chore(deps): update dependency cliwrap to 3.10.1

[thomhurst]

This PR contains the following updates:

Package	Change	Age	Confidence
CliWrap	3.10.0 → 3.10.1

---

Release Notes

Tyrrrz/CliWrap (CliWrap)

v3.10.1

Compare Source

What's Changed

• Throw if failed to kill process during cancellation by @​Tyrrrz in #​308
• Bump the nuget group with 4 updates by @​dependabot[bot] in #​314
• Migrate to Centralized NuGet Package Management (CPM) by @​Copilot in #​319
• Bump the nuget group with 6 updates by @​dependabot[bot] in #​320
• Remove explicit Microsoft.SourceLink.GitHub package reference by @​Copilot in #​321
• Use LibraryImport instead of DllImport for proper AOT support by @​Copilot in #​323

New Contributors

• @​Copilot made their first contribution in #​319

Full Changelog: Tyrrrz/CliWrap@3.10...3.10.1

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[claude]

Code Review

This is a straightforward Renovate-generated dependency bump of CliWrap from 3.10.0 → 3.10.1 in Directory.Packages.props.

Change Summary

• Single-line version bump in the centralized package management file — minimal blast radius.

Notable in 3.10.1

• Bug fix: Throws if failed to kill process during cancellation (Tyrrrz/CliWrap#308) — this is a correctness improvement that benefits ModularPipelines' command execution layer.
• AOT support improvement via LibraryImport instead of DllImport.
• Internal dependency/tooling updates (CPM migration, SourceLink cleanup).

Assessment

The change is safe to merge. The patch release contains a meaningful bug fix (process kill failure now propagates as an exception rather than silently failing), which is the correct behavior for a pipeline tool where cancellation reliability matters. No breaking changes are indicated, and the change is confined to the centralized package version — all consuming projects inherit it automatically.

✅ Approved.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	✅ 0 (≤ 20 complexity)

View in Codacy

_{TIP This summary will be updated as you push new changes. Give us feedback}

[claude]

Code Review (Follow-up)

This is a follow-up to the previous review posted on 2026-04-01. No new commits have been pushed since then, so this is a reconfirmation.

Change

Single-line version bump in Directory.Packages.props: CliWrap 3.10.0 → 3.10.1.

Previous review findings — still accurate

• The patch release carries a meaningful correctness fix: CliWrap now throws if it fails to kill a process during cancellation (Tyrrrz/CliWrap#308). For a pipeline tool that relies heavily on subprocess management, this is strictly better behavior than silently swallowing the failure.
• AOT compatibility improvement (LibraryImport replacing DllImport) is a future-proofing win with no runtime cost.
• The change is confined to the centralized Directory.Packages.props, so all consuming projects inherit it automatically with no additional edits required — this is the correct approach for a CPM-based solution.
• No breaking changes are indicated in the release notes, and Codacy reports zero new issues.

Conclusion

No issues found. The update is safe, beneficial, and appropriately scoped. The PR has auto-merge enabled and is ready to land.

[claude]

Code Review

This is a Renovate-generated patch bump of CliWrap from 3.10.0 to 3.10.1, applied correctly in the single source-of-truth location (Directory.Packages.props) under Centralized Package Management (CPM).

Change assessment

Scope: One line, one file. All projects that reference CliWrap inherit the update automatically — no per-project .csproj edits are needed or expected. This is the correct pattern for a CPM-managed solution.

What changed upstream in 3.10.1:

1. Process kill now throws on failure during cancellation (Tyrrrz/CliWrap#308) — this is the most relevant fix for ModularPipelines. Previously, if CliWrap failed to kill a spawned process when a CancellationToken was cancelled, the failure was swallowed silently. Now it propagates as an exception. For a pipeline framework that wraps CLI tool execution, reliable cancellation is critical: a silent failure to kill could leave orphaned processes consuming resources or producing side-effects after a pipeline is cancelled. The new behavior surfaces the problem so callers can act on it.

2. AOT compatibility (LibraryImport replacing DllImport) — future-proofing with no runtime cost or behavioral change for JIT scenarios.

3. Internal tooling/dependency hygiene (CPM migration, SourceLink cleanup) — no consumer impact.

No concerns

• The diff is minimal and mechanically correct.
• No breaking API changes are indicated in the release notes.
• The patch version increment is semantically appropriate for a bug fix + internal improvements.
• Static analysis (CodeFactor) reports no new issues.
• Snyk reports no new manifest-level security concerns.

Previous reviews on this PR (from 2026-04-01 and earlier today) reached the same conclusion, and nothing has changed since then.

Verdict: safe and beneficial to merge.