Skip to content

chore(deps): bump github.com/openclaw/crawlkit from 0.13.1 to 0.13.2#81

Merged
steipete merged 1 commit into
mainfrom
dependabot/go_modules/github.com/openclaw/crawlkit-0.13.2
Jul 6, 2026
Merged

chore(deps): bump github.com/openclaw/crawlkit from 0.13.1 to 0.13.2#81
steipete merged 1 commit into
mainfrom
dependabot/go_modules/github.com/openclaw/crawlkit-0.13.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/openclaw/crawlkit from 0.13.1 to 0.13.2.

Release notes

Sourced from github.com/openclaw/crawlkit's releases.

Crawlkit v0.13.2

Changes

  • Add explicit monotonic snapshot merge planning and import-impact reporting so cache consumers can apply changed shards without silently replacing local rows, while exact mirrors retain replacement semantics.

Verification

  • Linux: module tidy, vet, vulnerability scan, tests, race tests
  • Windows: full test suite
  • CodeQL and secret scanning
Changelog

Sourced from github.com/openclaw/crawlkit's changelog.

v0.13.2 - 2026-07-02

  • Add explicit monotonic snapshot merge planning and import-impact reporting so cache consumers can apply changed shards without silently replacing local rows, while exact mirrors retain replacement semantics.
Commits
  • a8c08fa chore(release): prepare v0.13.2
  • f4cb025 feat(snapshot): add safe merge import plans (#42)
  • d9bb157 build(deps): bump github.com/pelletier/go-toml/v2 to 2.4.2
  • baf4d6c build(deps): bump modernc.org/sqlite to 1.53.0
  • de6c38a build(deps): bump actions/setup-go to 6.5.0
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/openclaw/crawlkit](https://github.com/openclaw/crawlkit) from 0.13.1 to 0.13.2.
- [Release notes](https://github.com/openclaw/crawlkit/releases)
- [Changelog](https://github.com/openclaw/crawlkit/blob/main/CHANGELOG.md)
- [Commits](openclaw/crawlkit@v0.13.1...v0.13.2)

---
updated-dependencies:
- dependency-name: github.com/openclaw/crawlkit
  dependency-version: 0.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 5, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 5, 2026 20:12
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 5, 2026
@clawsweeper

clawsweeper Bot commented Jul 5, 2026

Copy link
Copy Markdown

Codex review: needs maintainer review before merge. Reviewed July 5, 2026, 4:16 PM ET / 20:16 UTC.

Summary
The branch updates Go module metadata to bump github.com/openclaw/crawlkit from v0.13.1 to v0.13.2 and refreshes the transitive go-toml and modernc.org/sqlite versions in go.mod/go.sum.

Reproducibility: not applicable. this is a dependency maintenance PR, not a bug report. The review checked the diff, current main dependency pin, local crawlkit call sites, upstream release notes, and live PR checks instead of reproducing a failure.

Review metrics: 2 noteworthy metrics.

  • Changed files: 2 files changed, 9 additions, 9 deletions. The diff is confined to Go module metadata, so review centers on upstream release and dependency compatibility rather than local application logic.
  • Upstream release delta: 5 commits from crawlkit v0.13.1 to v0.13.2. The upstream compare includes one crawlkit snapshot feature plus transitive dependency bumps, which defines the meaningful compatibility surface.

Merge readiness
Overall: 🐚 platinum hermit
Proof: 🌊 off-meta tidepool
Patch quality: 🐚 platinum hermit
Result: ready for maintainer review.

Overall follows the weaker of proof and patch quality, so missing proof can cap an otherwise strong patch.

Rank-up moves:

  • none.

Next step before merge

  • No ClawSweeper repair lane is needed because the branch is narrow and has no actionable review finding.

Security
Cleared: The diff is limited to Go dependency metadata, the upstream release and compare were reviewed, and live secret scanning/CodeQL completed successfully with no concrete supply-chain concern found.

Review details

Best possible solution:

Merge the dependency bump after normal required review gates if maintainers want slacrawl on crawlkit v0.13.2; no code repair is needed.

Do we have a high-confidence way to reproduce the issue?

Not applicable: this is a dependency maintenance PR, not a bug report. The review checked the diff, current main dependency pin, local crawlkit call sites, upstream release notes, and live PR checks instead of reproducing a failure.

Is this the best way to solve the issue?

Yes: a direct go.mod/go.sum bump is the narrowest maintainable way to take crawlkit v0.13.2. Current main still uses v0.13.1, and the PR does not introduce duplicate code or alter local behavior paths.

AGENTS.md: not found in the target repository.

Codex review notes: model internal, reasoning high; reviewed against d26b140c7a94.

Label changes

Label changes:

  • add P3: This is a low-risk dependency maintenance PR with a confined go.mod/go.sum diff and green CI/security checks.
  • add rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🌊 off-meta tidepool and patch quality is 🐚 platinum hermit.
  • add status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: This is a Dependabot bot dependency PR, so the external contributor real-behavior proof gate is not applicable; CI and upstream release verification are the relevant evidence.

Label justifications:

  • P3: This is a low-risk dependency maintenance PR with a confined go.mod/go.sum diff and green CI/security checks.
  • rating: 🐚 platinum hermit: Overall readiness is 🐚 platinum hermit; proof is 🌊 off-meta tidepool and patch quality is 🐚 platinum hermit.
  • status: 👀 ready for maintainer look: ClawSweeper has no concrete contributor-facing blocker left for this PR. Not applicable: This is a Dependabot bot dependency PR, so the external contributor real-behavior proof gate is not applicable; CI and upstream release verification are the relevant evidence.
Evidence reviewed

What I checked:

  • Current main still needs the bump: Current main at d26b140 still requires github.com/openclaw/crawlkit v0.13.1, so the requested dependency update is not already implemented on main. (go.mod:8, d26b140c7a94)
  • PR diff is dependency-only: The PR head e9e96e3 changes only go.mod and go.sum, with 9 additions and 9 deletions for crawlkit v0.13.2 plus transitive go-toml and sqlite version/hash updates. (go.mod:8, e9e96e39307b)
  • Crawlkit usage is through existing stable surfaces: The central share path imports crawlkit/mirror and wraps existing mirror operations; the PR does not change slacrawl application logic around publish, subscribe, or update. (internal/share/share.go:20, d26b140c7a94)
  • CLI call sites remain unchanged: Status/metadata use crawlkit/control and crawlkit/tui, while share publish/subscribe/update continue calling local share wrappers; no duplicate or new implementation path is introduced by the PR. (internal/cli/app.go:20, d26b140c7a94)
  • Upstream release reviewed: Crawlkit v0.13.2 was published 2026-07-02 and the compare from v0.13.1 shows five commits, with code changes in crawlkit snapshot plus module/dependency updates; mirror/store/control/tui/releasecheck files were not in the upstream file list. (f4cb0257b20b)
  • Live PR checks are green: The latest PR check rollup showed assign, deps, analyze, secret scanning, docker, lint, test, release-check, and CodeQL completed successfully, with only the release-draft update skipped. (e9e96e39307b)

Likely related people:

  • steipete: Remote history shows steipete authored the durable git-share snapshot work, follow-up snapshot fixes, the current release commit that owns go.mod in the local checkout, and the upstream crawlkit v0.13.2 feature commit. (role: feature owner and recent area contributor; confidence: high; commits: b1170f036121, d0c3c8abb0f1, db94aea149cf; files: go.mod, internal/share/share.go, internal/store/store.go)
  • vincentkoc: Remote history shows vincentkoc moved slacrawl into the OpenClaw org and touched adjacent store/share-era code, and the live PR is assigned to vincentkoc. (role: adjacent repository contributor and assigned reviewer; confidence: medium; commits: fa593d98e4e2, 04daee55d43c; files: internal/share/share.go, internal/store/store.go)
What the crustacean ranks mean
  • 🦀 challenger crab: rare, exceptional readiness with strong proof, clean implementation, and convincing validation.
  • 🦞 diamond lobster: very strong readiness with only minor maintainer review expected.
  • 🐚 platinum hermit: good normal PR, likely mergeable with ordinary maintainer review.
  • 🦐 gold shrimp: useful signal, but proof or patch confidence is still limited.
  • 🦪 silver shellfish: thin signal; proof, validation, or implementation needs work.
  • 🧂 unranked krab: not merge-ready because proof is missing/unusable or there are serious correctness or safety concerns.
  • 🌊 off-meta tidepool: rating does not apply to this item.

Shiny media proof means a screenshot, video, or linked artifact directly shows the changed behavior. Runtime, network, CSP, and security claims still need visible diagnostics.

How this review workflow works
  • ClawSweeper keeps one durable marker-backed review comment per issue or PR.
  • Re-runs edit this comment so the latest verdict, findings, and automation markers stay together instead of adding duplicate bot comments.
  • A fresh review can be triggered by eligible @clawsweeper re-review comments, exact-item GitHub events, scheduled/background review runs, or manual workflow dispatch.
  • PR/issue authors and users with repository write access can comment @clawsweeper re-review or @clawsweeper re-run on an open PR or issue to request a fresh review only.
  • Maintainers can also comment @clawsweeper review to request a fresh review only.
  • Fresh-review commands do not start repair, autofix, rebase, CI repair, or automerge.
  • Maintainer-only repair and merge flows require explicit commands such as @clawsweeper autofix, @clawsweeper automerge, @clawsweeper fix ci, or @clawsweeper address review.
  • Maintainers can comment @clawsweeper explain to ask for more context, or @clawsweeper stop to stop active automation.

@clawsweeper clawsweeper Bot added rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR. P3 Low-risk cleanup, docs, polish, ergonomics, or speculative feature. labels Jul 5, 2026
@steipete steipete merged commit 422fe2b into main Jul 6, 2026
12 checks passed
@steipete steipete deleted the dependabot/go_modules/github.com/openclaw/crawlkit-0.13.2 branch July 6, 2026 07:48
@steipete

steipete commented Jul 6, 2026

Copy link
Copy Markdown
Collaborator

Maintainer verification after merge:

  • Local proof on exact PR head e9e96e39307b894013027d4cf123dc2d0fc40d9e: GOWORK=off go mod tidy with no diff, GOWORK=off go vet ./..., GOWORK=off go test ./..., GOWORK=off go test -race ./..., and make test all passed.
  • Live CLI proof: built the PR binary and exercised doctor --json, status --json, a bounded no-hit search, and read-only SQL against the configured archive. JSON remained valid, FTS was available, invalid output format exited nonzero, and workspace/channel/user/message row counts were unchanged.
  • Review: Codex autoreview (gpt-5.5, high reasoning) reported no accepted/actionable findings.
  • CI: every required check on the exact PR head passed; only the expected release-draft update was skipped.
  • Landed as 422fe2ba16fb3a2fbf9882862e25ce59d24a88be.

No caveats beyond the existing archive reporting partial historical thread coverage, which is unrelated to this dependency update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

chore dependencies Pull requests that update a dependency file go Pull requests that update go code other P3 Low-risk cleanup, docs, polish, ergonomics, or speculative feature. rating: 🐚 platinum hermit Good normal PR readiness with ordinary maintainer review expected. status: 👀 ready for maintainer look ClawSweeper has no concrete contributor-facing blocker left for this PR.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants