chore(deps): update dependency fallow to v2.85.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
fallow (source)	2.84.0 → 2.85.0

---

Release Notes

fallow-rs/fallow (fallow)

v2.85.0

Compare Source

Added

• fallow coverage upload-source-maps now uploads each map's repo-relative path, so the source-evidence viewer can resolve monorepo sub-package source. A bundled map under a sub-package (e.g. dashboard/dist/assets/X.js.map) lists its sources relative to the map file (../../src/components/X.tsx); the cloud previously had only the basename and collapsed that to src/components/X.tsx, which never matched the package-prefixed runtime path dashboard/src/components/X.tsx, so the viewer reported "source not in maps" even though the file was in an uploaded map. The CLI now sends the map's path relative to the repo root alongside the existing fileName, letting the cloud resolve each source against the map's directory and recover dashboard/src/components/X.tsx. The field is omitted when a map is not under the repo root (an absolute --dir outside it), in which case the cloud falls back to its previous behavior. Run upload-source-maps from the repo root so the prefix is correct. No change for single-package projects. (Closes #​260.)

• fallow flags now surfaces the configuration surface when it finds nothing. The empty-result line (No feature flags detected) is no longer byte-identical whether a project truly has no flags or just uses an SDK fallow does not recognize. On full defaults, the human output now lists the built-in env-var prefixes and SDK providers it scanned for, then points at flags.sdkPatterns, flags.configObjectHeuristics, and the configuration docs, so you can tell a true negative from a missing detector and add your own SDK (PostHog, in-house, anything not listed). Projects that already configured custom flags.* patterns get a single terse line acknowledging their config instead of the discovery block. The enumerated detectors are derived from fallow's built-in tables, so the hint stays in sync as defaults grow. JSON, SARIF, compact, markdown, and CodeClimate output are unchanged, and --quiet suppresses the hint. (Closes #​562.)

• fallow impact reports what fallow has done for you, opt-in and local-only. A new fallow impact command shows how many issues fallow is currently surfacing, the trend since the previous recorded run, and how many commits its pre-commit gate blocked then cleared. Enable it with fallow impact enable (with disable and status siblings); once enabled, each fallow audit run appends a small record to a single rolling .fallow/impact.json (gitignored, never uploaded). The generated fallow init --hooks pre-commit hook now tags gate runs so a blocked-then-fixed commit is recorded as contained. Writes are best-effort and never change a command's exit code or output. Human, --format json, and --format markdown output are available, and the JSON shape ships in the published output schema. fallow impact now also credits per-finding resolutions: when a finding you previously saw goes away because you fixed the code, it counts as resolved, and when it goes away because you added a fallow-ignore, it is reported separately as intentionally managed and never counted as a win. It distinguishes the two by capturing which suppressions are present each run, and it ignores findings that merely moved rather than being removed (within a file, or relocated to another file, including across separate commits). Resolution attribution covers dead code, complexity, and duplication, accrues from your local runs (it is a local-developer signal, not a CI metric, since it lives in .fallow/impact.json), and adds resolved_total, suppressed_total, and a recent-resolutions list to all three output formats and the published schema.

• fallow impact now tracks a whole-project view and credits cleanups you make outside a changed-file audit. Previously every recorded run came from fallow audit, which is scoped to the files changed against your base, so a duplication or whole-repo cleanup you verified with fallow dupes (or any full fallow run) was never credited. Now a full fallow run (dead code + duplication + complexity, with no --changed-since / --workspace / --diff / --production narrowing) records a separate whole-project entry, and its resolution pass credits any finding that has gone away anywhere in the repo, including a clone group you removed without touching it in the current commit. The report gains an understated whole-project section (project_surfacing and project_trend in --format json) kept separate from the changed-file trend so the two scopes never mix into one misleading number; it advances only on your local full fallow runs, not in CI, and the report says so. A clone that is merely reshaped (one of several identical copies removed while the rest still duplicate) is not counted as resolved. The report's JSON shape stays at schema version 1 (the new fields are additive and optional).

• The Fallow Impact value report is now available over MCP. A new read-only impact MCP tool wraps fallow impact --format json, so AI agents can read the local report (current surfacing, trend since the last recorded run, pre-commit gate containment, and, on impact v1.5+, resolved/suppressed attribution) the same way they call check_health or audit. It runs no analysis, so it takes only a root; the mutating enable/disable lifecycle is intentionally not exposed, and on a never-enabled project it returns a populated {"enabled": false, ...} report (never {}) so an agent can tell "not set up" from "set up, no history yet" and recommend fallow impact enable rather than toggling it. Because impact is a local-developer signal, the tool surfaces an empty report in ephemeral CI runners and should not be used as a CI metric.

• Opt-in product telemetry for improving agent, CI, MCP, and editor workflows, off by default. fallow telemetry status|enable|disable|inspect manages it, and FALLOW_TELEMETRY=inspect fallow <command> prints the exact payload a real run would send without sending it. When enabled, Fallow sends one small, allowlisted, workflow-level event per run (which workflow ran, the integration surface, the invocation context, output format, OS and architecture, and coarse duration and exit-code buckets) and never repository names, file paths, package or dependency names, source code, config values, environment variable names or values, raw command lines, or errors. DO_NOT_TRACK and FALLOW_TELEMETRY_DISABLED are honored as top-precedence kill switches, and CI stays off unless telemetry is explicitly enabled in that environment. Agents and wrappers can declare their integration with an allowlisted FALLOW_AGENT_SOURCE (codex, claude_code, cursor, copilot, opencode, aider, roo, windsurf, gemini, cline, continue, zed, goose); setting it never enables telemetry and uploads no codebase content. The upload is best-effort on a background thread and never blocks the command or changes its output or exit code. See docs/telemetry.md.

• fallow health now emits a coverage_intelligence verdict when coverage, runtime, complexity, and change-scope evidence combine into an actionable recommendation. The additive JSON block carries its own schema version, headline verdict, summary counts, stable fallow:coverage-intel:<hash> finding IDs, ordered signals, compact evidence, related runtime IDs, and agent-ready actions. It currently surfaces risky changed hot paths, high-confidence delete candidates, owner-review-required cold code, and hot covered code that still needs careful refactoring. Human, markdown, compact, SARIF, and CodeClimate output render actionable findings; audit receives the block through its nested health payload without changing the default audit verdict or exit behavior. (Closes #​507.)

• Clone groups now have a stable fingerprint, and fallow dupes --trace can deep-dive one by id. Every clone group in fallow dupes now carries a content-derived fingerprint, usually dup:<8hex> and widened only on rare report collisions, shown beside each group in the human listing and emitted on every clone_groups[] entry (plus nested clone_families[].groups[] and the per-bucket --group-by output) in --format json. fallow dupes --trace now accepts that fingerprint (fallow dupes --trace dup:7f3a2c1e) in addition to the existing FILE:LINE form, so you can deep-dive a specific group without hunting for one of its line numbers. The trace output now also shows, per group, an extract-function suggestion with estimated line savings, a best-effort proposed function name (derived from the dominant identifier; omitted when it would be generic), and a docs link. The fingerprint is derived from the group's source content, so it is stable across runs and editing one clone group never changes another's id; collision handling is report-scoped, so a short collision widens only the colliding groups and ambiguous short ids do not resolve to the wrong group. The MCP trace_clone tool gained an optional fingerprint parameter (file/line are now optional, exactly one addressing form required), so an AI agent can read a fingerprint from find_dupes and deep-dive that group in a single follow-up call. (Closes #​759.)

• fallow's static analysis is now guaranteed, at compile time, never to execute the analyzed project's code. The analysis crates (fallow-core, fallow-extract, fallow-graph) ban raw process spawning with a clippy lint (std::process::Command::new is denied at each crate root); the only external program the analysis path can run is git (for --changed-since, churn history, and repository-state queries), routed through a single fallow_core::spawn::git wrapper. A package.json lifecycle script such as postinstall is read as data and never run, now backed by a regression test that asserts a sentinel-writing script never fires during analysis. On the build-time supply-chain surface (Cargo build.rs and proc-macros, which run arbitrary code while compiling fallow), deny.toml now also rejects yanked crates (yanked = "deny"), and SECURITY.md documents the build-time trust boundary alongside the existing runtime one. No user-facing behavior change.

Changed

• Declared-but-unused framework plugins (vite-plugin-*, prettier-plugin-*) are now reported as unused devDependencies. Fallow carried a hardcoded list of known dev tooling that exempted a package from the unused-dependency report by exact name. Several entries on that list were framework plugins (vite-plugin-svgr, vite-plugin-eslint, prettier-plugin-tailwindcss, prettier-plugin-organize-imports, @ianvs/prettier-plugin-sort-imports), which meant a plugin you listed in devDependencies but never wired into your vite.config.* or prettier config was silently treated as used. Those entries are gone: such a plugin is now credited only when it actually appears in the config (vite plugins through the import graph that already reads your config file, prettier plugins through the Prettier config parser, which now also reads the plugins array from .prettierrc.{yml,yaml,toml}), so a genuinely-unused one correctly surfaces. If a plugin you do use is flagged, fallow could not see it referenced in a config it parses; add it to ignoreDependencies and please open an issue with the config form. (Closes #​462.)
• The known-tooling list is now a community-maintainable catalogue. The prefix and exact tool names that exempt a devDependency from the unused report moved out of Rust source into crates/core/data/tooling.toml. Adding a tool is a one-line entry with no code change and no regeneration step; see CONTRIBUTING.md. No behavior change for the tools that stayed on the list. (Refs #​462.)
• The fallow-v8-coverage crate's ownership boundary with oxc_coverage_v8 is now documented. The two crates solve inverse problems (fallow maps real Node V8 dumps in UTF-16-code-unit space; oxc_coverage_v8 fills an AST-built Istanbul FileCoverage in byte space) and are intentionally not consolidated, recorded in ADR-010. The UTF-16 offset invariant is now pinned by a conformance test. No change to the fallow CLI's behavior, output, or the runtime-coverage wire format. (Closes #​509.)

Removed

• fallow-v8-coverage dropped its never-consumed forward Istanbul emitter (normalize_script and its IstanbulFileCoverage / IstanbulFunction / IstanbulRange output types), leaving the V8 dump parser plus the UTF-16 LineOffsetTable the fallow CLI actually uses. This is a breaking change to the fallow-v8-coverage crate's public API; the crate is an internal building block of the fallow CLI (the only consumer) published under the lockstep workspace version, with no supported external consumers, so there is no fallow CLI behavior change.

Fixed

• Clone fingerprints (dup:<id>) are now stable across Windows and Unix line endings. The fingerprint hashes a clone group's representative source fragment, which previously included the raw \r from CRLF checkouts, so the same code produced a different dup: handle on a Windows dev machine than on a Linux CI runner. That broke fallow dupes --trace dup:<id> and any duplication baseline keyed on the fingerprint when the two ran on different platforms. The fragment is now CRLF-normalized before hashing, so a clone group gets the same fingerprint regardless of checkout line endings. Fingerprints on Unix-checkout sources are unchanged. (Test fixtures are also pinned to LF via .gitattributes so snapshot output is byte-identical across platforms.)

• fallow dupes human output now shows forward-slash paths on Windows. The clone-group, clone-family, and grouped-bucket listings rendered file paths via the raw OS separator, so on Windows they printed backslashes (src\copy1.ts) instead of the forward slashes used everywhere else in fallow's output, and the directory/filename split (which keys on /) misfired on those paths. The dupes renderer now routes every path through the same format_display_path normalization the rest of the report already uses, so Windows output matches Linux and macOS. No change on Unix, where paths were already forward-slash.

• ESLint plugins pulled in transitively by a meta-preset such as @antfu/eslint-config are no longer reported as unused. A flat config that calls a preset factory (export default antfu({...})) names no individual plugins, so the plugins the preset enables (declared as its own optional peerDependencies) surfaced as unused-dev-dependency and had to be silenced with ignoreDependencies. When the config imports a package whose name matches a preset shape (eslint-config-* or @scope/eslint-config[-*]), fallow now reads that preset's own package.json and credits the eslint-ecosystem entries (eslint-plugin-*, scoped plugins, shareable configs, parsers, import resolvers) it declares in dependencies / peerDependencies / optionalDependencies. This covers the optional framework-plugin peers that the generic peer-dependency closure intentionally skips. General-purpose runtime dependencies the preset also declares (such as globals) are excluded, so a genuinely-unused general dependency you declared independently is still reported, and a plain plugin import does not pull in its own dependency fan. Plugins a preset does not declare (or that an older preset version pulled but the installed one no longer does) remain reported. Thanks @​Noktomezo for the report. (Closes #​754.)

• The churn-hotspot analysis window now travels with the count in fallow health, including when there are zero hotspots. Before, the window (default 6m, set via --since) appeared only in the ● Hotspots (N files, since 6 months) section header, which is omitted entirely when a repo has no hotspots. So the orientation ■ Metrics: line read 0 churn hotspots with no anchor, leaving you unable to tell "zero in the last 6 months" from "zero ever," and the window vanished completely on healthy repos. After, the metrics line reads 0 churn hotspots (since 6 months) and the --format markdown Vital Signs row reads | Hotspots (since 6 months) | 0 |, so the window is visible even when the Hotspots section is suppressed. When the churn pipeline did not run (non-git repo, shallow clone), the suffix is omitted rather than rendering an empty window. JSON, SARIF, compact, and CodeClimate output are unchanged (the window string was already serialized on hotspot_summary). (Closes #​552.)

• SvelteKit layout-reset routes (+page@.svelte, +layout@named.svelte) are no longer reported as unused files. SvelteKit's layout-reset convention appends an @ suffix to a page or layout component to break it out of its parent layout chain (+page@.svelte resets to the root layout, +page@named.svelte resets to a named layout). The SvelteKit plugin only matched the non-@ filenames as entry points, so any route using layout-reset surfaced as unused-file. The plugin now also marks src/routes/**/+page@*.svelte and src/routes/**/+layout@*.svelte as entry points and credits their default export, covering both the empty (@.svelte) and named (@named.svelte) forms. Only the .svelte component files take the @ suffix; SvelteKit itself rejects @ in .ts/.js route files, so the co-located load files are unaffected. Thanks @​codingthat for the report. (Closes #​791.)

• @nuxt/content's content.config.ts is no longer reported as unused. @​nuxt/content v3 defines collections in a root content.config.ts (export default defineContentConfig({...})) that the module reads at build time; nothing in app source imports it, so fallow surfaced it as unused-file plus an unused default export and users had to add a manual entry or ignore. When @nuxt/content is registered in the nuxt.config modules: array, fallow now credits content.config.{ts,js,mts,mjs,cts,cjs} (resolved relative to the nuxt.config directory, so nested/monorepo configs credit the adjacent file) as a default-export entry point. The credit is gated on module registration rather than mere package.json presence, so an installed-but-unregistered @nuxt/content still correctly flags a genuinely-orphan content.config. Scoped to the first-party @nuxt/content only; third-party Nuxt module config files are deliberately not hardcoded (per #​138). (Closes #​792.)

• oxlint-tsgolint is no longer reported as an unused dependency. oxlint loads its type-aware companion package oxlint-tsgolint at runtime (via --type-aware or options.typeAware); it is never imported in source and never listed in an .oxlintrc.json jsPlugins array, so the existing jsPlugins crediting did not cover it. fallow already silenced it in devDependencies through a general oxlint tooling prefix, but a project that declares it in prod dependencies (for example via a pnpm catalog: entry) still saw unused-dependency and had to silence it with ignoreDependencies. The oxlint plugin now credits oxlint-tsgolint as a tooling dependency in both prod and dev categories whenever oxlint is active. The credit is by exact name, not an oxlint-* prefix, so an unrelated oxlint--prefixed prod dependency that is genuinely unused still reports. Thanks @​kevinmichaelchen whose effect-coffee-shop repo surfaced this. (Closes #​753.)

• rspress @theme virtual-module imports are no longer reported as unlisted dependencies. rspress (the Rsbuild/Rspack documentation framework) exposes its theme layer through the build-time @theme virtual module, the same way Docusaurus does, but fallow had no rspress plugin, so importing @theme (or a @theme/<component> subpath) from docs or source surfaced as an unlisted-dependency and had to be silenced with ignoreDependencies. A new rspress plugin activates on rspress or any @rspress/-scoped dependency (such as @rspress/core) and contributes @theme/ and @theme-original/ as framework virtual-module prefixes, so both the bare @theme import and its subpaths are recognized as build-time virtual modules across unlisted-dependency and unresolved-import reporting. Real scoped packages such as @theme-ui/core are not affected. Docusaurus projects already handled the bare @theme import; this closes the equivalent gap for rspress. Thanks @​callstackincubator whose agent-device docs site surfaced this. (Closes #​756.)

• fallow health can now be a real CI gate: --min-score is authoritative and --min-score 0 exits 0. Before, the exit code failed (1) whenever any above-threshold function existed, regardless of the health score, so --min-score only ever added a second way to fail and fallow health --min-score 0 still exited 1, the clearest tell that the score never drove the exit code. Health could only ever be advisory. After, when --min-score N is set it is the authoritative complexity gate: the run exits 0 when the score is at or above N (so --min-score 0 always passes) and complexity findings are demoted to informational while still printed. --min-severity is unchanged and now composes with --min-score (the run fails if either gate trips). Plain fallow health with no gate flag keeps the back-compatible behavior of exiting 1 on any finding. A new --report-only flag prints the score and findings but never fails CI (always exit 0), for surfacing health in logs without blocking; it is mutually exclusive with --min-score / --min-severity. The runtime-coverage and coverage-gap gates remain independent explicit opt-ins. For gating on newly-introduced complexity only, fallow audit --gate new-only stays the right tool, and fallow health --help now signposts it. (Closes #​786.)

• Coexisting config files no longer pick a winner silently. Fallow loads the first of .fallowrc.json > .fallowrc.jsonc > fallow.toml > .fallow.toml found per directory. Before, if two of these coexisted (for example a fallow.toml you maintain plus a stale .fallowrc.json left over from a migration or a partial fallow init), fallow loaded the higher-precedence one with no signal, so you could see correct-looking output produced from the wrong source. After, config discovery emits a tracing::warn! (visible on stderr at the default level) naming the file it loaded and the lower-precedence file(s) it ignored, and pointing at the precedence order; it fires once per directory per run. Passing an explicit --config <path> performs no discovery and never warns. The docs and the fallow config help text now also state that .fallowrc.json accepts JSONC (comments and trailing commas) and that .fallowrc.jsonc is identical in behavior, with the extension serving only as an editor hint. (Closes #​458.)

• In a monorepo, a workspace package's framework class-member allowlist and SCSS include paths are no longer dropped during plugin-result merging. When a framework is active only in a workspace package (Lit, Lexical, Ember, or Angular in packages/<name>, not at the repo root), the package's plugin contributions to two fields were silently discarded while the root project's results were merged. A package's heritage-scoped class-member allowlist (for example Lit's firstUpdated / willUpdate on a LitElement subclass) was dropped, so those framework-invoked methods surfaced as false unused-class-member findings, and a package's Angular stylePreprocessorOptions.includePaths was dropped, so SCSS @use / @import resolving against those directories surfaced as unresolved-import. Both fields now flow through the merge. Single-package (non-monorepo) projects were never affected. (Closes #​772.)

• Velite config, content, and generated .velite output are no longer reported as unused. Projects using Velite had to manually mark velite.config.ts as an entry and ignore content/** plus **/.velite/**, because fallow did not model Velite's build-time content pipeline. A new Velite plugin activates on the velite dependency or a velite.config.{ts,mts,cts,js,mjs,cjs} file. It keeps the config and generated .velite/** output reachable (traversing the hidden .velite directory so app imports of generated collections resolve), credits packages imported by the config and velite itself as a tooling dependency, and parses defineConfig / defineCollection to mark each collection pattern (joined to the top-level root, default content) as a content entry point so Velite-managed Markdown / MDX is not flagged. Patterns are scoped to the config file's package, so a monorepo app's content does not leak project-wide. (Closes #​609.)

• Container-format diagnostics now point back to the original source lines. MDX import/export extraction now keeps a byte mapping from extracted statements back to the .mdx file, so imports after prose report their real line instead of the synthetic extracted-buffer line. Astro frontmatter and processed template scripts, plus Vue/Svelte <script> blocks, now remap parsed import/export spans back to their container files. CSS/SCSS directive imports now carry source spans when the directive has a real specifier, while intentionally synthetic Tailwind reachability edges stay unpositioned. Svelte 5 $derived(new Class()) bindings now also credit template member usage on the derived instance. (Closes #​445.)

• A root dangerfile.js run from CI is no longer reported as an unused file. Danger is commonly invoked straight from CI (npx danger ci, an Earthfile, a GitHub Action) without danger ever being listed in package.json, so the Danger plugin's dependency enabler never fired and the dangerfile surfaced as unused-file, forcing a manual entry workaround. The plugin now also activates when a dangerfile.{js,ts,mjs,cjs} is discovered at the repo root or in a workspace, mirroring how the k6 plugin activates on its convention files. The .js extension was always covered by the existing allowlist; the gap was activation, not the extension. Exact-filename matching keeps lookalikes such as predangerfile.js and dangerfile.json inert. (Closes #​758.)

• A package whose binary runs via bun --bun <bin> in a script is no longer reported as unused. Before, a package.json script like "prepare": "is-ci || bun --bun prek install" left the providing package flagged as an unused dependency: the script parser treated bun --bun ... as a bare bun <script> invocation (like yarn build) and dropped the whole command before the prek binary could be resolved to its package. After, bun's runtime flags (--bun, --watch, --hot, --smol, --no-clear-screen) are skipped so the executed binary is extracted and credited through the existing bin-to-package map (prek to @j178/prek), while bun --watch run dev and bare bun <script> still correctly resolve to script delegations. bun x <pkg> (the bun-native alias of bunx) is now recognized too. An unrecognized leading flag is conservatively treated as a script delegation rather than guessed at. Thanks @​Noktomezo for the report. (Closes #​755.)

• Workspace packages whose tsconfig paths point at unbuilt dist no longer report unresolved-import plus unused-dependency pre-build. A common monorepo convention maps a sibling-package specifier to compiled output in tsconfig ("@​scope/*": ["../*/dist/index.d.ts"]). When the project is analyzed before a build, that dist target does not exist, and fallow stopped at the path-alias step: every consumer of @scope/pkg reported unresolved-import, and the package itself reported unused-dependency. After, when a path-alias-shaped specifier is also a valid workspace package name and the alias target cannot be resolved, fallow falls through to the workspace-package fallback and resolves the import against the package's own source tree (reusing the existing dist-to-src mapping). On a pre-build clone of graphql-markdown/graphql-markdown this clears 264 false unresolved-import findings and the matching unused-dependency reports. (Closes #​757.)

• Class members called only through a typed $props() / destructured binding are no longer reported as unused. A Svelte component that receives a class instance as a typed prop (let { resultState }: Props = $props() where Props declares resultState: ResultState) and calls resultState.pin(...) from markup or script previously surfaced those methods as unused-class-member, because fallow only tracked instance bindings created with new. Typed destructured bindings (from let/const and from destructured function parameters) now resolve their members onto the referenced class, so the calls are credited. The resolution is type-driven, so it also covers plain TypeScript and Vue (function render({ resultState }: Props) { resultState.pin() }). Genuinely unused members are still reported. Thanks @​asciimoo for the report. (Closes #​752.)

• GitHub Action baseline checks now catch config-only baseline drift. Before, pull request runs using the default auto-changed-since: true plus a generic dead-code baseline could hide baseline membership changes when the PR only changed fallow config, then fail later on the unscoped default-branch run. After, baseline-active dead-code/check action runs disable auto-derived PR scoping when a fallow config file changes, while preserving explicit changed-since and diff-file overrides. Saved generic baselines also keep pretty JSON and now end with a trailing newline. (Closes #​746.)

• babel-plugin-react-compiler is no longer reported as unused when React Compiler is enabled via reactCompilerPreset(). The #​623 detection only recognised React Compiler wired through a Babel plugins array. The current documented @vitejs/plugin-react 6.x setup feeds the compiler through the reactCompilerPreset() preset helper instead (babel({ presets: [reactCompilerPreset()] }) via @rolldown/plugin-babel), so the dependency was being flagged and projects worked around it with ignoreDependencies. Fallow now credits babel-plugin-react-compiler for the preset form, in both Vite vite.config.* and electron-vite electron.vite.config.* (where the preset commonly lives in renderer.plugins). The credit is provenance-checked: reactCompilerPreset must be a named import from @vitejs/plugin-react. The namespace-import form (import * as vr) and the variable-indirection form (const p = reactCompilerPreset()) remain reportable. Thanks to the maintainers of nicotsx/zerobyte and OpenWaggle/OpenWaggle whose configs surfaced this. (Closes #​751.)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.