Skip to content

chore(deps): bump pulseengine/rivet from 0.19.0 to 0.23.0#249

Merged
temper-pulseengine[bot] merged 1 commit into
mainfrom
dependabot/github_actions/pulseengine/rivet-0.23.0
Jul 1, 2026
Merged

chore(deps): bump pulseengine/rivet from 0.19.0 to 0.23.0#249
temper-pulseengine[bot] merged 1 commit into
mainfrom
dependabot/github_actions/pulseengine/rivet-0.23.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps pulseengine/rivet from 0.19.0 to 0.23.0.

Release notes

Sourced from pulseengine/rivet's releases.

Rivet v0.23.0

What's Changed

Full Changelog: pulseengine/rivet@v0.22.2...v0.23.0

Rivet v0.22.2

What's Changed

Full Changelog: pulseengine/rivet@v0.22.1...v0.22.2

Rivet v0.22.1

What's Changed

Full Changelog: pulseengine/rivet@v0.22.0...v0.22.1

Rivet v0.22.0

What's Changed

Full Changelog: pulseengine/rivet@v0.21.1...v0.22.0

Rivet v0.21.1

What's Changed

... (truncated)

Changelog

Sourced from pulseengine/rivet's changelog.

[0.23.0] - 2026-07-01

Theme: Traceability evidence — make the requirement → verification → test chain mechanically drift-proof, and make the validator's own signals trustworthy and consistent. Six requirements, each shipped with a regression test proven to fail without the fix. Planned, executed, and gated entirely with rivet's own release: tooling.

Added

  • rivet check verification-evidence (REQ-236, #556) — a named-test-exists oracle. A verification step commonly ties a requirement to a test via fields.steps[].run: "cargo test -p X some_test", but cargo test typo exits 0 with "0 passed", silently keeping the requirement verified. This asserts every named cargo-test filter matches a real test in the scanned Rust sources; a missing test fails the check.
  • rivet trace-results <id> (REQ-238, #547) — the forward req → test-result trace: from a requirement, walk backlinks (through the ASPICE V) to the tests that cover it and their latest pass/fail, with a roll-up verdict. Text or JSON; exits non-zero on a failing covering test. The graphical dashboard view built on this JSON is scoped to v0.24.
  • release: readiness is configurable (REQ-240, #612) — rivet.yaml's release.ready-when: [<status>…] extends the release-ready status set, and release.require: coverage derives readiness from validate V-closure so a V-model/ASPICE project (which verifies via links, not a status flip) can green rivet release status. Purely additive; defaults unchanged.

Changed / Fixed

  • rivet validate and rivet validate --direct now produce identical output (REQ-241, #620). The substantive divergence (self-satisfying links counted as coverage) was the v0.22.2 fix; the last residual difference (an --explain hint naming a different example artifact by iteration order) is now deterministic.
  • The default marker scan reaches member crates in a cargo workspace (REQ-242, #603) — a workspace whose root also has its own tests/ (rivet itself) previously hid member-crate verifies markers from rivet verify / coverage --tests. Shared workspace-aware defaults; the two never disagree.
  • The validator and the commit-trailer parser agree on artifact-id shape (REQ-239, #577) — a digit-bearing prefix like MAD1-101 is now a valid commit ref (was rejected, forcing a rename loop), and rivet validate warns early (commit-ref-shape) when an id can't be used as a trailer reference.
  • A lifecycle-completeness gap for a sw-req now names the ASPICE chain (REQ-237, #350) — instead of a bare missing: unit-verification, …, it points at the required intermediate (add a sw-detail-design that this artifact traces to, verified by a unit-verification), so authoring a direct link isn't the first, rejected, guess.

Deferred

  • REQ-238's graphical dashboard trace view → v0.24 (needs the serve/frontend work + the Playwright E2E gate). The trace mechanism above ships now.

... (truncated)

Commits
  • 77d5895 Merge pull request #646 from pulseengine/release/v0.23.0
  • 0ef17f2 chore(release): v0.23.0 — Traceability evidence (REQ-236..242)
  • aa7aeb5 Merge pull request #645 from pulseengine/feat/req-238-result-trace
  • 6bd945d feat(trace): rivet trace-results — forward req -> test-result trace (REQ-238 ...
  • 57eefd5 Merge pull request #643 from pulseengine/feat/req-236-named-test-check
  • 63cc9fa feat(check): rivet check verification-evidence — named-test-exists oracle (RE...
  • cc2a638 Merge pull request #642 from pulseengine/feat/req-237-aspice-chain-hint
  • 2ca2f3a feat(validate): lifecycle gap names the ASPICE verification chain (REQ-237, #...
  • 49b44e5 Merge pull request #641 from pulseengine/feat/req-240-coverage-cuttability
  • 61e297d feat(release): release status readiness is configurable — ready-when + covera...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pulseengine/rivet](https://github.com/pulseengine/rivet) from 0.19.0 to 0.23.0.
- [Release notes](https://github.com/pulseengine/rivet/releases)
- [Changelog](https://github.com/pulseengine/rivet/blob/main/CHANGELOG.md)
- [Commits](pulseengine/rivet@v0.19.0...v0.23.0)

---
updated-dependencies:
- dependency-name: pulseengine/rivet
  dependency-version: 0.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Dependency updates label Jul 1, 2026
@temper-pulseengine temper-pulseengine Bot enabled auto-merge (squash) July 1, 2026 18:33
@temper-pulseengine temper-pulseengine Bot merged commit a543c06 into main Jul 1, 2026
@temper-pulseengine temper-pulseengine Bot deleted the dependabot/github_actions/pulseengine/rivet-0.23.0 branch July 1, 2026 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency updates

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants