Skip to content

chore(deps): bump pulseengine/rivet from 0.6.0 to 0.17.0#153

Merged
avrabe merged 1 commit into
mainfrom
dependabot/github_actions/pulseengine/rivet-0.17.0
Jun 23, 2026
Merged

chore(deps): bump pulseengine/rivet from 0.6.0 to 0.17.0#153
avrabe merged 1 commit into
mainfrom
dependabot/github_actions/pulseengine/rivet-0.17.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 20, 2026

Copy link
Copy Markdown
Contributor

Bumps pulseengine/rivet from 0.6.0 to 0.17.0.

Release notes

Sourced from pulseengine/rivet's releases.

Rivet v0.17.0

What's Changed

Full Changelog: pulseengine/rivet@v0.16.1...v0.17.0

Rivet v0.16.1

What's Changed

Full Changelog: pulseengine/rivet@v0.16.0...v0.16.1

Rivet v0.16.0

What's Changed

... (truncated)

Changelog

Sourced from pulseengine/rivet's changelog.

[0.17.0] - 2026-06-19

Security

  • RUSTSEC-2026-0182 / #542 — bump wasmtime 43 → 44.0.3. A new advisory flags a WASIp1 fd_renumber resource leak in wasmtime-wasi, fixed in 44.0.3. The Security Audit gate had gone red repo-wide; rivet's only wasmtime consumer is the compose-witness component runner (wasm_runtime.rs), which compiles unchanged against the new API. cargo audit is clean afterward.

Added

  • #540 / #541rivet check docs oracle. Enumerates every candidate path the doc scanner considered and tags each loaded / skipped (<reason>) / excluded (<glob>). --format json emits the canonical {oracle, entries, total, by_status} envelope; --strict exits non-zero when any candidate is skipped (allowlist exclusions do not trip strict).
  • REQ-202 / #456 — minimal --no-default-features build. rivet-cli gates the serve + MCP + LSP stack behind cargo features (all kept in default, so the published binary is byte-for-byte unchanged). cargo build -p rivet-cli --no-default-features yields the validate/list/add/commit-check core with none of axum/rmcp/lsp-server compiled in; --format html export, snapshot, and embed (which share the dashboard renderer) are serve-gated and refuse with a clear message in the minimal build.
  • REQ-220 / #431rivet init --vendor-schemas. Writes the resolved built-in schemas (plus auto-discovered bridges) on-disk into schemas/, so a project pins its validation against rivet upgrades (the loader prefers on-disk over the embedded copy). Never overwrites an existing schema file.
  • #509 — runner-liveness alert. A GitHub-hosted scheduled workflow (runner-liveness.yml) probes the self-hosted runner pool and queued-run age every 15 minutes and raises a durable runner-down tracking issue when the pool stalls, instead of every gate queueing forever with no signal.

Fixed

  • REQ-218 / #479next-id honors IDs claimed in git history. Allocation scanned only the working tree, so a reverted commit or an in-flight branch could reissue an ID already claimed elsewhere (the reverted-but-burned-ID trap). next-id and add now also consider IDs claimed in commit trailers / subject tags across all refs; overridable with RIVET_NEXTID_NO_GIT=1.
  • REQ-219 / #500 — JSON error envelope on a parse failure. A misplaced top-level --project/--schemas (they are deliberately not clap global) left stdout empty under --format json, giving consumers a cryptic "EOF while parsing". Such invocations now emit a one-line {error, hint} envelope on stdout; non-JSON parse errors keep the stderr-only behavior.
  • #532 / #539 — variant loader skips feature-model binding files. load_variant_configs_from_dir no longer trips over variant:-wrapped binding files.
  • #522 / #525 — restore accepted to the canonical status enum.

... (truncated)

Commits
  • d648ce4 release(v0.17.0): bump version + CHANGELOG [0.17.0] (#545)
  • ee352ce fix(cli): emit a JSON error envelope on parse failure under --format json (RE...
  • a32a02b ci: add runner-liveness alert for the self-hosted pool (#509 slice 1) (#536)
  • b16bb9c fix(variants): skip feature-model binding files in load_variant_configs_from_...
  • 01f2976 feat(check): add rivet check docs oracle with --format json + --strict (#54...
  • 55339e1 fix(deps): bump wasmtime 43 -> 44.0.3 for RUSTSEC-2026-0182 (#542)
  • 8dae100 feat(init): --vendor-schemas pins built-in schemas on-disk against upgrades (...
  • fa1b8ed fix(schema): restore accepted to canonical status enum (#522) (#525)
  • 6f2df49 ci: move mutants-cli off lean-mem to rust-cpu (#523) (#526)
  • 18db3e9 feat(cli): minimal --no-default-features build excludes serve+MCP+LSP stack (...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pulseengine/rivet](https://github.com/pulseengine/rivet) from 0.6.0 to 0.17.0.
- [Release notes](https://github.com/pulseengine/rivet/releases)
- [Changelog](https://github.com/pulseengine/rivet/blob/main/CHANGELOG.md)
- [Commits](pulseengine/rivet@v0.6.0...v0.17.0)

---
updated-dependencies:
- dependency-name: pulseengine/rivet
  dependency-version: 0.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Dependency updates label Jun 20, 2026
@temper-pulseengine temper-pulseengine Bot enabled auto-merge (squash) June 20, 2026 18:45
@avrabe avrabe merged commit 71b64d6 into main Jun 23, 2026
@avrabe avrabe deleted the dependabot/github_actions/pulseengine/rivet-0.17.0 branch June 23, 2026 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency updates

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant