Update dependances

[vadimpiven]

Summary by CodeRabbit

• Chores
  • Updated development infrastructure and tool configurations, including GitHub Actions setup and dependency management automation.
  • Updated Python version to 3.14.2.
  • Added and pinned dependencies for improved version consistency.
  • Simplified platform constraints in development dependencies.
  • Refactored tool specifications and task orchestration in build configuration.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

📥 Commits

Reviewing files that changed from the base of the PR and between 2e32548 and 70b3feb.

⛔ Files ignored due to path filters (2)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (7)

• .github/actions/setup/action.yaml
• .github/renovate.json
• .python-version
• mise.toml
• package.json
• pnpm-workspace.yaml
• pyproject.toml

_{✏️ Tip: You can disable in-progress messages and the fortune message in your review settings.}

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Configuration files updated across the project stack: GitHub Actions setup extended with Mise integration, Renovate rules added for Mise tool management, Python and Node dependency versions bumped, Mise tool definitions reorganized from Rust-centric to Node-centric with enhanced task orchestration, and Hono framework dependency introduced with pnpm workspace catalog updates.

Changes

Cohort / File(s)	Summary
GitHub Actions & CI .github/actions/setup/action.yaml, .github/renovate.json	Added new "Mise setup" step in composite action. Introduced two customManager entries in Renovate config to handle mise.toml tool updates via github shorthand and version_prefix patterns with extractVersionTemplate support.
Python Tooling .python-version, pyproject.toml	Bumped Python version 3.14.1 → 3.14.2. Simplified platform constraints by removing platform_machine checks, kept sys_platform != 'win32' guards. Updated dev dependencies: pyrefly 0.47.0 → 0.48.2, ruff 0.14.11 → 0.14.13, semgrep 1.147.0 → 1.148.0, zizmor 1.20.0 → 1.22.0. Removed exclude-newer setting from tool.uv.
Node Packaging package.json, pnpm-workspace.yaml	Added hono (^4.11.4) to devDependencies and pnpm catalog. Expanded pnpm overrides to pin hono, @hono/node-server, diff, undici, and existing tar. Removed minimumReleaseAge and minimumReleaseAgeExclude from workspace config.
Mise Tool Configuration mise.toml	Major reconfiguration: migrated from Rust-centric to Node-centric tooling. Introduced explicit version_prefix and per-tool platform blocks. Replaced entries with GitHub-based sources (nextest-rs/nextest, mstange/samply). Updated ripgrep/jq/yq mappings. Added pnpm-audit tasks (check/fix). Consolidated task updates: renamed update-\* to upgrade-\* with new [tasks.upgrade] umbrella alias "u". Added docker task alias "d", hidden ci-build/ci-test entries, aggregate [tasks.ci-build] and [tasks.ci-test], build alias "b" with per-package dependencies. Reworked section headings and comments.

Possibly related PRs

• Release workflow #6: Modifies overlapping package configuration files (pnpm-workspace.yaml, package.json) with potentially conflicting workspace and dependency settings.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Update dependances' is a vague, generic phrase that does not clearly describe the scope or main objective of the changeset, which involves extensive configuration updates beyond just dependencies.	Consider a more descriptive title that captures the main changes, such as 'Configure Mise tooling and update dependencies' or 'Add Mise setup and upgrade build/security tools'.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @vadimpiven, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request performs a comprehensive update of project dependencies and refines various tooling configurations. It upgrades several Python and Node.js packages to their latest versions, enhances the mise.toml configuration for more structured tool management, and integrates Renovate for automated updates of mise.toml tools. Furthermore, new security auditing tasks for pnpm dependencies and improved file system scanning capabilities have been introduced, alongside general improvements to task aliases and naming conventions for a more efficient development environment.

Highlights

• Dependency Updates: Numerous dependencies across Python and Node.js ecosystems have been updated to their latest versions, including Python 3.14.2, Node.js 24.13.0, pyrefly, ruff, semgrep, zizmor, hono, diff, and undici. This ensures the project leverages the latest features, bug fixes, and security patches.
• Mise Configuration Enhancements: The mise.toml configuration has been refined for better tool management. This includes explicitly defining GitHub-sourced tools with version_prefix and reordering entries for improved readability and consistency.
• Renovate Configuration for Mise: Renovate now includes custom regex managers to automatically detect and update tools specified in mise.toml using GitHub shorthand and version prefixes. This streamlines the process of keeping development tools up-to-date.
• New Audit Tasks and Improved Scanning: New pnpm-audit tasks have been added to mise.toml for security auditing of pnpm dependencies. Additionally, the trivy-fs scanning command has been enhanced with more specific options (--scanners vuln --include-dev-deps) for more thorough security checks.
• Task Management Improvements: Aliases have been introduced for common mise tasks (check as c, fix as f, docker as d, build as b) to improve developer workflow efficiency. Update and upgrade task naming conventions have also been clarified for better understanding.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request updates multiple dependencies across the project and refactors configuration files for mise, renovate, and uv. The changes to mise.toml improve task organization and clarity by renaming update-related tasks and adding aliases for common commands. The new Renovate configuration in .github/renovate.json will help automate dependency updates for tools defined in mise.toml.

However, I have a few concerns:

• The removal of minimumReleaseAge from pnpm-workspace.yaml and exclude-newer from pyproject.toml could lead to adopting unstable dependency releases immediately after they are published.
• The updated trivy scan command in mise.toml appears to disable secret scanning, which could reduce the project's security coverage.

I've added specific comments with suggestions for these points. Also, there's a small typo in the pull request title ('dependances' should be 'dependencies').

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!