chore(deps): update dependency aube to v1.14.1

[renovate]

This PR contains the following updates:

Package	Update	Change	Pending
aube	minor	v1.9.1 → v1.14.1	v1.15.0

---

Release Notes

endevco/aube (aube)

v1.14.1: : Install module split

Compare Source

A maintenance release with no user-facing behavior changes. The install command's growing commands/install/mod.rs was split into focused submodules to keep the install pipeline easier to navigate. Install behavior, flags, and output are unchanged from v1.14.0.

Changed

• (install) Extracted the fetch/import pipeline (local source import, lockfile fetch wrapper, store-index classification, tarball fetch/import, contextualized-index remapping) into a new commands/install/fetch.rs module (#​704 by @​jdx).
• (install) Split the materializer, native-build critical-path heuristic, and workspace graph/lifecycle/per-project lockfile helpers into dedicated materialize.rs, critical_path.rs, and workspace.rs modules (#​702 by @​jdx).
• (install) Moved post-pipeline helpers — --lockfile-dir importer remapping, human install summary output, .aube cache invalidation/orphan cleanup, and skipped-build warning replay — into lockfile_dir.rs, summary.rs, sweep.rs, and unreviewed_builds.rs (#​698 by @​jdx).

Full Changelog: endevco/aube@v1.14.0...v1.14.1

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @​jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.

v1.14.0: : Bloom-filtered OSV checks and lifecycle-script content sniffing

Compare Source

Two new opt-in supply-chain layers on top of the v1.13 gates: a ~380 KB bloom-filter prefilter that lets plain reinstalls cheaply probe the OSV MAL-* set without pulling the 200 MB mirror, and a regex-based content sniff that flags dangerous shapes in dependency preinstall/install/postinstall scripts before you click through aube approve-builds.

Added

• (install) OSV bloom-filter prefilter for lockfile installs (#​680 by @​jdx) — New advisoryBloomCheck setting (on / required / off, default off) adds a fourth route to the post-resolve OSV decision table. Plain reinstalls probe the resolved transitive graph against a ~380 KB bloom filter fetched from endevco/osv-bloom — regenerated upstream every 10 minutes from OSV's MAL-* archive — and only escalate bloom hits to the live /querybatch API for exact (name, version) confirmation. Bloom FPR is ~0.1%, so a typical 1000-package lockfile triggers zero or one extra live-API round trip per install. When both are configured, the bloom branch wins over the 200 MB all.zip mirror — under 1 MB on the wire, same live-API oracle, same ERR_AUBE_MALICIOUS_PACKAGE on a confirmed hit. Cached under $XDG_CACHE_HOME/aube/osv-bloom/ and short-circuits the download when upstream's set_digest_sha256 is unchanged. New warning WARN_AUBE_OSV_BLOOM_REFRESH_FAILED: under on install continues against the previously cached filter; under required it fails closed with ERR_AUBE_ADVISORY_CHECK_FAILED.

• (install) Content-sniff dependency lifecycle scripts before approve-builds (#​685 by @​jdx) — aube's existing supply-chain gates (OSV MAL-*, downloads floor, bun-compat scanner, BuildPolicy allowlist) are all name-based; none inspects what postinstall actually does, which leaves an OSV-ingest-lag window of 12–48h that the 2024–2026 wave of unobfuscated curl … | sh postinstalls walked right through. New regex matcher fires advisory warnings for known-dangerous shapes in lifecycle script bodies:

  Signal	Catches
  ShellPipe	curl … | sh, wget … | bash, … | node
  EvalDecode	eval(atob(…)), Function(atob(…)), eval(Buffer.from(…))
  CredentialFileRead	~/.ssh, ~/.aws, ~/.npmrc, ~/.config/gh reads
  SecretEnvRead	process.env.*(TOKEN|SECRET|API_KEY|PASSWORD|ACCESS_KEY|PRIVATE_KEY|AUTH)
  ExfilEndpoint	Discord/Telegram webhooks, OAST hosts (oast.pro, interactsh, webhook.site, pipedream.net, ngrok.io, …)
  BareIpHttp	Bare-IP HTTP fetch targets (literal IPv4 hosts over plain HTTP)

  Sniff is advisory — allowBuilds still gates execution — and shows up in three places: end-of-install emits one WARN_AUBE_SUSPICIOUS_LIFECYCLE_SCRIPT per flagged package alongside the existing WARN_AUBE_IGNORED_BUILD_SCRIPTS; aube approve-builds annotates picker rows with ⚠ suspicious: <category> and prints a pre-picker summary of the matched hook+description; aube ignored-builds indents ⚠ <hook> — <description> lines under each name@version. Findings are re-derived per install rather than persisted, so the regex set can evolve without a state-file migration. Works offline, doesn't degrade to advisory in headless CI.

Changed

• Refreshed benchmarks/results.json against v1.13.1 and Bun 1.3.14 (#​687) — public ratios update to warm installs 3× Bun / 6× pnpm, repeat test 6× Bun / 45× pnpm.

Full Changelog: endevco/aube@v1.13.1...v1.14.0

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @​jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.

v1.13.1: : Version-aware transitive MAL-* gate

Compare Source

A targeted fix for the transitive supply-chain gate added in v1.13.0: the post-resolve OSV check is now version-aware, so name-level MAL-* advisories stop blocking installs that resolve to clean versions of the same package.

Fixed

• (install) Version-aware transitive MAL-* check (#​682 by @​jdx) — The post-resolve gate was reusing the pre-resolve name-only OSV query, so any name-level advisory hit every install that transitively pulled in any version of that package. Concretely, aube add cowsay@1.6.0 refused with ERR_AUBE_MALICIOUS_PACKAGE because cowsay's tree includes ansi-regex@3.0.1, and ansi-regex carries the Sep 2025 shai-hulud advisory MAL-2025-46966 against 6.2.1 — a version published years after 3.0.1. The live-API and OSV-mirror lookups now send (name, version) pairs, refusal messages surface name@version (MAL-…), and the local mirror index bumps to format = 2 (storing per-advisory affected versions; v1 indexes rebuild on next refresh, and advisories with no enumerated versions still fail closed). The pre-resolve aube add name-gate keeps its versionless query — typosquats are malicious in every version.

Full Changelog: endevco/aube@v1.13.0...v1.13.1

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @​jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.

v1.13.0: : Supply-chain gates for aube add

Compare Source

Added

• (install) Bun-compatible pluggable security scanner — drop in any securityScanner package that follows the Bun Security Scanner API (oven-sh template, @socketsecurity/bun-security-scanner, etc.) and aube runs it post-resolve against the full graph via a node bridge (#​657)
• (add) Supply-chain gates on aube add: OSV MAL-* advisory hard-block plus a weekly-downloads floor with TTY prompt / --allow-low-downloads bypass. New advisoryCheck and lowDownloadThreshold settings, both folded into paranoid: true (#​656)
• (install) OSV checks now extend to the full resolved graph, routed live-API vs. local OSV mirror based on whether resolution produced fresh (name, version) picks; opt-in advisoryCheckOnInstall covers plain reinstalls, advisoryCheckEveryInstall forces live API every time (#​678)
• (add) Auto-skip supply-chain gates for packages routed through a non-registry.npmjs.org registry, plus a new allowedUnpopularPackages glob allowlist to silence the downloads gate on known-internal names (#​673)

Changed

• (install) No longer rewrites package.json / workspace yaml to seed allowBuilds: { <pkg>: "set this to true or false" } placeholders for unreviewed build scripts (#​662)
• (install perf) Deleted the pre-resolver direct-dep packument prefetch; 12–22% wall-time win across fixture size, bandwidth, and RTT (#​672)
• (add) --allow-build=<pkg> now flips an existing deny instead of erroring, help renders correctly as --allow-build=<PKG>, and the no-op --ignore-scripts is hidden on add / import / update (#​660)

Fixed

• (linker) Windows bin shims for aube add --global … --allow-build=<dep> no longer emit a duplicated install-root path segment when .aube/<dep>/ sits behind a directory junction (#​659)
• (global) aube remove --global on Windows no longer fails with Access is denied (os error 5) on the hash pointer when it's an NTFS directory junction (#​658)

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @​jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.

v1.12.0: : Tidier config, smarter installs from bun.lock

Compare Source

A round of fixes driven by user reports — bun.lock imports now keep peer-only packages, the store layout is reorganized so one cache mount covers everything, and aube config set stops scribbling unknown keys into .npmrc.

Added

• Smarter aube config set / delete routing (#​634 by @​jdx) — Writes only land in .npmrc for the npm-shared surface (per-host auth/cert templates, scoped registries, and a curated allowlist of npm-standard scalars like registry, proxy, fetch-retries, …). Aube-only and pnpm-only keys (autoInstallPeers, dangerouslyAllowAllBuilds, pnpmfilePath, …) plus unknown free-form keys now go to ~/.config/aube/config.toml. Dotted writes for aube map settings — aube config set --local allowBuilds.@​mongodb-js/zstd true, aube config set --local overrides.lodash 4.17.21 — edit a single entry of pnpm-workspace.yaml (or package.json#<pnpm|aube>.<map>) in place. aube config delete sweeps both files so legacy writes from older versions are still cleaned up. New error code ERR_AUBE_CONFIG_NESTED_AUBE_KEY covers invalid nested writes.
• Polished install progress display (#​616 by @​jdx) — The bar is now cyan across every phase (no more "completing twice" as the phase flips green), reserves the final slice so it never reads 100% while the linker is still running, and paints a full 100% from a new done phase on finish() / stop() so the last frame matches the ✓ summary line. The displayed ~XX MB total is now a dynamic blend of the static unpackedSize × 0.20 fallback and a linear extrapolation from observed bytes-per-package — converging to the real total instead of overshooting by ~48%. resolving switched yellow → cyan, the pkgs counter is bold/uncolored mid-install, and WARN_AUBE_SLOW_METADATA drops redundant fields.

Fixed

• Peer-only packages from bun.lock no longer silently dropped (#​639 by @​jdx) — filter_graph's GC walk ran before hoist_auto_installed_peers, so peer-installed deps like @mui/material that weren't directly listed in workspace dependencies: got pruned as unreachable before the hoist could promote them. The pipeline now hoists first, then walks. On the linked repro, aube install goes from 6 packages (with broken @mui/material / @emotion/*) to 44 with everything resolved.
• bun.lock imports now run the peer-context pass (#​619 by @​jdx) — LockfileKind::Bun was missing from the apply_peer_contexts branch, so peer-dependent packages landed at .aube/<pkg>@&#8203;<ver>/ without sibling peer links and walked up to whatever hoisted copy they found. Now they get peer-qualified dep_paths (e.g. @cloudflare+vite-plugin@1.17.1_vite@8.0.10_…) with correct sibling symlinks, matching the npm-lockfile import behavior.
• Stale cached indexes now self-heal at fetch time (#​635 by @​jdx) — Cached package indexes moved from $XDG_CACHE_HOME/aube/index/ into the store at <store>/v1/index/, next to v1/files/. The install fast path swapped load_index for load_index_verified, so an index whose CAS shards have drifted out from under it is dropped at fetch classification and the tarball re-fetched cleanly — instead of the materializer dying mid-link with ERR_AUBE_MISSING_STORE_FILE. Fixes a BuildKit cache-mount footgun where only one of the two cache dirs would be persisted.
• engines.pnpm no longer triggers spurious version warnings (#​633 by @​jdx) — A project pinning engines.pnpm: ">=10.11.1" produced warn: wanted pnpm >=10.11.1, got 1.x on every install (or a hard failure under engine-strict). Aube and pnpm live in different version namespaces, so honoring this field was net-negative. engines.pnpm is now skipped entirely; engines.aube is still honored for projects that want to gate on the running tool, and engines.node is unchanged.
• update -i no longer reports phantom upgrade rows for catalog deps (#​636 by @​jdx) — When a catalog: dep resolved to a newer version while the same name was pulled in transitively at an older one (e.g. jose@6.2.3 direct + jose@5.10.0 via @upstash/qstash), lookup_pkg's name-scan picked the transitive snapshot as "current" and offered a downgrade row the rewrite path then ignored. Lookup now goes through the importer's DirectDep.dep_path. The companion fix extends the --latest prerelease guard to the locked version, so "^1.0.0-rc.1" isn't silently rewritten to whatever the registry's latest dist-tag points at.
• update / add / dedupe / remove / audit preserve cross-platform optionals and time: entries (#​637 by @​jdx) — These commands now route through install's configure_resolver, inheriting the full settings pipeline (supportedArchitectures, resolutionMode, minimumReleaseAge, overrides, …). They opt out of the full-packument disk cache so an immediately-following re-resolve picks up registry dist-tag changes, and the resolver carries forward the prior lockfile's time: entry when a fresh corgi packument lacks publish time for a resolved version — so direct deps don't lose their time: line on update.
• aube add --global --allow-build=<pkg> actually pre-approves builds (#​620 by @​jdx) — The synthetic inner AddArgs was being built with allow_build: Vec::new(), silently dropping the outer flag and erroring with "must be reviewed before install" under strictDepBuilds=true. The flag is now plumbed through run_global / run_global_inner and approvals are written to the throwaway install dir's package.json#aube.allowBuilds before lifecycle scripts run.

Changed

• aube store path now returns the v1/ directory (#​635) — One level above the previous v1/files/ output, so a single Docker BuildKit cache mount or backup captures both the CAS and the new co-located index dir. Scripts consuming aube store path will now mount one level higher (the intended behavior). A lazy in-place migration from the legacy $XDG_CACHE_HOME/aube/index/ location runs on the first store open after upgrade (rename fast path, recursive-copy fallback for cross-FS).

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @​jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.

v1.11.0: : Workspace-root flags, scoped config, and a 2× macOS CAS fast path

Compare Source

Added

• (install) Fill the resolving bar against a real denominator so the progress bar advances during dependency resolution (#​611)
• (outdated, update) Wire -w/--workspace-root to retarget cwd at the workspace root from a sub-package (#​614)
• (config) Scope-split settings precedence and project <cwd>/.config/aube/config.toml support (#​608)
• (deploy) Accept --offline and --prefer-offline, forwarded into the deploy install (#​606)
• (store) Direct-write CAS fast path on macOS under an exclusive install lock (~2× per-file CAS write speedup) (#​615)

Fixed

• (linker) Bin shims now point NODE_PATH at the hidden modules dir, and the isolated linker defaults preferSymlinkedExecutables to shims so extendNodePath actually works (#​613)
• (install/lockfile/outdated/update) Address several bugs reported in #​602: lockfile rewrites when a dep moves between dependencies/devDependencies, outdated -r includes the workspace root, semver-diff color in Wanted/Latest, smarter update -i picker, and updateConfig.ignoreDependencies is loaded from the workspace root (#​610)
• (install) Probe link strategy against the actual destination dir so cross-FS installs with GVS enabled hardlink instead of falling back to per-file copy (#​604)
• (install) Surface the underlying materializer error instead of a generic "channel closed" message (#​607)
• (progress) Clamp reused on a downward set_total rebase so summaries stop reporting reused > resolved (#​609)
• (config) Preserve a symlinked ~/.config/aube/config.toml on write (#​605)
• (registry) Coalesce slow-metadata warnings into a single resolve-end summary instead of one warning per slow packument (#​592)

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @​jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.

v1.10.4: : Streaming tarball retries + 32-bit Linux build fix

Compare Source

Two targeted fixes: cold installs now retry transient registry failures on the streaming tarball path, and aube-store builds cleanly on 32-bit Linux again.

Fixed

• Streaming tarball fetch retries transient failures (#​591 by @​jdx) — start_tarball_stream (the default install hot path for sha512-pinned lockfile entries) used to skip retry entirely to avoid unwinding partial CAS writes mid-stream. That reasoning is sound for mid-stream errors, but it also leaked into pre-response failures: a 503, 429, connection refused, or connection reset before any chunk had flowed would propagate straight back to the caller with no recovery, while the buffered path retried the same failures up to fetchRetries times. The initial send().await now retries on is_retriable_status (5xx + 429, honoring Retry-After) and on transport errors (bounded by TIMEOUT_RETRY_CAP), emitting the existing WARN_AUBE_HTTP_RETRY_TRANSIENT / _TRANSPORT logs. Once headers pass error_for_status and chunks start flowing, behavior is unchanged. Caught on a macOS PGO dry-run where Verdaccio / the throttle-proxy hiccupped and the install bailed without a single retry log line.
• aube-store builds on 32-bit Linux (#​587 by @​jdx) — The posix_fallocate wrapper hard-coded len: i64, which matches libc::off_t on every 64-bit target but breaks armhf, where the default (non-LFS) off_t = i32. The wrapper now takes libc::off_t directly and the single call site casts bytes.len() as libc::off_t, unblocking Launchpad's Ubuntu Resolute armhf build of aube and any downstream armv7-unknown-linux-gnueabihf consumer.

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @​jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.

v1.10.3

Compare Source

[!NOTE]
No user-visible code changes since v1.10.2. Tagged so the release-plz / cargo publish cadence stays unbroken; entries below are CI and benchmark tooling.

Fixed

• (ci) Add native aarch64-unknown-linux-gnu PGO matrix row and bump macOS arm64 PGO to macos-arm64-large to work around the v1.10.1 instrumented-binary segfault (#​582)
• (bench) Install yarn 4 via npm:@​yarnpkg/cli-dist@latest — the yarn npm package only publishes 1.x and 2.x (#​583)
• (bench) Pass --frozen-lockfile to vlt install scenarios so vlt is measured on the same path as every other tool in the matrix (#​581)

Binaries

This release ships without prebuilt archives. Install via cargo install aube, mise use aube, or npm i -g aube.

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @​jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.

v1.10.2

Compare Source

[!NOTE]
No user-visible code changes since v1.10.1. Tagged so the release-plz / cargo publish cadence stays unbroken; entries below are CI and benchmark tooling.

Changed

• (ci) Bump x86_64 Linux PGO release runners to linux-amd64-large (32 GB) to fix OOM during the instrumented link step (#​577)
• (docs) Benchmark matrix switches yarn to berry, adds deno and vlt, refreshes the landing-page chart (#​578)

Binaries

This release has a partial archive set. For a complete set of prebuilts, use a later release — or install via cargo install aube, mise use aube, or npm i -g aube.

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @​jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.

v1.10.1

Compare Source

Added

• (install) Post-install summary flags deprecated and outdated direct deps inline so you see what to upgrade without scrolling back through fetch output (#​575)

Fixed

• (deploy) aube deploy resolves catalog: references and accepts packages without an explicit version field (#​574)
• (install) Pad package counts in the progress UI and drop the ETA placeholder when none is available (#​570)
• (release) npm publish skips already-published versions so re-running the publish workflow is idempotent (#​565)

Changed

• (release) x86_64 Linux GNU/musl and macOS arm64 binaries now ship as PGO-optimized artifacts. Linux x86_64 uses cross for the glibc baseline; macOS arm64 builds natively (#​572)

Performance

• (registry) Swap simd-json for sonic-rs on the packument hot path (#​569)
• (registry) Drop deep clone and fsync from packument cache writes (#​568)

Binaries

This release has a partial archive set. For a complete set of prebuilts, use a later release — or install via cargo install aube, mise use aube, or npm i -g aube.

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @​jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.

v1.10.0: : Recursive runs grow up, install gets a diagnostics microscope

Compare Source

Added

• (cli) Wire the recursive-run flags (--sort/--no-sort, --reverse, --resume-from, --workspace-concurrency, --reporter-hide-prefix) and add a per-package output multiplexer for parallel runs (#​545)
• (diag) End-to-end install instrumentation and the aube diag analyze / aube diag compare subcommands behind a new --diag <summary|trace|live|full> flag (#​547)
• (install) Post-install dependency summary grouped by dependency type (#​559)
• (update) --lockfile-only flag to refresh aube-lock.yaml without touching node_modules (#​560)
• (add) linkWorkspacePackages and saveWorkspaceProtocol settings plus --save-workspace-protocol / --no-save-workspace-protocol flags (#​539)

Fixed

• (workspace) Linker no longer substitutes a workspace sibling for a registry-pinned dep, lockfile drift flags orphan importers, recursive remove skips projects that don't declare the dep, and parent-relative ../** globs in pnpm-workspace.yaml are honored (#​564)
• (workspace) Filtered runs respect --workspace-root and includeWorkspaceRoot: true (#​556)
• (update) Filtered workspace updates merge back into the shared root lockfile under sharedWorkspaceLockfile=true instead of leaving per-package aube-lock.yaml files behind (#​558)
• (update) --interactive renders a multiselect picker, fails fast on non-TTY, and --latest preserves catalog: / catalog:<name> specifiers (#​552)
• (pnpmfile) Hard-fail the install when a defined readPackage hook returns a non-object (#​562)
• (deploy) Keep filtered workspace packages in the index when package.json has no version (#​549)
• (install) Inherit top-level pnpm.allowBuilds approvals into the nested install used for git-dep prepare (#​546)
• (cli) Skip verifyDepsBeforeRun checks when npm_lifecycle_event is set, fixing both the error-mode hard-fail and the install-mode lock deadlock from nested aube run inside lifecycle scripts (#​538)
• (install) Interactive aube approve-builds requires at least one selection and the TTY guard checks both stdin and stderr (#​537)

Changed

• (install) New aube_util::adaptive limiter (slow-start, AIMD, CUSUM-gated shrink) wired at every previously magic-numbered concurrency site, with a separate http1-only reqwest client for tarball downloads (#​548)

💚 Sponsor aube

aube is part of en.dev — an independent developer-tooling studio run by @​jdx, also behind mise. Work on aube is funded entirely by sponsors.

If aube is saving your team install time or CI minutes, please consider sponsoring at en.dev. Individual and company sponsorships are what keep the project fast, free, and independent.

---

Configuration

📅 Schedule: (in timezone America/Chicago)

• Branch creation
  • Only on Friday (* * * * 5)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[greptile-apps]

PR author is in the excluded authors list.