem before users do.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ora-9.4.0 branch from 8adf0ae to a38ae41 Compare May 25, 2026 11:25
@dependabot
chore(deps): bump ora from 5.4.1 to 9.4.0
f2492bb 
Bumps [ora](https://github.com/sindresorhus/ora) from 5.4.1 to 9.4.0.
- [Release notes](https://github.com/sindresorhus/ora/releases)
- [Commits](sindresorhus/ora@v5.4.1...v9.4.0)

---
updated-dependencies:
- dependency-name: ora
  dependency-version: 9.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/ora-9.4.0 branch from a38ae41 to f2492bb Compare June 5, 2026 00:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants