Skip to content

Pin faraday >= 1.10.5 for security fix#675

Merged
iangmaia merged 1 commit intotrunkfrom
pin-faraday-1.10.5
Feb 17, 2026
Merged

Pin faraday >= 1.10.5 for security fix#675
iangmaia merged 1 commit intotrunkfrom
pin-faraday-1.10.5

Conversation

@mokagio
Copy link
Contributor

@mokagio mokagio commented Feb 13, 2026

Summary

  • Pin faraday to >= 1.10.5 to address security vulnerability
  • Faraday 1.10.5 backports the fix from 2.x to the 1.x line

Test plan

  • CI passes with updated dependency

🤖 Generated with Claude Code

Posted by Claude (Opus 4.6) on behalf of @mokagio with approval.

@wpmobilebot
Copy link
Collaborator

wpmobilebot commented Feb 13, 2026
edited
Loading

📲 You can test the changes from this Pull Request in Gravatar Demo by scanning the QR code below to install the corresponding build.
App NameGravatar Demo
Commite1c257d
Direct Downloadgravatar-demo-prototype-build-pr675-e1c257d.apk

AliSoftware
AliSoftware approved these changes Feb 13, 2026
View reviewed changes
Copy link
Contributor

@AliSoftware AliSoftware left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Would be nice to have the agent loop automatically take care of the follow-up needed to address the Danger CI failure itself instead of us doing it manually

@mokagio
Copy link
Contributor Author

mokagio commented Feb 16, 2026

💡 Would be nice to have the agent loop automatically take care of the follow-up needed to address the Danger CI failure itself instead of us doing it manually

I've done it for other PRs in the past days, sounds like a great use case for a skill.

Some repos should already have labels and milestones instructions in their AGENTS.md, but I'm of two minds about this. It's super convenient to have the agent set label(s) and milestone. It's also something that requires a few API calls for it to discover which value to use. On the labels side, this could be address—at least for folks in Apps Infra—by instructing personal agents to use "tooling" (perhaps with a map of repo-label naming) but the milestone requires a lookup because it changes over time. This feels like a waste of tokens if we assume that one or more humans will eventually look at the PR to review and merge and it would be trivial, albeit toiling, for them to set the correct values. But maybe I'm overthinking this...

@iangmaia
Copy link
Contributor

iangmaia commented Feb 17, 2026

one or more humans will eventually look at the PR to review and merge and it would be trivial, albeit toiling, for them to set the correct values.

IMHO it should be on the PR author side (agent or human) to set these labels 🤔 handing the PR to a reviewer with failing checks should be avoided as much as possible.
Though sometimes milestones can relate to other project constraints, release schedules, etc, so it might be beyond what an agent will gather now...

@mokagio @claude @iangmaia
Pin faraday >= 1.10.5 for security fix
e1c257d 
---

Generated with the help of Claude Code, https://code.claude.com

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@iangmaia iangmaia merged commit 75d4406 into trunk Feb 17, 2026
14 checks passed
@iangmaia iangmaia deleted the pin-faraday-1.10.5 branch February 17, 2026 12:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AliSoftware AliSoftware AliSoftware approved these changes

@iangmaia iangmaia Awaiting requested review from iangmaia

@twstokes twstokes Awaiting requested review from twstokes

Assignees

No one assigned

Labels

tooling

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mokagio @wpmobilebot @iangmaia @AliSoftware