Skip to content

Bump mustardscript to 0.2.1#3713

Merged
wwwillchen merged 1 commit into
dyad-sh:mainfrom
wwwillchen:msbump
Jun 30, 2026
Merged

Bump mustardscript to 0.2.1#3713
wwwillchen merged 1 commit into
dyad-sh:mainfrom
wwwillchen:msbump

Conversation

@wwwillchen

@wwwillchen wwwillchen commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

Note

Low Risk
Patch-level dependency bump with lockfile-only changes; native bindings may affect local-agent behavior on upgrade but no app logic was modified.

Overview
Updates the mustardscript dependency from ^0.2.0 to ^0.2.1 in package.json and refreshes package-lock.json so the main package and all @mustardscript/binding-* optional native binaries resolve to 0.2.1 (with updated integrity hashes). The lockfile also records libc: glibc on the Linux x64 GNU binding entry.

There are no application or build-script source changesβ€”only dependency version pins.

Reviewed by Cursor Bugbot for commit aad5548. Bugbot is set up for automated code reviews on this repo. Configure here.

Review in cubic

@cursor

cursor Bot commented Jun 30, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_9453839d-31af-4f48-98f0-64ebb66a3681)

@wwwillchen

Copy link
Copy Markdown
Collaborator Author

@BugBot run

@cursor

cursor Bot commented Jun 30, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_fa9efc94-bb61-4d96-8113-d5df97fd7ff0)

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request upgrades the mustardscript dependency from version 0.2.0 to 0.2.1 in both package.json and package-lock.json, including its platform-specific bindings. I have no feedback to provide as these are standard dependency updates.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the mustardscript npm dependency to ^0.2.1 and refreshes the npm lockfile so the resolved mustardscript package and its optional native bindings (@mustardscript/binding-*) are pinned to 0.2.1 with updated integrity hashes (including the new libc: glibc metadata for the Linux x64 GNU binding).

Changes:

  • Bump mustardscript from ^0.2.0 to ^0.2.1 in package.json.
  • Update package-lock.json to resolve mustardscript@0.2.1 and @mustardscript/binding-*@0.2.1.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File Description
package.json Bumps the mustardscript dependency range to ^0.2.1.
package-lock.json Updates the resolved mustardscript and @mustardscript/binding-* artifacts to 0.2.1 (new resolved URLs/integrities; adds libc: glibc on the Linux GNU binding entry).

πŸ’‘ Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedmustardscript@​0.2.0 ⏡ 0.2.177 +1100100 +191 +3100

View full report

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 2 files

Confidence score: 5/5

  • Automated review surfaced no issues in the provided summaries.
  • No files require special attention.

Re-trigger cubic

@dyad-assistant

Copy link
Copy Markdown
Contributor

πŸ” Dyadbot Code Review Summary

Verdict: βœ… YES - Ready to merge
Recommendation: ready

Clean patch-level dependency bump of mustardscript from 0.2.0 to 0.2.1 across package.json and package-lock.json. No application source code changes.

What was checked:

  • Lockfile consistency: package-lock.json is consistent with package.json. All four platform-specific native bindings (darwin-arm64, darwin-x64, linux-x64-gnu, win32-x64-msvc) are updated to 0.2.1 in lockstep. Integrity hashes are all updated and resolve from the official npm registry.
  • New libc: ["glibc"] metadata on Linux binding: This is a positive upstream change that correctly declares the GNU C library requirement. The binding is marked optional: true, so musl-based systems will skip it without failing the install. Dyad's existing platform gating (isSandboxSupportedPlatform()) already handles unsupported platforms gracefully.
  • Version pinning: Caret constraint ^0.2.1 is consistent with the project's existing dependency strategy.
  • No dead changes: Every line in the diff serves the version bump; no extraneous modifications.
  • No user-facing impact: The bump is transparent to end users. Existing E2E test coverage validates the integration path.

βœ… No issues found by persona-based review.


Generated by Dyadbot persona-based code review

@github-actions github-actions Bot added the needs-human:review-issue ai agent flagged an issue that requires human review label Jun 30, 2026
@wwwillchen wwwillchen changed the title Bump mustardscirpt to 0.2.1 Bump mustardscript to 0.2.1 Jun 30, 2026
@wwwillchen wwwillchen merged commit 743d479 into dyad-sh:main Jun 30, 2026
16 of 19 checks passed
@github-actions

Copy link
Copy Markdown
Contributor

🎭 Playwright Test Results

❌ Some tests failed

OS Passed Failed Flaky Skipped
🍎 macOS 534 3 2 170
πŸͺŸ Windows 533 0 1 170

Summary: 1067 passed, 3 failed, 3 flaky, 340 skipped

Failed Tests

🍎 macOS

  • local_agent_basic.spec.ts > local-agent - dump request
    • Error: expect(string).toMatchSnapshot(expected) failed
  • package_manager.spec.ts > build mode - safe npm package installs through the real socket firewall path
    • Error: Command failed: npx --prefer-offline --yes sfw@2.0.4 --help
  • package_manager.spec.ts > build mode - blocked unsafe npm package shows the real socket verdict and preserves app files
    • Error: Command failed: npx --prefer-offline --yes sfw@2.0.4 --help

πŸ“‹ Re-run Failing Tests (macOS)

Copy and paste to re-run all failing spec files locally:

npm run e2e \
  e2e-tests/local_agent_basic.spec.ts \
  e2e-tests/package_manager.spec.ts

⚠️ Flaky Tests

🍎 macOS

  • context_limit_banner.spec.ts > context limit banner shows 'costs extra' for long context (passed after 1 retry)
  • git_collaboration.spec.ts > Git Collaboration > should invite and remove collaborators (passed after 1 retry)

πŸͺŸ Windows

  • chat_input.spec.ts > send button disabled during pending proposal - reject (passed after 1 retry)

πŸ“Š View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

needs-human:review-issue ai agent flagged an issue that requires human review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants