chore(deps-dev): bump the npm-minor-patch group with 4 updates

[dependabot]

Bumps the npm-minor-patch group with 4 updates: @types/node, @vitest/coverage-v8, openclaw and vitest.

Updates @types/node from 22.19.20 to 22.19.21

Commits

• See full diff in compare view

Updates @vitest/coverage-v8 from 4.1.8 to 4.1.9

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.9

🐞 Bug Fixes

• Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in vitest-dev/vitest#10546 (a5180)
• browser:
  • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10555 (7fb29)
  • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10497 and vitest-dev/vitest#10556 (fbc62)
• mocker:
  • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in vitest-dev/vitest#10548 (2c955)
• pool:
  • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in vitest-dev/vitest#10543 and vitest-dev/vitest#10564 (934b0)

View changes on GitHub

Commits

• a7a61e7 chore: release v4.1.9 (#10598)
• See full diff in compare view

Updates openclaw from 2026.6.5 to 2026.6.8

Release notes

Sourced from openclaw's releases.

openclaw 2026.6.8

2026.6.8

Highlights

• Richer channel delivery: Telegram and WhatsApp are less brittle: Telegram renders structured text with tables, lists, expandable blockquotes, preserved intentional line breaks, and CLI-backed replies, while WhatsApp now honors configured ACP bindings. (#92679, #93164, #84082, #89421, #92513) Thanks @​obviyus, @​vincentkoc, @​jzakirov, @​spacegeologist, @​TurboTheTurtle, @​mcaxtr, @​myrzka, and @​dmorn.
• More reliable agent runs: account-scoped DM sends, generated media completions, auto-reply message-tool final replies, reset archive fallback reads, restart shutdown aborts, yielded subagent pauses, and session identity prompts all stay on the correct recovery path. (#92788, #91246, #92879, #91357, #92631, #92468) Thanks @​yetval, @​TurboTheTurtle, @​masatohoshino, @​CadanHu, @​vincentkoc, @​ooiuuii, @​openperf, @​zhangguiping-xydt, @​QQSHI13, @​kumaxs, and @​aleps001.
• Safer model routing: new GLM-5.2 and Claude Haiku 4.5 catalog support arrives with normalized provider IDs, managed SecretRef auth, bounded model browsing, and safer OpenAI/Anthropic tool-schema recovery. (#92796, #90116, #92627, #90686, #92247, #92941) Thanks @​arkyu2077, @​liuhao1024, @​lijenhsin, @​rohitjavvadi, @​samson910022, @​maaron34, @​syfvb, and @​samson1357924.
• Useful usage footers: /usage and reply payload hooks now have a native full footer renderer, default template, fixed-decimal formatting, credential-aware limits, better partial-count handling, and warnings for broken templates instead of silent bad output. (#92657, #89835, #89629) Thanks @​Marvinthebored.
• Predictable web search defaults: key-free providers such as Parallel Free, DuckDuckGo, Ollama, and Codex Hosted Search remain explicit opt-ins rather than surprising automatic fallbacks. (#93616) Thanks @​davemorin and @​vincentkoc.
• Calmer UI and mobile sessions: workspace files start collapsed, WebChat backscroll survives streaming, the desktop session picker remains interactive, reset arguments survive dispatch, and iOS reconnects stale foreground Gateways. (#92779, #92622, #92705, #91353, #92552) Thanks @​shakkernerd, @​TurboTheTurtle, @​NianJiuZst, @​zhouhe-xydt, @​Solvely-Colin, @​MaBeitian, @​vincentkoc, @​Chang2020618, and @​DrtyMorty.
• Resilient memory and state: oversized OpenAI embedding batches split before 431s, QMD search stays available in transient mode, SQLite avoids WAL on NFS volumes, and full reindexes preserve rollback/cache recovery. (#92650, #92618, #92639, #91247, #92881) Thanks @​mushuiyu886, @​BrettHamlin, @​zhbcher, @​TurboTheTurtle, @​Takhoffman, @​849261680, @​TSHOGX, @​vincentkoc, and @​AFabyTWE.

Changes

• Providers/models: add GLM-5.2 support and Claude Haiku 4.5 catalog entries while keeping provider-qualified model IDs normalized across OpenRouter and Google Vertex paths. (#92796, #90116, #92627, #91218) Thanks @​arkyu2077, @​liuhao1024, @​bymle, @​maaron34, @​lijenhsin, @​davemorin, and @​vincentkoc.
• Web search: keep key-free providers such as Parallel Free, DuckDuckGo, Ollama, and Codex Hosted Search as explicit opt-ins instead of selecting them automatically when no API-backed provider is configured. (#93616) Thanks @​davemorin and @​vincentkoc.
• Channel plugins: ship Telegram rich-message delivery and WhatsApp ACP binding support, including preserved intentional line breaks, rich prompt handoff to CLI backends, and transport fixtures for richer drafts. (#92679, #93164, #92513) Thanks @​obviyus, @​TurboTheTurtle, @​vincentkoc, @​mcaxtr, and @​dmorn.
• Agent commands: support /btw in CLI-backed sessions and keep CLI usage-error exits classified as usage failures instead of successful runs. (#92669, #92162) Thanks @​joshavant, @​Pandah97, @​marcospaulo, @​davemorin, and @​vincentkoc.
• Usage hooks: add built-in full footer rendering, default footer templates, per-turn usage state, credential-aware limits, and fixed-decimal formatting for usage-bar templates. (#92657, #89835, #89629) Thanks @​Marvinthebored.

Fixes

• Channels and delivery: preserve account-scoped DM channel send policy, intentional rich-message line breaks in Telegram and status output, rich Telegram final replies, rich Telegram tables and lists, Telegram thread-create CLI remapping, Feishu dynamic-agent routes after persisted binding reuse, Slack outbound message_sent hooks, contributed message-tool schema optionality, same-channel generated media completions, and channel chunking around surrogate pairs and Infinity limits. (#92788, #93164, #92679, #89421, #89943, #42837, #92814, #91137, #91246, #92735) Thanks @​yetval, @​obviyus, @​spacegeologist, @​rishitamrakar, @​liuhao1024, @​lundog, @​TurboTheTurtle, @​yhterrance, @​vincentkoc, @​myrzka, @​cwlong163-afk, @​kumaxs, @​shakkernerd, and @​RewardsPal.
• Gemini CLI: use the selected OpenClaw OAuth/API-key auth profile in an isolated Gemini CLI runtime home, preventing ambient Google machine credentials from overriding the chosen profile. (#88748) Thanks @​jason-allen-oneal and @​shakkernerd.
• Discord: give generated auto-thread titles a 60-second timeout and 4,096-token reasoning-model output budget, clamped to the selected model output cap. (#64734) Thanks @​hanamizuki.
• Agent, cron, and Gateway runtime: mark active main sessions before restart shutdown aborts, pause yielded subagent runs whose terminal also signals abort, clamp trusted subagent thinking overrides through provider/model fallback, preserve yielded media completions, deliver channel message-tool final replies through auto-reply while hiding internal delivery hints, restore reset archive fallback reads when active async transcripts are missing, de-duplicate main-session heartbeat events, expose session identity in runtime prompts, reject unknown OpenAI agent selectors, keep generated media completions, slash-command block replies, and trajectory export commands in WebChat, and require admin privileges for HTTP session/model override surfaces. (#91357, #92631, #92412, #92146, #92879, #91287, #92468, #92510, #91246, #92651, #92646) Thanks @​ooiuuii, @​openperf, @​IWhatsskill, @​masatohoshino, @​CadanHu, @​ZengWen-DT, @​zhangguiping-xydt, @​TurboTheTurtle, @​oiGaDio, @​aleps001, @​vincentkoc, @​GSL-R, @​QQSHI13, @​ryanhelms, @​kumaxs, @​steipete-oai, @​hxy91819, @​davemorin, and @​nailujac.
• Providers and model replay: preserve storeless OpenAI Responses replay compatibility, recover invalid OpenAI reasoning signatures and genericized Anthropic thinking-signature replay errors, route OAuth image defaults through Codex for eligible OpenAI profiles, avoid eager tool streaming for Claude 4.5 in Copilot, quarantine unreadable and post-hook OpenAI/Anthropic-family tool schemas without broadening allowed tool choices, deliver explicit thinking-off requests to LM Studio binary-thinking models, honor profile auth for SecretRef model entries, bound model browsing, strip provider prefixes where runtimes need bare IDs, and surface nested embedding fetch failures. (#90706, #92941, #92201, #92916, #92824, #75393, #92908, #92921, #92928, #92002, #90686, #92247, #92627, #91218, #92628) Thanks @​snowzlm, @​mmyzwl, @​CarlCapital, @​bek91, @​Kailigithub, @​vincentkoc, @​rohitjavvadi, @​samson910022, @​nxmxbbd, @​liuhao1024, @​bymle, @​mushuiyu886, @​finchinslc, @​syfvb, @​lijenhsin, @​crsnpalmer-art, @​samson1357924, @​shakkernerd, and @​mlaihk.
• Memory, state, diagnostics, and config: split header-too-large embedding batches, keep QMD memory search enabled in transient mode, avoid SQLite WAL on NFS volumes, preserve recovery scheduling outside stuck-session warning backoff, preserve full-reindex rollback/cache recovery, and treat raw Memory Wiki source pages as source evidence. (#92650, #92618, #92639, #91247, #92752, #92881, #59137, #92876) Thanks @​mushuiyu886, @​TurboTheTurtle, @​849261680, @​gnanam1990, @​TSHOGX, @​vincentkoc, @​arlen8411, @​BrettHamlin, @​zhbcher, @​Takhoffman, @​AFabyTWE, @​davemorin, and @​zhuyankarl.
• UI/mobile/TUI: preserve dashboard session parent lineage, WebChat backscroll, reset soft command args, sidebar session picker interactivity, collapsed workspace files, resolved /model confirmation refs, stale foreground iOS Gateway reconnects, and paused setup-parent stdin after inherited-stdio child exit. (#90658, #92622, #91353, #92705, #92779, #92773, #92552, #93159) Thanks @​luoyanglang, @​TurboTheTurtle, @​zhouhe-xydt, @​NianJiuZst, @​shakkernerd, @​NarahariRaghava, @​Solvely-Colin, @​fuller-stack-dev, @​lily-oc, @​MaBeitian, @​vincentkoc, @​obviyus, @​DrtyMorty, and @​Chang2020618.
• Plugins and updates: repair missing required platform packages during managed plugin installs and updates, including omitted Codex platform binaries. Thanks @​vincentkoc.
• Dependencies: update Hono to 4.12.25 so published OpenClaw and ACPX packages use the patched runtime. Thanks @​vincentkoc.
• Updates: avoid a false downgrade prompt when the latest tag cannot resolve. (#92911) Thanks @​Andy312432 and @​vincentkoc.

Complete contribution record

This audited record covers the complete v2026.6.6..v2026.6.8 history: 192 merged PRs. The generation manifest also supplies direct commits as editorial input; the grouped notes above prioritize user impact.

Pull requests

• PR #92144 fix(cron): report SQLite storage path in cron.status instead of legacy jobs.json. Related #91766. Thanks @​liuhao1024 and @​AaronFaby.
• PR #92175 fix(channel): harden local setup trust. Thanks @​hxy91819.
• PR #91528 fix #73837: stop after failed Node package installs. Thanks @​mushuiyu886 and @​ItsMeForLua.
• PR #91561 fix(wizard): report keyless web_search providers as ready, not missing a key. Thanks @​NormallyGaussian.
• PR #92073 fix: handle explicit silent assistant replies. Related #92038. Thanks @​sallyom and @​vultusv.
• PR #91311 Allow Skill Workshop apply through trusted skill symlinks. Thanks @​abnershang.
• PR #88245 refactor(whatsapp): introduce inbound message contexts. Thanks @​mcaxtr.
• PR #92212 refactor: move workspace skill writes to lifecycle. Thanks @​shakkernerd.
• PR #92248 Remove ClawHub owner preflight. Thanks @​Patrick-Erichsen.
• PR #91617 test(sqlite): add state perf query plan harness. Related #91616. Thanks @​galiniliev.

... (truncated)

Commits

• 844f405 docs(changelog): note patched Hono runtime
• 71fbd3e fix(deps): update Hono security pin
• 6a49346 docs(changelog): refresh 2026.6.8 notes
• 94c72ac Keep key-free web search providers opt-in (#93616)
• 6af6e1e fix(ci): require billable Anthropic release key
• 6c375c7 fix(ci): prefer Anthropic OAuth in live validation
• b1e925f fix(ci): support Anthropic OAuth release validation
• cf9dea7 fix(release): satisfy retry delay lint
• 780373f chore(release): prepare 2026.6.8 stable
• 11af11a fix(release): tolerate npm propagation after publish
• Additional commits viewable in compare view

Updates vitest from 4.1.8 to 4.1.9

Release notes

Sourced from vitest's releases.

v4.1.9

🐞 Bug Fixes

• Fix importOriginal with optimizer and query import [backport to v4] - by Hiroshi Ogawa, David Harris, Codexand Vladimir in vitest-dev/vitest#10546 (a5180)
• browser:
  • Wait for orchestrator readiness before resolving browser sessions [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10555 (7fb29)
  • Wait for iframe tester readiness before preparing [backport to v4] - by Vladimir and Séamus O'Connor in vitest-dev/vitest#10497 and vitest-dev/vitest#10556 (fbc62)
• mocker:
  • Hoist vi.mock() for vite-plus/test imports [backport to v4] - by Hiroshi Ogawa, LongYinan, Claude Opus 4.8 and Vladimir in vitest-dev/vitest#10548 (2c955)
• pool:
  • Prevent test run hang on worker crash [backport to v4] - by Ari Perkkiö and Jattioui Ismail in vitest-dev/vitest#10543 and vitest-dev/vitest#10564 (934b0)

View changes on GitHub

Commits

• a7a61e7 chore: release v4.1.9 (#10598)
• 934b0f5 fix(pool): prevent test run hang on worker crash (#10543) [backport to v4] (#...
• 7fb2965 fix(browser): wait for orchestrator readiness before resolving browser sessio...
• a518019 fix: fix importOriginal with optimizer and query import [backport to v4] (#...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!