Skip to content

deps(deps): bump the minor-and-patch group with 7 updates#64

Merged
cjlapao merged 2 commits into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-4abf381201
Jun 22, 2026
Merged

deps(deps): bump the minor-and-patch group with 7 updates#64
cjlapao merged 2 commits into
mainfrom
dependabot/npm_and_yarn/minor-and-patch-4abf381201

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 7 updates:

Package From To
agentic-flow 2.0.13 2.0.14
react-router-dom 7.17.0 7.18.0
@vitest/coverage-v8 4.1.8 4.1.9
ruflo 3.10.46 3.12.4
vitest 4.1.8 4.1.9
@rollup/rollup-linux-x64-gnu 4.62.0 4.62.2
tsx 4.22.1 4.22.4

Updates agentic-flow from 2.0.13 to 2.0.14

Commits

Updates react-router-dom from 7.17.0 to 7.18.0

Changelog

Sourced from react-router-dom's changelog.

v7.18.0

Patch Changes

Commits

Updates @vitest/coverage-v8 from 4.1.8 to 4.1.9

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub
Commits

Updates ruflo from 3.10.46 to 3.12.4

Release notes

Sourced from ruflo's releases.

v3.12.3 — #2395 fix: MCP no longer emits 128-dim mock embeddings

Bundled fix

#2395 — MCP memory_store emitted 128-dim mock embeddings (data quality regression)

Symptom (per issue): standalone CLI used real 384-dim ONNX embeddings, but the in-session MCP path persistently emitted 128-dim hash-fallback ("mock") embeddings — silently corrupting similarity recall and wasting any benefit of vector memory.

Root cause: bridgeGenerateEmbedding returned embedder.embed() results labeled backend: 'onnx' unconditionally, even when AgentDB's vectorBackend controller silently fell back to a 128-dim hash stub. The stub didn't expose isMock=true, so the existing isMock check let it through with a wrong label.

Fix: dimensional sanity check. The hardcoded model name Xenova/all-MiniLM-L6-v2 always produces 384-dim; anything else is definitively a stub. Return null from the bridge wrapper in that case so the caller falls through to generateLocalEmbedding, which routes via the real ONNX chain (transformers.js / ruvector).

Net: backend labels now match actual semantics, no more silent mock embeddings.

Install

npx ruflo@3.12.3
# or
npm i ruflo@latest

All 3 packages × 3 dist-tags published in lockstep.

🤖 Generated with RuFlo

v3.12.2 — kernel-panic fix + cve subcommand fix + hooks hardening

Bundled fixes

#2407 — daemon proliferation → kernel panic (CRITICAL)

Atomic O_EXCL lockfile in daemon.ts + dropped the shell & in init.ts:424. Race test verified: 5 concurrent daemon start → 1 surviving daemon (was 3-5+).

One real incident accumulated 39 zombie daemons holding ~8.5 GiB and contributed to a macOS kernel panic on June 15. No longer possible.

#2403security cve no longer a stub

Now delegates to npm audit --json (same GitHub Advisory DB source as security scan), extracts CVE IDs from via titles/URLs, supports --check CVE-XXXX-NNNN and --severity {critical,high,medium,low} filters. Local verify on this repo: 37 affected packages surfaced.

#2397.claude/helpers/* hooks hardening

Community contribution from @​tjaiyen — 5 grounded bug fixes including real timeout via Promise.race (not the spurious "timer cleared on sync return" pattern), signal cleanup, truncation transparency, cross-platform slug normalization. 248+/49− across 8 files.

Dependabot bumps (3/5 merged cleanly)

  • @types/node 20.19.41 → 20.19.43 in /v3/@claude-flow/browser
  • vitest 4.1.6 → 4.1.9 in /v3/@claude-flow/browser + /plugins/ruflo-graph-intelligence
  • agent-browser 0.27.0 → 0.27.3 in /v3/@claude-flow/browser

(#2384 + #2386 had merge conflicts; dependabot will rebase.)

Install

npx ruflo@3.12.2
</tr></table>

... (truncated)

Commits
  • 5ab8d35 chore(release): bump 3.12.3 → 3.12.4 — CWE-78 agentic-flow security patch
  • f8fbb00 chore(release): bump 3.12.2 → 3.12.3 (#2395 mock-embedding fix)
  • 1b78870 chore(release): bump 3.12.1 → 3.12.2
  • 2f115f8 docs(readme): plain-English metaharness blurb + refresh badge counts
  • 8a8b20c docs(readme): drop ADR-150 + ADR-152 references from metaharness mentions
  • d36d991 docs(readme): add ruflo-metaharness to the 33→34 plugin list
  • 9c19249 docs: metaharness user guide + README links (v3.12.1 follow-up)
  • b0e4a45 fix(release): bundle plugins/ruflo-metaharness in @​claude-flow/cli pkg (3.12.1)
  • 42b3bfb chore(release): bump 3.11.0 → 3.12.0 for ADR-150 metaharness integration
  • 473d2fc feat(metaharness): SelfEvolvingRouter promotion-gate analyzer (iter 10)
  • Additional commits viewable in compare view

Updates vitest from 4.1.8 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub
Commits
  • a7a61e7 chore: release v4.1.9 (#10598)
  • 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
  • 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
  • a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
  • See full diff in compare view

Updates @rollup/rollup-linux-x64-gnu from 4.62.0 to 4.62.2

Release notes

Sourced from @​rollup/rollup-linux-x64-gnu's releases.

v4.62.2

4.62.2

2026-06-19

Bug Fixes

  • Do not add spurious side-effect-free external imports to chunks when using minChunkSize (#6411)

Pull Requests

v4.62.1

4.62.1

2026-06-19

Bug Fixes

  • Preserve multipart file extensions when deconflicting output chunks (#6408)
  • Fix an issue where getLogFilter would match additional logs (#6415)

Pull Requests

Changelog

Sourced from @​rollup/rollup-linux-x64-gnu's changelog.

4.62.2

2026-06-19

Bug Fixes

  • Do not add spurious side-effect-free external imports to chunks when using minChunkSize (#6411)

Pull Requests

4.62.1

2026-06-19

Bug Fixes

  • Preserve multipart file extensions when deconflicting output chunks (#6408)
  • Fix an issue where getLogFilter would match additional logs (#6415)

Pull Requests

Commits
  • 8faa187 4.62.2
  • a38a795 refactor(rust/parser_ast): extract property AstConverter write buffer kind lo...
  • 6cc5c31 Skip side-effect-free external imports when hoisting is disabled (#6411)
  • caacf70 4.62.1
  • d1e8297 Add missing ignore
  • 1ba1fc2 fix: insert conflict numbers before first extension in multi-extension filena...
  • 532bd0a Use import attributes for importing JSON (#6393)
  • 2cd8194 fix: advance value past wildcard prefix before suffix check in getLogFilter (...
  • dfac590 fix(deps): update minor/patch updates (#6418)
  • 1d6db3d chore(deps): update dependency eslint-plugin-unicorn to v66 (#6419)
  • Additional commits viewable in compare view

Updates tsx from 4.22.1 to 4.22.4

Release notes

Sourced from tsx's releases.

v4.22.4

4.22.4 (2026-05-31)

Bug Fixes

  • resolve CommonJS directory requires inside dependencies (#803) (1ce8463)

This release is also available on:

v4.22.3

4.22.3 (2026-05-19)

Bug Fixes

  • decode typed loader source (dce02fc)
  • preserve entrypoint with TypeScript preload hooks (68f72f3)

This release is also available on:

v4.22.2

4.22.2 (2026-05-18)

Bug Fixes

  • preserve CJS JSON require in ESM hooks (35b700b)
  • preserve named exports from CommonJS TypeScript (11de737)
  • support module.exports require(esm) interop (cf8f199)

This release is also available on:

Commits
  • 1ce8463 fix: resolve CommonJS directory requires inside dependencies (#803)
  • dce02fc fix: decode typed loader source
  • 68f72f3 fix: preserve entrypoint with TypeScript preload hooks
  • 69455cf test: cover package exports for ambiguous ESM reexports
  • 35b700b fix: preserve CJS JSON require in ESM hooks
  • ef807db chore: update testing dependencies
  • 3917090 test: document compatibility test taxonomy
  • de8113f refactor: centralize Node capability facts
  • c1f62db test: consolidate tsconfig path edge coverage
  • 4e08174 test: consolidate loader hook coverage
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(deps): bump the minor-and-patch group with 7 updates
2387cac 
Bumps the minor-and-patch group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [agentic-flow](https://github.com/ruvnet/agentic-flow) | `2.0.13` | `2.0.14` |
| [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.17.0` | `7.18.0` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.8` | `4.1.9` |
| [ruflo](https://github.com/ruvnet/claude-flow/tree/HEAD/ruflo) | `3.10.46` | `3.12.4` |
| [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest) | `4.1.8` | `4.1.9` |
| [@rollup/rollup-linux-x64-gnu](https://github.com/rollup/rollup) | `4.62.0` | `4.62.2` |
| [tsx](https://github.com/privatenumber/tsx) | `4.22.1` | `4.22.4` |


Updates `agentic-flow` from 2.0.13 to 2.0.14
- [Release notes](https://github.com/ruvnet/agentic-flow/releases)
- [Changelog](https://github.com/ruvnet/agentic-flow/blob/main/docs/CHANGELOG.md)
- [Commits](https://github.com/ruvnet/agentic-flow/commits)

Updates `react-router-dom` from 7.17.0 to 7.18.0
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/react-router-dom@7.18.0/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.18.0/packages/react-router-dom)

Updates `@vitest/coverage-v8` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/coverage-v8)

Updates `ruflo` from 3.10.46 to 3.12.4
- [Release notes](https://github.com/ruvnet/claude-flow/releases)
- [Changelog](https://github.com/ruvnet/ruflo/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ruvnet/claude-flow/commits/v3.12.4/ruflo)

Updates `vitest` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

Updates `@rollup/rollup-linux-x64-gnu` from 4.62.0 to 4.62.2
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.62.0...v4.62.2)

Updates `tsx` from 4.22.1 to 4.22.4
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.22.1...v4.22.4)

---
updated-dependencies:
- dependency-name: agentic-flow
  dependency-version: 2.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: react-router-dom
  dependency-version: 7.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: ruflo
  dependency-version: 3.12.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: "@rollup/rollup-linux-x64-gnu"
  dependency-version: 4.62.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tsx
  dependency-version: 4.22.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@github-actions github-actions Bot added the triage Waiting triage label Jun 22, 2026
@cjlapao cjlapao merged commit dc8ef23 into main Jun 22, 2026
6 checks passed
@cjlapao cjlapao deleted the dependabot/npm_and_yarn/minor-and-patch-4abf381201 branch June 22, 2026 07:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cjlapao cjlapao cjlapao approved these changes

@alevlasu alevlasu Awaiting requested review from alevlasu alevlasu is a code owner

@sai-kumar-peddireddy sai-kumar-peddireddy Awaiting requested review from sai-kumar-peddireddy sai-kumar-peddireddy is a code owner

Assignees

No one assigned

Labels

dependencies npm triage Waiting triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cjlapao