Renovate onboarding + v0.12.215 (GPT tool calls #193) + v0.12.216 (security: 0 vulns)#192
Merged
Conversation
📝 WalkthroughWalkthroughThis PR adds GPT plain-text tool-call recognition and tests, updates release metadata and package settings, adjusts an OpenClaw scanner integration test, and adds a minimal Renovate configuration. ChangesGPT Plain-Text Tool-Call Parsing
Release and Dependency Updates
Renovate Configuration
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related issues
Possibly related PRs
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
added 2 commits
June 30, 2026 00:04
GPT 5.4 sometimes emits tool calls as plain JSON / function-call-looking
text in message.content instead of structured tool_calls. Added a fourth
recognizer to extractTextualToolCalls (alongside OpenClaw/Anthropic/Gemini)
covering: whole-content {name,parameters}, {type:function,...}, NAME(parameters={...}),
trailing JSON after prose (only when type:function), and terminal\nCMD\n[/terminal].
Guardrails reject prose examples, incomplete terminal blocks, and non-function
types; terminal cmd is mirrored to command. 14 new tests, full suite 645 passed.
Thanks @0xCheetah1.
…bilities) - Declare undici@^8.5.0 as a direct dependency: src/upstream-proxy.ts lazy-imports it but it was never declared, only resolving via openclaw's dev/peer hoist. Clean installs could fail to load it (proxy feature). Now honest + pinned to the patched version. - Bump openclaw dev/peer dep 2026.5.7 -> 2026.6.10 (in range), clearing openclaw + transitive pi-*/markdown-it/tar/undici advisories. - Pin esbuild ^0.28.1 via overrides (GHSA-g7r4-m6w7-qqqr, dev-server Windows-only). npm audit: 0 vulnerabilities. - Fix security-scanner.test.ts: openclaw 2026.6.10 renamed its scanner chunk skill-scanner-*.js -> scanner-*.js; broaden the filter to match both. All alerts were dev/lockfile-only; the published runtime footprint had no vulnerable deps. Full suite 645 passed, lint + typecheck + build clean.
VickyXAI
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Onboards this repo to the shared org Renovate preset via
extends: github>blockrunai/renovate-config. That preset configures weekly grouped minor/patch updates, auto-merged dev-dependency updates and security PRs, and manual review for majors. This config is inert until the Mend Renovate app is installed on the org, so merging it is safe and has no immediate effect.Summary by CodeRabbit