deps: update tree-sitter-language-pack requirement from <1.6.3,>=0.6 to >=0.6,<1.10.2

[dependabot]

Updates the requirements on tree-sitter-language-pack to permit the latest version.

Release notes

Sourced from tree-sitter-language-pack's releases.

v1.10.1

What's Changed

• fix(intel): include Ruby namespaces in structure by @​pboling in kreuzberg-dev/tree-sitter-language-pack#129
• chore: add .gitattributes marking generated dirs as linguist-generated by @​kh3rld in kreuzberg-dev/tree-sitter-language-pack#130
• feat(gherkin): add support for Gherkin language with detection and smoke tests by @​sahalsaad in kreuzberg-dev/tree-sitter-language-pack#132
• docs(nav): add ecosystem page cross-linking the sibling docs sites by @​v-tan in kreuzberg-dev/tree-sitter-language-pack#135
• chore(docs): add robots.txt with Sitemap directive by @​v-tan in kreuzberg-dev/tree-sitter-language-pack#134
• fix(download): honor proxy env vars when fetching grammars by @​wolgy in kreuzberg-dev/tree-sitter-language-pack#139
• docs: update stale 300+ language references to 306 by @​kh3rld in kreuzberg-dev/tree-sitter-language-pack#140

New Contributors

• @​sahalsaad made their first contribution in kreuzberg-dev/tree-sitter-language-pack#132
• @​v-tan made their first contribution in kreuzberg-dev/tree-sitter-language-pack#135
• @​wolgy made their first contribution in kreuzberg-dev/tree-sitter-language-pack#139

Full Changelog: kreuzberg-dev/tree-sitter-language-pack@v0.17.10...v1.10.1

Changelog

Sourced from tree-sitter-language-pack's changelog.

[1.10.1] - 2026-06-20

Fixed

• Java: fixed a JVM crash (EXCEPTION_ACCESS_VIOLATION) when traversing a parsed tree via opaque handles (#146). Parser.parse, Tree.walk, Tree.rootNode, Node.parent/child, and TreeCursor.node freed the returned native handle in a finally block immediately after wrapping it, so the returned Tree/Node/TreeCursor referenced already-freed memory and the next native call dereferenced it and crashed. The wrapper now owns the handle and frees it once on close(). Fixed in the alef Java backend and picked up by the 0.25.55 regen; value/DTO returns (byteRange/startPosition/process) still correctly free the FFI temporary after reading it.

Changed

• chore(precommit,alef): standardize kotlin-android formatting on ktfmt --kotlinlang-style. Drop the conflicting prek ktlint hook, scope detekt/ktfmt to packages/kotlin-android, add --kotlinlang-style to ktfmt, switch alef.toml kotlin format/check from gradle-ktlintFormat to ktfmt so alef and prek agree, and exclude the vendored Gradle wrapper from shellcheck. detekt remains for static analysis. (.pre-commit-config.yaml, alef.toml)

Added

• Host-native Language passthrough across the C-ABI binding family (#143). get_language now returns each ecosystem's native tree-sitter Language instead of an opaque alef handle, so the result drops straight into the host runtime's parser: Go (*tree_sitter.Language via go-tree-sitter), Zig (?*const tree_sitter.Language via zig-tree-sitter), Java (jtreesitter.Language), C# (TreeSitter.Language), Kotlin Android (ktreesitter.Language), and Swift (SwiftTreeSitter.Language) — joining the existing Python and Node passthrough. Each binding gained a dependency on its host tree-sitter runtime, injected into the generated manifest. Configured via [crates.*.capsule_types.Language] in alef.toml; regenerated against alef 0.25.55.

Changed

• Regenerated all bindings against alef 0.25.55. The C FFI crate now takes a direct tree-sitter dependency so the capsule shim can name tree_sitter::ffi::TSLanguage (the pointee it casts value.into_raw() to), and the zig build.zig.zon carries the resolved zig-tree-sitter content hash.

[1.9.1] - 2026-06-18

Fixed

• Swift: restored the public getLanguage(name:) function in the TreeSitterLanguagePack module. An alef 0.25.38 codegen regression added opaque types to the Swift forwarder exclusion set, dropping get_language (the only free function returning the opaque Language type) from the generated public API in v1.9.0. Regenerated against alef 0.25.43.

[1.9.0] - 2026-06-18

Changed

• Bumped alef pin 0.25.28 → 0.25.38 and regenerated all bindings. Picks up alef 0.25.29–0.25.38: enum associated (static factory) methods surfaced across backends, the swift opaque no-op shim so $_free is synthesised for handle types with no visible methods (e.g. Language), swift streaming-owner already_declared re-declaration, java marshal_optional_bytes template registration, and java @Nullable type-use placement on qualified types.
• Upgraded all dependencies to their latest versions (cross-major). Ran task upgrade across every language workspace; lock files regenerated and committed.
• Repo hygiene. Ignore the machine-local packages/kotlin-android/.gradle/ cache and the .basemind/ index (untracking the accidentally-committed Gradle cache files), and exclude the deterministic .ai-rulez/.generated-manifest.json from the oxfmt pre-commit hook so it no longer fights the ai-rulez-generate hook.

... (truncated)

Commits

• bf278b4 chore(swift): update Package.swift with checksum for v1.10.1
• 16013c5 fix(ci): bound clone_vendors peak disk to stop runner-kill mid-clone
• 7fef60b chore: re-pin alef to 0.25.58 and regenerate bindings
• a3bc8bc chore: align pre-commit hooks to canonical polyglot set (v2.3.0)
• f7b61a6 chore: exclude README templates from strict markdown lint
• ec77773 docs: restructure root README to lean layout, drop banner, add star CTA gif
• 629d409 test(e2e/java): regression for #146 opaque-handle traversal UAF
• b8327f2 test(e2e/csharp): add host-native Language passthrough test
• c4429c4 feat(e2e/java): host-native Language passthrough via provisioned libtree-sitter
• 7e6ef0b docs: add collapsible per-platform plugin install instructions
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Roam Agent Review

Verdict: SAFE (risk_level low)

blast-radius 0/100 · ai-likelihood 14/100 · rule violations 0 · critique high-severity 0

Verdict: SAFE. All structural signals clean at the configured thresholds.

Next steps

• No structural concerns at the configured thresholds. Standard review still recommended.

---

_{Powered by roam-code — Apache 2.0, 100% local. Customize thresholds in .roam/rules.yml. Docs.}

[github-actions]

roam-code Analysis

Mode: incremental (changed-only) — base aa263622b8a6d91fd29d5525da3165cfa67c0a1b, 1 changed+dependent files

Health Score: 80/100 HEALTHY

health: Healthy codebase (80/100) — 46 critical issues, focus: god_components
pr-risk: Moderate risk (30/100) — review recommended (risk_level medium) (driver: test_coverage_low)

Health Metrics

Metric	Value
Health Score	80/100
Tangle Ratio	0.1%
Propagation Cost	0.0019
Total Issues	67

PR Risk

Metric	Value
Risk Score	30/100

Quality Gate: PASSED

Gate expression: health_score>=50

SARIF Upload

Metric	Value
Category	roam-code-self-analysis/self-analysis/py3.12
Results Uploaded	80

Full analysis output

health

{
  "_meta": {
    "cache_ttl_s": 300,
    "cacheable": true,
    "index_age_s": 3,
    "latency_ms": null,
    "response_tokens": 4262,
    "roam_version": "13.6.1",
    "timestamp": "2026-06-22T10:37:53Z"
  },
  "actionable_count": 11,
  "actionable_cycles": 2,
  "agent_contract": {
    "confidence": null,
    "facts": [
      "Healthy codebase (80/100) — 46 critical issues, focus: god_components",
      "health score 80",
      "tangle ratio 0.1",
      "0.0019 propagation cost findings",
      "issue count 67"
    ],
    "next_commands": [
      "roam debt",
      "roam trends --days 30"
    ],
    "risks": []
  },
  "algebraic_connectivity": null,
  "algebraic_connectivity_available": false,
  "bottleneck_thresholds": {
    "p70": 816.8,
    "p90": 5445,
    "population": 1929,
    "utility_multiplier": 1.5
  },
  "category_severity": {
    "bottlenecks": {
      "critical": 15,
      "info": 0,
      "warning": 0
    },
    "cycles": {
      "critical": 1,
      "info": 0,
      "warning": 1
    },
    "god_components": {
      "critical": 30,
      "info": 10,
      "warning": 10
    },
    "layer_violations": {
      "critical": 0,
      "info": 0,
      "warning": 0
    }
  },
  "command": "health",
  "cycles_actionable": 2,
  "cycles_total": 15,
  "framework_filtered": 0,
  "health_score": 80,
  "ignored_cycles": 13,
  "imported_coverable_lines": 0,
  "imported_coverage_files": 0,
  "imported_coverage_pct": null,
  "imported_covered_lines": 0,
  "index_status": {
    "dirty_files": 0,
    "fresh": false,
    "head_commit": "db354dc1872e",
    "hint": "index latest commit 5cfee54f4225 != HEAD db354dc1872e — git-derived metrics (commits, churn, co-change, weather) may be stale. Run `roam index --force`.",
    "indexed_commit": "5cfee54f4225"
  },
  "issue_count": 67,
  "list_counts": {
    "bottlenecks": 15,
    "cycle_break_suggestions": 1,
    "cycles": 15,
    "god_components": 50,
    "layer_violations": 0,
    "next_steps": 2,
    "score_breakdown": 5
  },
  "project": "roam-code",
  "propagation_cost": 0.0019,
  "schema": "roam-envelope-v1",
  "schema_version": "1.1.0",
  "severity": {
    "critical": 46,
    "info": 23,
    "warning": 11
  },
  "summary": {
    "actionable_cycles": 2,
    "algebraic_connectivity": null,
    "algebraic_connectivity_available": false,
    "category_severity": {
      "bottlenecks": {
        "critical": 15,
        "info": 0,
        "warning": 0
      },
      "cycles": {
        "critical": 1,
        "info": 0,
        "warning": 1
      },
      "god_components": {
        "critical": 30,
        "info": 10,
        "warning": 10
      },
      "layer_violations": {
        "critical": 0,
        "info": 0,
        "warning": 0
      }
    },
    "cycles_actionable": 2,
    "cycles_definition": "Cycle counts derived from `roam.graph.cycles.find_cycles(G, min_size=2)` on the symbol graph. `cycles_total` = all SCCs of size >= 2; `cycles_actionable` = SCCs spanning >=2 files AND no test files (same-file and test-only cycles are informational). Run `roam health` for the per-cycle breakdown.",
    "cycles_total": 15,
    "detail_available": true,
    "god_components": 50,
    "god_components_definition": "God components: symbols where `(in_degree + out_degree) > 20` from the `graph_metrics` table, with utility-aware severity bands (standard >50=CRITICAL >30=WARNING; utility >150=CRITICAL >90=WARNING). Run `roam health` for the per-symbol breakdown. Legacy aliases: `god_objects` (fingerprint), `god_classes` (rules).",
    "health_score": 80,
    "health_score_definition": "weighted geometric mean (0-100) of 5 sigmoid health factors: tangle_ratio, god_components, bottlenecks, layer_violations, file_health (+coverage if available).",
    "ignored_cycles": 13,
    "imported_coverage_files": 0,
    "imported_coverage_pct": null,
    "issue_count": 67,
    "partial_success": true,
    "preserved_list_truncations": {},
    "propagation_cost": 0.0019,
    "severity": {
      "critical": 46,
      "info": 23,
      "warning": 11
    },
    "tangle_ratio": 0.1,
    "tangle_ratio_definition": "fraction of symbols inside non-trivial SCCs; higher = more cyclic coupling.",
    "total_cycles": 15,
    "truncated": true,
    "verdict": "Healthy codebase (80/100) — 46 critical issues, focus: god_components",
    "warnings_out": [
      "health_algebraic_connectivity_warning:RuntimeWarning:algebraic_connectivity compute failed (ModuleNotFoundError): No module named 'numpy'; returning 0.0 sentinel — value is NOT a legitimate disconnected-graph reading"
    ]
  },
  "tangle_ratio": 0.1,
  "total_cycles": 15,
  "utility_count": 39,
  "version": "13.6.1",
  "warnings_out": [
    "health_algebraic_connectivity_warning:RuntimeWarning:algebraic_connectivity compute failed (ModuleNotFoundError): No module named 'numpy'; returning 0.0 sentinel — value is NOT a legitimate disconnected-graph reading"
  ]
}

pr-risk

{
  "_meta": {
    "cache_ttl_s": 60,
    "cacheable": true,
    "index_age_s": 4,
    "latency_ms": null,
    "response_tokens": 790,
    "roam_version": "13.6.1",
    "timestamp": "2026-06-22T10:37:55Z"
  },
  "actor": null,
  "agent_contract": {
    "confidence": null,
    "facts": [
      "Moderate risk (30/100) — review recommended (risk_level medium) (driver: test_coverage_low)",
      "risk score 30",
      "2 risk rank findings",
      "1 changed files",
      "1 lines added"
    ],
    "next_commands": [],
    "risks": [
      "pr-risk: moderate (30/100) on aa263622b8a6d91fd29d5525da3165cfa67c0a1b..HEAD — driver: test_coverage_low"
    ]
  },
  "author": null,
  "blast_radius_pct": 0,
  "bus_factor_risk": 0,
  "change_shape": "mixed",
  "changed_files": 1,
  "closest_historical_pattern": null,
  "closest_similarity": 0,
  "cluster_spread": 0,
  "clusters_touched": 0,
  "command": "pr-risk",
  "coupling_score": 0,
  "dead_code": [],
  "dead_exports": 0,
  "familiarity": {
    "avg_familiarity": 1,
    "files": [],
    "files_assessed": 0
  },
  "findings": [
    {
      "claim": "pr-risk: moderate (30/100) on aa263622b8a6d91fd29d5525da3165cfa67c0a1b..HEAD — driver: test_coverage_low",
      "confidence": "heuristic",
      "evidence": {
        "actor": null,
        "author": null,
        "blast_radius_pct": 0,
        "bus_factor_risk": 0,
        "changed_files_count": 1,
        "commit_range": "aa263622b8a6d91fd29d5525da3165cfa67c0a1b..HEAD",
        "coupling_score": 0,
        "created_at_epoch": 1782124675,
        "diff_id": "59cbc61fe218",
        "familiarity_risk": 0,
        "file_list": [
          "pyproject.toml"
        ],
        "hotspot_score": 0,
        "label": "aa263622b8a6d91fd29d5525da3165cfa67c0a1b..HEAD",
        "lines_added": 1,
        "lines_removed": 1,
        "minor_risk": 0,
        "novelty_score": 0,
        "reductive_change": false,
        "risk_level": "moderate",
        "risk_score": 30,
        "staged": false,
        "test_coverage_pct": 0,
        "top_driver": "test_coverage_low"
      },
      "finding_id_str": "pr-risk:composite-risk-score:59cbc61fe218",
      "kind": "pr-risk:composite-risk-score",
      "severity": "medium",
      "source_detector": "pr-risk",
      "source_version": "1.0.0",
      "subject_id": null,
      "subject_kind": "commit"
    }
  ],
  "hotspot_score": 0,
  "label": "aa263622b8a6d91fd29d5525da3165cfa67c0a1b..HEAD",
  "layer_spread": 0,
  "layers_touched": 0,
  "lines_added": 1,
  "lines_removed": 1,
  "minor_risk": {
    "files": [],
    "files_assessed": 0,
    "minor_files": 0
  },
  "novelty_score": 0,
  "per_file": [
    {
      "blast": 0,
      "churn": 516,
      "is_test": false,
      "lines_added": 1,
      "lines_removed": 1,
      "path": "pyproject.toml",
      "symbols": 0
    }
  ],
  "project": "roam-code",
  "reductive_change": false,
  "reductive_discount_applied": false,
  "risk_level": "moderate",
  "risk_level_canonical": "medium",
  "risk_rank": 2,
  "risk_score": 30,
  "schema": "roam-envelope-v1",
  "schema_version": "1.1.0",
  "suggested_reviewers": [
    {
      "actor": "Cranot",
      "author": "Cranot",
      "lines": 356
    },
    {
      "actor": "dependabot[bot]",
      "author": "dependabot[bot]",
      "lines": 1
    }
  ],
  "summary": {
    "change_shape": "mixed",
    "changed_files": 1,
    "findings_count": 1,
    "lines_added": 1,
    "lines_removed": 1,
    "partial_success": false,
    "risk_level": "moderate",
    "risk_level_canonical": "medium",
    "risk_rank": 2,
    "risk_score": 30,
    "score_classification": "classified",
    "verdict": "Moderate risk (30/100) — review recommended (risk_level medium) (driver: test_coverage_low)"
  },
  "test_coverage_pct": 0,
  "total_clusters": 11827,
  "total_layers": 33,
  "version": "13.6.1",
  "warnings_out": []
}

---

roam-code analysis | Commands: health pr-risk