chore: bump github.com/oasdiff/oasdiff from 1.16.0 to 1.18.6 in /tools/cli

[dependabot]

Bumps github.com/oasdiff/oasdiff from 1.16.0 to 1.18.6.

Release notes

Sourced from github.com/oasdiff/oasdiff's releases.

v1.18.6

A small release: the main user-visible change is dropping a redundant field from the machine-readable output, plus Go library additions for working with in-memory specs.

CLI changes

• Removed the redundant source field from JSON and YAML output. Each change carried a top-level source that duplicated the origin already reported in baseSource / revisionSource. Consumers parsing oasdiff breaking / changelog JSON or YAML should read baseSource / revisionSource instead. (#995)

Go package changes

• Added load.NewSpecInfoFromData: build a SpecInfo from OpenAPI bytes already in memory, labeling its source with a name you provide, so source-location reporting uses that name rather than a temp path. (#996)
• Breaking: removed the Source field from formatters.Change. Use BaseSource / RevisionSource. (#995)
• Breaking: removed load.WithIdentity. It was a no-op option; use load.GetOption(opt, false) for the disabled-option case. (#1000)

Full Changelog: oasdiff/oasdiff@v1.18.5...v1.18.6

v1.18.5

This release fixes a crash in breaking-change detection, widens not sub-schema coverage, and adds a flag to fetch missing git revisions automatically.

CLI changes

• No more crash on one-sided sub-schema changes (#998). Comparing two specs where a property drops a single-valued sub-schema on one side (for example an array property that removes its items, or a removed not / if / then / else / contentSchema) previously aborted with a nil pointer panic. oasdiff breaking, changelog, and diff now handle these diffs cleanly.
• not sub-schema is now traversed for property changes (#994). Property changes nested inside a not schema (a removed property, a tightened constraint, a newly required field) are now detected by breaking and changelog instead of being silently skipped. Closes #916.
• New --fetch flag (#993). When a <rev>:<path> source points at a commit that is not in your local clone, --fetch tells oasdiff to fetch it from origin before comparing, instead of failing with a missing-object error. Without the flag oasdiff stays read-only and only prints the git fetch command to run.

Full Changelog: oasdiff/oasdiff@v1.18.4...v1.18.5

v1.18.4

What's changed

• load: actionable hint when a git revision's commit isn't in the local clone (#990). When a <sha>:<path> source references a commit that isn't present locally (a reviewer who hasn't fetched the PR branch, or a shallow clone lacking the base), oasdiff now prints the exact command to run:

  git fetch origin <sha>
  

  instead of a terse git error. oasdiff stays read-only: it never fetches or mutates your repository on its own. A missing path within an existing commit, and a "git not installed" failure, are reported unchanged.

Full Changelog: oasdiff/oasdiff@v1.18.3...v1.18.4

v1.18.3

Breaking changes

This release reorganizes the oasdiff checks categorization to align with the OpenAPI specification's object model.

• The checks json/yaml output renames the location field to area and adds a new kind field. area is the OpenAPI object a rule concerns (schema, parameters, requestBody, responses, paths, headers, security, tags, components); kind is the aspect of the contract that changed (existence, requiredness, mutability, type, constraints, values, structure, lifecycle).
• --tags accepts the new area and kind values; the old body and properties tags are removed.
• Go library: checker.Location and its Location* constants are renamed to checker.Area / Area*, a new checker.Kind / Kind* is added, and BackwardCompatibilityRule.Location becomes .Area plus .Kind.

Why

... (truncated)

Commits

• fe1637a refactor(load): remove the public WithIdentity option (#1000)
• 9910b04 refactor(formatters): drop redundant top-level source field from output (#9...
• b9992a0 feat(load): add NewSpecInfoFromData for in-memory specs with a source name (#...
• c9a3707 bump: oasdiff-action v0.0.57 (#999)
• 8eb3ba9 fix(checker): prevent panic on one-sided sub-schema diffs (#998)
• e0b15d2 docs: lead the README with what oasdiff does for the reader (#997)
• e0ee895 Merge pull request #994 from oasdiff/fix/not-subschema-traversal-916
• da96723 test(checker): move the not traversal tests into check_sub_schema_traversal...
• 23dee21 test(checker): comment describes the behavior under test, not the change history
• 80104c2 test(checker): cover #916 via the public checker; fix file-name convention
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)