.cloud.model\\` (new \\`CloudMediaConfig\\` type + zod schema entry, additive).\n - Hide the 3D companion performance controls behind \\`Show advanced\\`.\n - Pair AI Model + Media in a 2-col grid on \\`xl\\`; Appearance flows into the left column.\n\n- **aeca256d36** \\`fix(settings,shell): hide local-ai from provider dropdown; push header below native mac drag strip\\`\n - Filter the AI provider dropdown to only catalog-recognised entries — \\`local-ai\\` was offered but the backend's \\`/api/provider/switch\\` rejected it (it's configured via the dedicated Local Models section).\n - Apply the previously-declared-but-unconsumed \\`--eliza-macos-frame-top-inset\\` as \\`padding-top\\` on the header toolbar wrapper. Without it, the top ~22pt of every nav button sits under the native \\`ElectrobunNativeDragView\\` (window-effects.mm), so only the bottom half of each tab is click-through. Falls back to \\`0.25rem\\` when the frameless class isn't present (web / detached shells).\n\n- **f9420a3b4e** \\`fix(settings): cap Permissions section width (max-w-3xl)\\` _(superseded — see below)_\n\n- **f08629c09f** \\`refactor(settings): pair remaining sections into 2-col grids; drop Permissions width cap\\`\n - Group Local Models + Coding Agents into one \\`xl:grid-cols-2\\` row.\n - Group Capabilities + Permissions into another.\n - Drop the max-w-3xl cap inside PermissionsSection so it fills its grid column naturally.\n\n- **e35a10d706** \\`fix(runtime): cap hot-reload shutdown at 2s so provider switches don't block on PTY teardown\\`\n - \\`runtime.stop()\\` awaits every service.stop() sequentially. PTYService.stop drains active sessions with a per-session timeout (~5s), so any one idle PTY session turns a provider-dropdown click into a multi-second block, during which the server's \\`providerSwitchInProgress\\` flag rejects further clicks with 409 — the \"switch feels stuck / dropdown reverts\" UX.\n - Wrap \\`shutdownRuntime()\\` in the hot-reload \\`onRestart\\` path with a 2 s \\`Promise.race\\`. If the old runtime stops in time, great; otherwise log and bring up the new runtime anyway. Services that miss the window are GC'd as the reference drops.\n\n## Test plan\n\n- [ ] Settings → AI Model: provider dropdown caps at 384 px wide; popover scrolls within ~256 px instead of \\~384 px.\n- [ ] Settings → AI Model: Model picker visible without \"Show advanced\"; selecting a model persists and triggers a restart.\n- [ ] Settings → AI Model: provider dropdown no longer lists \"Local AI\"; switching to any catalog provider succeeds.\n- [ ] Settings → Cloud Dashboard: \"Advanced External Dashboard\" link is gone from the overview row.\n- [ ] Settings → Media: cloud mode shows a per-category Model select for image/video/audio/vision; companion 3D controls only visible with \"Show advanced\" on.\n- [ ] Settings layout: at \\`xl\\` (≥1280px), AI Model + Appearance share a column with Media on the right; Local Models + Coding Agents pair below; Capabilities + Permissions pair below that.\n- [ ] macOS Electrobun shell: top of every header nav tab is now click-through (no longer hits the native drag NSView).\n- [ ] Rapidly click through 3+ providers in the dropdown — no \"stuck\" 5+ second block; restart completes inside ~3 s even with active PTY sessions.\n\n🤖 Generated with [Claude Code](https://claude.com/claude-code)\n\n\n\nGreptile Summary
\n\nThis PR delivers a batch of UI polish across the settings shell: dropdown width capping, a simple-mode primary model picker, per-category cloud media model selectors, 2-col xl grid layouts, local-ai filtered out of the provider dropdown, the macOS drag-strip header fix, and a 2 s `Promise.race` timeout on hot-reload shutdown to eliminate PTY-induced provider-switch stalls.\n\n- **P1 (`eliza.ts`)**: `Promise.race` resolves via the 2 s timer but leaves `shutdownRuntime` still running with no `.catch`. If it subsequently rejects, Node.js surfaces an unhandled rejection (process-crashing in Node ≥ v15 default mode). The fix is to attach `.catch` to the shutdown promise before passing it to the race.\n\nConfidence Score: 4/5
\n\nSafe to merge after fixing the unhandled-rejection bug in the hot-reload shutdown race.\n\nAll seven UI/type changes are low-risk and well-structured; the one P1 is in the runtime hot-reload path where a late-throwing shutdownRuntime could produce an unhandled rejection that crashes the process.\n\npackages/agent/src/runtime/eliza.ts — the Promise.race pattern around shutdownRuntime needs a .catch on the shutdown promise to prevent unhandled rejections.\n\nImportant Files Changed
\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| packages/agent/src/runtime/eliza.ts | Adds a 2 s Promise.race timeout around shutdownRuntime in the hot-reload path — solves the PTY-stall UX — but the dangling shutdownRuntime promise can produce an unhandled rejection if it throws after the timer fires (P1). |\n| packages/app-core/src/components/pages/SettingsView.tsx | Adds simple/advanced complexity toggle with localStorage persistence, 2-col xl grid layouts for paired sections, and section-level visibility gating. activeSection is correctly reset via useEffect when a section becomes invisible. |\n| packages/app-core/src/components/settings/ProviderSwitcher.tsx | Filters out providers with no ONBOARDING_PROVIDER_CATALOG entry (fixing local-ai), constrains dropdown width, adds a simple-mode primary model picker, and hides the 7-dropdown cloud model grid behind showAdvanced. |\n| packages/app-core/src/components/settings/MediaSettingsSection.tsx | Adds per-category cloud model dropdowns (writing to category.cloud.model), replaces SegmentedGroup tabs with icon+underline tab bar, and gates 3D companion controls behind showAdvanced. Contains a redundant activeTab !== \"voice\" guard (P2). |\n| packages/app-core/src/config/zod-schema.core.ts | Additive: introduces CloudMediaConfigSchema (strict, optional object with optional model string) and wires it into ImageConfigSchema, VideoConfigSchema, AudioGenConfigSchema, and VisionConfigSchema. |\n| packages/agent/src/contracts/config.ts | Additive type changes: introduces CloudMediaConfig and adds optional cloud field to all four media config types. Mirrors the zod-schema changes correctly. |\n| packages/app-core/src/components/pages/ElizaCloudDashboard.tsx | Removes the AdvancedDashboard external-link button and unused ELIZA_CLOUD_INSTANCES_URL import; shrinks the balance display to a more compact inline layout. |\n| packages/ui/src/components/shell/Header.tsx | Applies --eliza-macos-frame-top-inset as inline paddingTop on the toolbar wrapper so nav buttons clear the native macOS drag strip; falls back to 0.25rem on other shells. |\n\n\n\n\n\nSequence Diagram
\n\n```mermaid\nsequenceDiagram\n participant UI as ProviderSwitcher (UI)\n participant API as /api/provider/switch\n participant Eliza as startEliza onRestart\n participant RT as shutdownRuntime\n participant Timer as 2s Timer\n\n UI->>API: POST /provider/switch\n API->>Eliza: onRestart()\n Eliza->>RT: shutdownRuntime() [async]\n Eliza->>Timer: setTimeout(2000ms)\n alt shutdown completes < 2s\n RT-->>Eliza: resolved\n Note over Timer: timer still fires later (handle not cleared)\n else shutdown exceeds 2s\n Timer-->>Eliza: resolved (shutdownTimedOut=true)\n Note over RT: still running — if it rejects, UNHANDLED REJECTION\n end\n Eliza->>Eliza: loadElizaConfig() + start new runtime\n Eliza-->>API: new runtime ready\n API-->>UI: 200 OK\n```\n\n\nComments Outside Diff (2)
\n\n1. `packages/agent/src/runtime/eliza.ts`, line 3895-3916 ([link](https://github.com/elizaos/eliza/blob/e35a10d706b6b033fe3d490cb08ee5eba429d4ae/packages/agent/src/runtime/eliza.ts#L3895-L3916)) \n\n ![\"P1\"](\"https://greptile-static-assets.s3.amazonaws.com/badges/p1.svg?v=7\")
**Unhandled rejection when `shutdownRuntime` throws after the 2 s timeout**\n\n `Promise.race` resolves via the timer if shutdown takes longer than 2 s, but the `shutdownRuntime` promise is still running in the background. If it subsequently rejects, that rejection has no `.catch` handler — the outer `try/catch` only guards `Promise.race` itself, not the dangling promise. In Node.js ≥ v15 (with `--unhandled-rejections=throw`) this crashes the process.\n\n Fix: attach a `.catch` to the shutdown promise before passing it to the race so any late rejection is absorbed:\n\n ```\n try {\n const SHUTDOWN_TIMEOUT_MS = 2000;\n let shutdownTimedOut = false;\n const shutdownPromise = shutdownRuntime(runtime, \"hot-reload cleanup\").catch(\n (stopErr) => {\n logger.warn(\n `[eliza] Hot-reload: old runtime stop failed: ${formatError(stopErr)}`,\n );\n },\n );\n await Promise.race([\n shutdownPromise,\n new Promise((resolve) =>\n setTimeout(() => {\n shutdownTimedOut = true;\n resolve();\n }, SHUTDOWN_TIMEOUT_MS),\n ),\n ]);\n if (shutdownTimedOut) {\n logger.warn(\n `[eliza] Hot-reload: old runtime shutdown exceeded ${SHUTDOWN_TIMEOUT_MS}ms; proceeding with new runtime`,\n );\n }\n } catch (stopErr) {\n logger.warn(\n `[eliza] Hot-reload: old runtime stop failed: ${formatError(stopErr)}`,\n );\n }\n ```\n\n\n2. `packages/app-core/src/components/settings/MediaSettingsSection.tsx`, line 782-784 ([link](https://github.com/elizaos/eliza/blob/e35a10d706b6b033fe3d490cb08ee5eba429d4ae/packages/app-core/src/components/settings/MediaSettingsSection.tsx#L782-L784)) \n\n ![\"P2\"](\"https://greptile-static-assets.s3.amazonaws.com/badges/p2.svg?v=7\")
**Redundant `activeTab !== \"voice\"` guard**\n\n This code lives inside the `else` branch of the `activeTab === \"voice\" ? … : …` ternary (outer JSX), so `activeTab` is already guaranteed to be non-`\"voice\"` here. The extra check is a no-op but signals potential confusion about the render tree structure.\n\nGreptile Summary
\n\nThis PR wires up two new Android components — `MiladyRespondViaMessageService` (handles quick-reply SMS when declining calls) and `MiladySmsComposeActivity` (intercepts `SENDTO` intents and deep-links into the app's compose screen) — and updates the build script to copy their Java sources and inject the corresponding manifest entries idempotently.\n\nConfidence Score: 5/5
\n\nSafe to merge; all findings are P2 style/best-practice suggestions that do not block functionality.\n\nThe two new Java files are straightforward and functionally correct. The build-script changes cleanly remove-then-re-inject manifest blocks. The only issues are a deprecated API (getDefault()) that still works and a mismatch between declared MMS schemes and the SMS-only send implementation — both are minor and do not break the primary use-case.\n\nMiladyRespondViaMessageService.java — deprecated SmsManager API and mms/mmsto scheme handling.\n\nImportant Files Changed
\n\n| Filename | Overview |\n|----------|----------|\n| packages/app-core/platforms/android/app/src/main/java/ai/elizaos/app/MiladyRespondViaMessageService.java | New service that handles RESPOND_VIA_MESSAGE intents and sends SMS; uses deprecated SmsManager.getDefault() and declares MMS schemes it doesn't actually service. |\n| packages/app-core/platforms/android/app/src/main/java/ai/elizaos/app/MiladySmsComposeActivity.java | New transparent activity that intercepts SENDTO intents and routes them into the app's deep-link compose flow; logic is straightforward and correct. |\n| packages/app-core/scripts/run-mobile-build.mjs | Build script updated to copy new Java sources, remove stale manifest entries via regex, and inject updated manifest blocks for RESPOND_VIA_MESSAGE service and SENDTO compose activity. |\n\n\n\nSequence Diagram
\n\n```mermaid\nsequenceDiagram\n participant System as Android System\n participant RVMS as MiladyRespondViaMessageService\n participant SMSCompose as MiladySmsComposeActivity\n participant Main as MainActivity\n\n Note over System,RVMS: Decline-call quick reply\n System->>RVMS: startService(RESPOND_VIA_MESSAGE, sms/smsto URI)\n RVMS->>RVMS: parseRecipients(uri)\n RVMS->>System: SmsManager.sendTextMessage(recipient, message)\n RVMS->>RVMS: stopSelf()\n\n Note over System,Main: Compose new SMS (SENDTO intent)\n System->>SMSCompose: startActivity(SENDTO, sms:/smsto: URI)\n SMSCompose->>SMSCompose: extract recipient + body\n SMSCompose->>Main: startActivity(ai.elizaos.app://messages/compose?recipient=...&body=...)\n SMSCompose->>SMSCompose: finish()\n```\n\nReviews (1): Last reviewed commit: [\"Complete Android default role wiring\"](https://github.com/elizaos/eliza/commit/7bb3fbe780075d6b3939c8f3f2329c1ea1c44b29) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=29367742)\n\n> Greptile also left **2 inline comments** on this PR.\n\n",
"repository": "elizaos/eliza",
"createdAt": "2026-04-23T01:44:35Z",
"mergedAt": "2026-04-23T04:03:15Z",
"additions": 222,
"deletions": 0
},
{
"id": "PR_kwDOMT5cIs7Ux4pd",
"title": "chore(deps): bump the npm_and_yarn group across 28 directories with 1 update",
"author": "dependabot",
"number": 7044,
"body": "Bumps the npm_and_yarn group with 1 update in the /apps/app-form directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/a2a/typescript directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/app/capacitor/backend directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/app/electron/backend directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/autonomous/typescript directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/avatar directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/bluesky/typescript directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/browser-extension/chrome directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/chat/typescript directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/cloudflare directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/code directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/convex directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/discord/typescript directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/form/typescript directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/gcp/typescript directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/mcp/typescript directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/moltbook directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/next directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/polymarket/typescript directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/react directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/react-wasm directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/rest-api/elysia directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/rest-api/express directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/rest-api/hono directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/roblox/typescript directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/text-adventure/typescript directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/vercel directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/typescript directory: [uuid](https://github.com/uuidjs/uuid).\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n\n7c1ea08 chore(main): release 14.0.0 (#926)3d2c5b0 Merge commit from forkf2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)529ef08 chore: upgrade TypeScript and fixup types (#927)086fd79 chore: update dependencies (#933)dc4ddb8 feat!: drop node@18 support (#934)0f1f9c9 chore: switch to Biome for parsing and linting (#932)e2879e6 chore: use maintained version of npm-run-all (#930)ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49 docs: remove obsolete v1 option notes (#915)- Additional commits viewable in compare view
\n
\n \n\nMaintainer changes
\nThis version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
\n \n
\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n\n7c1ea08 chore(main): release 14.0.0 (#926)3d2c5b0 Merge commit from forkf2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)529ef08 chore: upgrade TypeScript and fixup types (#927)086fd79 chore: update dependencies (#933)dc4ddb8 feat!: drop node@18 support (#934)0f1f9c9 chore: switch to Biome for parsing and linting (#932)e2879e6 chore: use maintained version of npm-run-all (#930)ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49 docs: remove obsolete v1 option notes (#915)- Additional commits viewable in compare view
\n
\n \n\nMaintainer changes
\nThis version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
\n \n
\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n\n7c1ea08 chore(main): release 14.0.0 (#926)3d2c5b0 Merge commit from forkf2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)529ef08 chore: upgrade TypeScript and fixup types (#927)086fd79 chore: update dependencies (#933)dc4ddb8 feat!: drop node@18 support (#934)0f1f9c9 chore: switch to Biome for parsing and linting (#932)e2879e6 chore: use maintained version of npm-run-all (#930)ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49 docs: remove obsolete v1 option notes (#915)- Additional commits viewable in compare view
\n
\n \n\nMaintainer changes
\nThis version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
\n \n
\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n\n7c1ea08 chore(main): release 14.0.0 (#926)3d2c5b0 Merge commit from forkf2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)529ef08 chore: upgrade TypeScript and fixup types (#927)086fd79 chore: update dependencies (#933)dc4ddb8 feat!: drop node@18 support (#934)0f1f9c9 chore: switch to Biome for parsing and linting (#932)e2879e6 chore: use maintained version of npm-run-all (#930)ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49 docs: remove obsolete v1 option notes (#915)- Additional commits viewable in compare view
\n
\n \n\nMaintainer changes
\nThis version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
\n \n
\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n\n7c1ea08 chore(main): release 14.0.0 (#926)3d2c5b0 Merge commit from forkf2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)529ef08 chore: upgrade TypeScript and fixup types (#927)086fd79 chore: update dependencies (#933)dc4ddb8 feat!: drop node@18 support (#934)0f1f9c9 chore: switch to Biome for parsing and linting (#932)e2879e6 chore: use maintained version of npm-run-all (#930)ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49 docs: remove obsolete v1 option notes (#915)- Additional commits viewable in compare view
\n
\n \n\nMaintainer changes
\nThis version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
\n \n
\n\nUpdates `uuid` from 11.1.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n\n7c1ea08 chore(main): release 14.0.0 (#926)3d2c5b0 Merge commit from forkf2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)529ef08 chore: upgrade TypeScript and fixup types (#927)086fd79 chore: update dependencies (#933)dc4ddb8 feat!: drop node@18 support (#934)0f1f9c9 chore: switch to Biome for parsing and linting (#932)e2879e6 chore: use maintained version of npm-run-all (#930)ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49 docs: remove obsolete v1 option notes (#915)- Additional commits viewable in compare view
\n
\n \n\nMaintainer changes
\nThis version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
\n \n
\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n\n7c1ea08 chore(main): release 14.0.0 (#926)3d2c5b0 Merge commit from forkf2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)529ef08 chore: upgrade TypeScript and fixup types (#927)086fd79 chore: update dependencies (#933)dc4ddb8 feat!: drop node@18 support (#934)0f1f9c9 chore: switch to Biome for parsing and linting (#932)e2879e6 chore: use maintained version of npm-run-all (#930)ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49 docs: remove obsolete v1 option notes (#915)- Additional commits viewable in compare view
\n
\n \n\nMaintainer changes
\nThis version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
\n \n
\n\nUpdates `uuid` from 11.1.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n\n7c1ea08 chore(main): release 14.0.0 (#926)3d2c5b0 Merge commit from forkf2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)529ef08 chore: upgrade TypeScript and fixup types (#927)086fd79 chore: update dependencies (#933)dc4ddb8 feat!: drop node@18 support (#934)0f1f9c9 chore: switch to Biome for parsing and linting (#932)e2879e6 chore: use maintained version of npm-run-all (#930)ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49 docs: remove obsolete v1 option notes (#915)- Additional commits viewable in compare view
\n
\n \n\nMaintainer changes
\nThis version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
\n \n
\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n\n7c1ea08 chore(main): release 14.0.0 (#926)3d2c5b0 Merge commit from forkf2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)529ef08 chore: upgrade TypeScript and fixup types (#927)086fd79 chore: update dependencies (#933)dc4ddb8 feat!: drop node@18 support (#934)0f1f9c9 chore: switch to Biome for parsing and linting (#932)e2879e6 chore: use maintained version of npm-run-all (#930)ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49 docs: remove obsolete v1 option notes (#915)- Additional commits viewable in compare view
\n
\n \n\nMaintainer changes
\nThis version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
\n \n
\n\nUpdates `uuid` from 11.1.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n\n7c1ea08 chore(main): release 14.0.0 (#926)3d2c5b0 Merge commit from forkf2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)529ef08 chore: upgrade TypeScript and fixup types (#927)086fd79 chore: update dependencies (#933)dc4ddb8 feat!: drop node@18 support (#934)0f1f9c9 chore: switch to Biome for parsing and linting (#932)e2879e6 chore: use maintained version of npm-run-all (#930)ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49 docs: remove obsolete v1 option notes (#915)- Additional commits viewable in compare view
\n
\n \n\nMaintainer changes
\nThis version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
\n \n
\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n\n7c1ea08 chore(main): release 14.0.0 (#926)3d2c5b0 Merge commit from forkf2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)529ef08 chore: upgrade TypeScript and fixup types (#927)086fd79 chore: update dependencies (#933)dc4ddb8 feat!: drop node@18 support (#934)0f1f9c9 chore: switch to Biome for parsing and linting (#932)e2879e6 chore: use maintained version of npm-run-all (#930)ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)0423d49 docs: remove obsolete v1 option notes (#915)- Additional commits viewable in compare view
\n
\n \n\nMaintainer changes
\nThis version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.
\n \n
\n\nUpdates `uuid` from 13.0.0 to 14.0.0\n\nRelease notes
\nSourced from uuid's releases.
\n\nv14.0.0
\n14.0.0 (2026-04-19)
\n⚠ BREAKING CHANGES
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) \n- drop node@18 support (#934)
\n
\nFeatures
\n\nBug Fixes
\n\n- expect
crypto to be global everywhere (requires node@20+) (#935) (f2c235f) \n- Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)
\n
\n
\n \n\nChangelog
\nSourced from uuid's changelog.
\n\n14.0.0 (2026-04-19)
\nSecurity
\n\n- Fixes GHSA-w5hq-g745-h8pq:
v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length. \n
\n⚠ BREAKING CHANGES
\n\ncrypto is now expected to be globally defined (requires node@20+) (#935)- drop node@18 support (#934)
\n- upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years
\n
\n
\n \n\nCommits
\n \n\nFlowchart
\n\n```mermaid\n%%{init: {'theme': 'neutral'}}%%\nflowchart TD\n A[dependabot PR] --> B[uuid 13.x / 11.x → 14.0.0\\n28 package.json files]\n A --> C[undici 7.24.4 → 7.24.5\\nopenzeppelin-contracts test fixture]\n B --> D{uuid v14 breaking changes}\n D --> E[Requires Node ≥ 20\\nglobal crypto]\n D --> F[Security fix\\nGHSA-w5hq-g745-h8pq]\n E --> G[✅ Project engines: Node 24.15.0]\n F --> G\n C --> H[✅ Dev-only test dep, no runtime impact]\n```\n\nReviews (1): Last reviewed commit: [\"chore(deps): bump the npm\\_and\\_yarn group...\"](https://github.com/elizaos/eliza/commit/51c86a7bf41518382b6dcefb653d1e2aad5126ac) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=29347030)\n\n",
"repository": "elizaos/eliza",
"createdAt": "2026-04-22T22:08:10Z",
"mergedAt": "2026-04-23T01:52:59Z",
"additions": 33,
"deletions": 33
},
{
"id": "PR_kwDOMT5cIs7U2FAk",
"title": "fix(deps): update dependency psutil to v7 - autoclosed",
"author": "renovate",
"number": 7060,
"body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [psutil](https://redirect.github.com/giampaolo/psutil) | `~=5.9.6` → `~=7.2.2` |  |  |\n\n---\n\n> [!WARNING]\n> Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/79) for more information.\n\n---\n\n### Release Notes\n\n\ngiampaolo/psutil (psutil)
\n\n### [`v7.2.2`](https://redirect.github.com/giampaolo/psutil/blob/HEAD/HISTORY.rst#722)\n\n[Compare Source](https://redirect.github.com/giampaolo/psutil/compare/release-7.2.1...release-7.2.2)\n\n\\=====\n\n2026-01-28\n\n**Enhancements**\n\n- 2705\\_: \\[Linux]: `Process.wait()`\\_ now uses `pidfd_open()` + `poll()` for\n waiting, resulting in no busy loop and faster response times. Requires\n Linux >= 5.3 and Python >= 3.9. Falls back to traditional polling if\n unavailable.\n- 2705\\_: \\[macOS], \\[BSD]: `Process.wait()`\\_ now uses `kqueue()` for waiting,\n resulting in no busy loop and faster response times.\n\n**Bug fixes**\n\n- 2701\\_, \\[macOS]: fix compilation error on macOS < 10.7. (patch by Sergey\n Fedorov)\n- 2707\\_, \\[macOS]: fix potential memory leaks in error paths of\n `Process.memory_full_info()` and `Process.threads()`.\n- 2708\\_, \\[macOS]: Process.cmdline()`_ and `Process.environ()`_ may fail with ``OSError: [Errno 0] Undefined error`` (from ``sysctl(KERN_PROCARGS2)``).\n They now raise `AccessDenied\\`\\_ instead.\n\n### [`v7.2.1`](https://redirect.github.com/giampaolo/psutil/blob/HEAD/HISTORY.rst#721)\n\n[Compare Source](https://redirect.github.com/giampaolo/psutil/compare/release-7.2.0...release-7.2.1)\n\n\\=====\n\n2025-12-29\n\n**Bug fixes**\n\n- 2699\\_, \\[FreeBSD], \\[NetBSD]: `heap_info()`\\_ does not detect small allocations\n (<= 1K). In order to fix that, we now flush internal jemalloc cache before\n fetching the metrics.\n\n### [`v7.2.0`](https://redirect.github.com/giampaolo/psutil/blob/HEAD/HISTORY.rst#720)\n\n[Compare Source](https://redirect.github.com/giampaolo/psutil/compare/release-7.1.3...release-7.2.0)\n\n\\=====\n\n2025-12-23\n\n**Enhancements**\n\n- 1275\\_: new `heap_info()`\\_ and `heap_trim()`\\_ functions, providing direct\n access to the platform's native C heap allocator (glibc, mimalloc,\n libmalloc). Useful to create tools to detect memory leaks.\n- 2403\\_, \\[Linux]: publish wheels for Linux musl.\n- 2680\\_: unit tests are no longer installed / part of the distribution. They\n now live under `tests/` instead of `psutil/tests`.\n\n**Bug fixes**\n\n- 2684\\_, \\[FreeBSD], \\[critical]: compilation fails on FreeBSD 14 due to missing\n include.\n- 2691\\_, \\[Windows]: fix memory leak in `net_if_stats()`\\_ due to missing\n `Py_CLEAR`.\n\n**Compatibility notes**\n\n- 2680\\_: `import psutil.tests` no longer works (but it was never documented to\n begin with).\n\n### [`v7.1.3`](https://redirect.github.com/giampaolo/psutil/blob/HEAD/HISTORY.rst#713)\n\n[Compare Source](https://redirect.github.com/giampaolo/psutil/compare/release-7.1.2...release-7.1.3)\n\n\\=====\n\n2025-11-02\n\n**Enhancements**\n\n- 2667\\_: enforce `clang-format` on all C and header files. It is now the\n mandatory formatting style for all C sources.\n- 2672\\_, \\[macOS], \\[BSD]: increase the chances to recognize zombie processes and\n raise the appropriate exception (`ZombieProcess`\\_).\n- 2676\\_, 2678\\_: replace unsafe `sprintf` / `snprintf` / `sprintf_s` calls with\n `str_format()`. Replace `strlcat` / `strlcpy` with safe `str_copy` /\n `str_append`. This unifies string handling across platforms and reduces\n unsafe usage of standard string functions, improving robustness.\n\n**Bug fixes**\n\n- 2674\\_, \\[Windows]: `disk_usage()`\\_ could truncate values on 32-bit platforms,\n potentially reporting incorrect total/free/used space for drives larger than\n 4GB.\n- 2675\\_, \\[macOS]: `Process.status()`\\_ incorrectly returns \"running\" for 99%\n of the processes.\n- 2677\\_, \\[Windows]: fix MAC address string construction in `net_if_addrs()`\\_.\n Previously, the MAC address buffer was incorrectly updated using a fixed\n increment and `sprintf_s`, which could overflow or misformat the\n string if the MAC length or formatting changed. Also, the final '\\n' was\n inserted unnecessarily.\n- 2679\\_, \\[OpenBSD], \\[NetBSD], \\[critical]: can't build due to C syntax error.\n\n### [`v7.1.2`](https://redirect.github.com/giampaolo/psutil/blob/HEAD/HISTORY.rst#712)\n\n[Compare Source](https://redirect.github.com/giampaolo/psutil/compare/release-7.1.1...release-7.1.2)\n\n\\=====\n\n2025-10-25\n\n**Enhancements**\n\n- 2657\\_: stop publishing prebuilt Linux and Windows wheels for 32-bit Python.\n 32-bit CPython is still supported, but psutil must now be built from source.\n 2565\\_: produce wheels for free-thread cPython 3.13 and 3.14 (patch by\n Lysandros Nikolaou)\n\n**Bug fixes**\n\n- 2650\\_, \\[macOS]: `Process.cmdline()`\\_ and `Process.environ()`\\_ may incorrectly\n raise `NoSuchProcess`\\_ instead of `ZombieProcess`\\_.\n- 2658\\_, \\[macOS]: double `free()` in `Process.environ()`\\_ when it fails\n internally. This posed a risk of segfault.\n- 2662\\_, \\[macOS]: massive C code cleanup to guard against possible segfaults\n which were (not so) sporadically spotted on CI.\n\n**Compatibility notes**\n\n- 2657\\_: stop publishing prebuilt Linux and Windows wheels for 32-bit Python.\n\n### [`v7.1.1`](https://redirect.github.com/giampaolo/psutil/blob/HEAD/HISTORY.rst#711)\n\n[Compare Source](https://redirect.github.com/giampaolo/psutil/compare/release-7.1.0...release-7.1.1)\n\n\\=====\n\n2025-10-19\n\n**Enhancements**\n\n- 2645\\_, \\[SunOS]: dropped support for SunOS 10.\n- 2646\\_, \\[SunOS]: add CI test runner for SunOS.\n\n**Bug fixes**\n\n- 2641\\_, \\[SunOS]: cannot compile psutil from sources due to missing C include.\n- 2357\\_, \\[SunOS]: `Process.cmdline()`\\_ does not handle spaces properly. (patch\n by Ben Raz)\n\n**Compatibility notes**\n\n- 2645\\_: SunOS 10 is no longer supported.\n\n### [`v7.1.0`](https://redirect.github.com/giampaolo/psutil/blob/HEAD/HISTORY.rst#710)\n\n[Compare Source](https://redirect.github.com/giampaolo/psutil/compare/release-7.0.0...release-7.1.0)\n\n\\=====\n\n2025-09-17\n\n**Enhancements**\n\n- 2581\\_, \\[Windows]: publish ARM64 wheels. (patch by Matthieu Darbois)\n- 2571\\_, \\[FreeBSD]: Dropped support for FreeBSD 8 and earlier. FreeBSD 8 was\n maintained from 2009 to 2013.\n- 2575\\_: introduced `dprint` CLI tool to format .yml and .md files.\n\n**Bug fixes**\n\n- 2473\\_, \\[macOS]: Fix build issue on macOS 11 and lower.\n- 2494\\_, \\[Windows]: All APIs dealing with paths, such as\n `Process.memory_maps()`*, `Process.exe()`* and `Process.open_files()`\\_ does\n not properly handle UNC paths. Paths such as `\\\\??\\\\C:\\\\Windows\\\\Temp` and\n `'\\\\Device\\\\HarddiskVolume1\\\\Windows\\\\Temp'` are now converted to\n `C:\\\\Windows\\\\Temp`. (patch by Ben Peddell)\n- 2506\\_, \\[Windows]: Windows service APIs had issues with unicode services using\n special characters in their name.\n- 2514\\_, \\[Linux]: `Process.cwd()`\\_ sometimes fail with `FileNotFoundError` due\n to a race condition.\n- 2526\\_, \\[Linux]: `Process.create_time()`*, which is used to univocally\n identify a process over time, is subject to system clock updates, and as such\n can lead to `Process.is_running()`* returning a wrong result. A monotonic\n creation time is now used instead. (patch by Jonathan Kohler)\n- 2528\\_, \\[Linux]: `Process.children()`\\_ may raise `PermissionError`. It will\n now raise `AccessDenied`\\_ instead.\n- 2540\\_, \\[macOS]: `boot_time()`\\_ is off by 45 seconds (C precision issue).\n- 2541\\_, 2570\\_, 2578\\_ \\[Linux], \\[macOS], \\[NetBSD]: `Process.create_time()`\\_ does\n not reflect system clock updates.\n- 2542\\_: if system clock is updated `Process.children()`\\_ and\n `Process.parent()`\\_ may not be able to return the right information.\n- 2545\\_: \\[Illumos]: Fix handling of MIB2\\_UDP\\_ENTRY in `net_connections()`\\_.\n- 2552\\_, \\[Windows]: `boot_time()`\\_ didn't take into account the time spent\n during suspend / hibernation.\n- 2560\\_, \\[Linux]: `Process.memory_maps()`\\_ may crash with `IndexError` on\n RISCV64 due to a malformed `/proc/{PID}/smaps` file. (patch by Julien\n Stephan)\n- 2586\\_, \\[macOS], \\[CRITICAL]: fixed different places in C code which can\n trigger a segfault.\n- 2604\\_, \\[Linux]: `virtual_memory()`\\_ \"used\" memory does not match recent\n versions of `free` CLI utility. (patch by Isaac K. Ko)\n- 2605\\_, \\[Linux]: `psutil.sensors_battery()` reports a negative amount for\n seconds left.\n- 2607\\_, \\[Windows]: `WindowsService.description()` method may fail with\n `ERROR_NOT_FOUND`. Now it returns an empty string instead.\n- 2610:, \\[macOS], \\[CRITICAL]: fix `cpu_freq()`\\_ segfault on ARM architectures.\n\n**Compatibility notes**\n\n- 2571\\_: dropped support for FreeBSD 8 and earlier.\n\n### [`v7.0.0`](https://redirect.github.com/giampaolo/psutil/blob/HEAD/HISTORY.rst#700)\n\n[Compare Source](https://redirect.github.com/giampaolo/psutil/compare/release-6.1.1...release-7.0.0)\n\n\\=====\n\n2025-02-13\n\n**Enhancements**\n\n- 669\\_, \\[Windows]: `net_if_addrs()`\\_ also returns the `broadcast` address\n instead of `None`.\n- 2480\\_: Python 2.7 is no longer supported. Latest version supporting Python\n 2.7 is psutil 6.1.X. Install it with: `pip2 install psutil==6.1.*`.\n- 2490\\_: removed long deprecated `Process.memory_info_ex()` method. It was\n deprecated in psutil 4.0.0, released 8 years ago. Substitute is\n `Process.memory_full_info()`.\n\n**Bug fixes**\n\n- 2496\\_, \\[Linux]: Avoid segfault (a cPython bug) on `Process.memory_maps()`\n for processes that use hundreds of GBs of memory.\n- 2502\\_, \\[macOS]: `virtual_memory()`\\_ now relies on `host_statistics64`\n instead of `host_statistics`. This is the same approach used by `vm_stat`\n CLI tool, and should grant more accurate results.\n\n**Compatibility notes**\n\n- 2480\\_: Python 2.7 is no longer supported.\n- 2490\\_: removed long deprecated `Process.memory_info_ex()` method.\n\n### [`v6.1.1`](https://redirect.github.com/giampaolo/psutil/blob/HEAD/HISTORY.rst#611)\n\n[Compare Source](https://redirect.github.com/giampaolo/psutil/compare/release-6.1.0...release-6.1.1)\n\n\\=====\n\n2024-12-19\n\n**Enhancements**\n\n- 2471\\_: use Vulture CLI tool to detect dead code.\n\n**Bug fixes**\n\n- 2418\\_, \\[Linux]: fix race condition in case /proc/PID/stat does not exist, but\n /proc/PID does, resulting in FileNotFoundError.\n- 2470\\_, \\[Linux]: `users()`\\_ may return \"localhost\" instead of the actual IP\n address of the user logged in.\n\n### [`v6.1.0`](https://redirect.github.com/giampaolo/psutil/blob/HEAD/HISTORY.rst#610)\n\n[Compare Source](https://redirect.github.com/giampaolo/psutil/compare/release-6.0.0...release-6.1.0)\n\n\\=====\n\n2024-10-17\n\n**Enhancements**\n\n- 2366\\_, \\[Windows]: drastically speedup `process_iter()`*. We now determine\n process unique identity by using process \"fast\" create time method. This\n will considerably speedup those apps which use `process_iter()`* only once,\n e.g. to look for a process with a certain name.\n- 2446\\_: use pytest instead of unittest.\n- 2448\\_: add `make install-sysdeps` target to install the necessary system\n dependencies (python-dev, gcc, etc.) on all supported UNIX flavors.\n- 2449\\_: add `make install-pydeps-test` and `make install-pydeps-dev`\n targets. They can be used to install dependencies meant for running tests and\n for local development. They can also be installed via `pip install .[test]`\n and `pip install .[dev]`.\n- 2456\\_: allow to run tests via `python3 -m psutil.tests` even if `pytest`\n module is not installed. This is useful for production environments that\n don't have pytest installed, but still want to be able to test psutil\n installation.\n\n**Bug fixes**\n\n- 2427\\_: psutil (segfault) on import in the free-threaded (no GIL) version of\n Python 3.13. (patch by Sam Gross)\n- 2455\\_, \\[Linux]: `IndexError` may occur when reading /proc/pid/stat and\n field 40 (blkio\\_ticks) is missing.\n- 2457\\_, \\[AIX]: significantly improve the speed of `Process.open_files()`\\_ for\n some edge cases.\n- 2460\\_, \\[OpenBSD]: `Process.num_fds()`\\_ and `Process.open_files()`\\_ may fail\n with `NoSuchProcess`\\_ for PID 0. Instead, we now return \"null\" values (0 and\n \\[] respectively).\n\n### [`v6.0.0`](https://redirect.github.com/giampaolo/psutil/blob/HEAD/HISTORY.rst#600)\n\n[Compare Source](https://redirect.github.com/giampaolo/psutil/compare/release-5.9.8...release-6.0.0)\n\n\\======\n\n2024-06-18\n\n**Enhancements**\n\n- 2109\\_: `maxfile` and `maxpath` fields were removed from the namedtuple\n returned by `disk_partitions()`\\_. Reason: on network filesystems (NFS) this\n can potentially take a very long time to complete.\n- 2366\\_, \\[Windows]: log debug message when using slower process APIs.\n- 2375\\_, \\[macOS]: provide arm64 wheels. (patch by Matthieu Darbois)\n- 2396\\_: `process_iter()`\\_ no longer pre-emptively checks whether PIDs have\n been reused. This makes `process_iter()`\\_ around 20x times faster.\n- 2396\\_: a new `psutil.process_iter.cache_clear()` API can be used the clear\n `process_iter()`\\_ internal cache.\n- 2401\\_, Support building with free-threaded CPython 3.13. (patch by Sam Gross)\n- 2407\\_: `Process.connections()`\\_ was renamed to `Process.net_connections()`\\_.\n The old name is still available, but it's deprecated (triggers a\n `DeprecationWarning`) and will be removed in the future.\n- 2425\\_: \\[Linux]: provide aarch64 wheels. (patch by Matthieu Darbois / Ben Raz)\n\n**Bug fixes**\n\n- 2250\\_, \\[NetBSD]: `Process.cmdline()`\\_ sometimes fail with EBUSY. It usually\n happens for long cmdlines with lots of arguments. In this case retry getting\n the cmdline for up to 50 times, and return an empty list as last resort.\n- 2254\\_, \\[Linux]: offline cpus raise NotImplementedError in cpu\\_freq() (patch\n by Shade Gladden)\n- 2272\\_: Add pickle support to psutil Exceptions.\n- 2359\\_, \\[Windows], \\[CRITICAL]: `pid_exists()`\\_ disagrees with `Process`\\_ on\n whether a pid exists when ERROR\\_ACCESS\\_DENIED.\n- 2360\\_, \\[macOS]: can't compile on macOS < 10.13. (patch by Ryan Schmidt)\n- 2362\\_, \\[macOS]: can't compile on macOS 10.11. (patch by Ryan Schmidt)\n- 2365\\_, \\[macOS]: can't compile on macOS < 10.9. (patch by Ryan Schmidt)\n- 2395\\_, \\[OpenBSD]: `pid_exists()`\\_ erroneously return True if the argument is\n a thread ID (TID) instead of a PID (process ID).\n- 2412\\_, \\[macOS]: can't compile on macOS 10.4 PowerPC due to missing `MNT_`\n constants.\n\n**Porting notes**\n\nVersion 6.0.0 introduces some changes which affect backward compatibility:\n\n- 2109\\_: the namedtuple returned by `disk_partitions()`\\_' no longer has\n `maxfile` and `maxpath` fields.\n- 2396\\_: `process_iter()`\\_ no longer pre-emptively checks whether PIDs have\n been reused. If you want to check for PID reusage you are supposed to use\n `Process.is_running()`\\_ against the yielded `Process`\\_ instances. That will\n also automatically remove reused PIDs from `process_iter()`\\_ internal cache.\n- 2407\\_: `Process.connections()`\\_ was renamed to `Process.net_connections()`\\_.\n The old name is still available, but it's deprecated (triggers a\n `DeprecationWarning`) and will be removed in the future.\n\n \n\n---\n\n### Configuration\n\n📅 **Schedule**: (UTC)\n\n- Branch creation\n - At any time (no schedule defined)\n- Automerge\n - At any time (no schedule defined)\n\n🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.\n\n🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.\n\n---\n\n - [ ] If you want to rebase/retry this PR, check this box\n\n---\n\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/elizaOS/eliza).\n\n",
"repository": "elizaos/eliza",
"createdAt": "2026-04-23T04:05:58Z",
"mergedAt": "2026-04-24T06:07:42Z",
"additions": 27,
"deletions": 13
}
],
"codeChanges": {
"additions": 871,
"deletions": 314,
"files": 84,
"commitCount": 205
},
"completedItems": [
{
"title": "chore(deps): bump the cargo group across 3 directories with 2 updates",
"prNumber": 7047,
"type": "other",
"body": "Bumps the cargo group with 2 updates in the /packages/examples/telegram/rust/telegram-agent directory: [rand](https://github.com/rust-random/rand) and [rustls-webpki](https://github.com/rustls/webpki).\nBumps the cargo group with 2 updates i",
"files": [
"packages/examples/telegram/rust/telegram-agent/Cargo.lock",
"packages/examples/text-adventure/rust/game/Cargo.lock",
"packages/examples/twitter-xai/rust/xai-agent/Cargo.lock"
]
},
{
"title": "fix(deps): update dependency uuid to v14 [security]",
"prNumber": 7046,
"type": "bugfix",
"body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [uuid](https://redirect.github.com/uuid",
"files": [
"apps/app-form/package.json",
"packages/typescript/package.json"
]
},
{
"title": "chore(deps): bump the cargo group across 6 directories with 1 update",
"prNumber": 7045,
"type": "other",
"body": "Bumps the cargo group with 1 update in the /packages/examples/autonomous-rust-agent directory: [openssl](https://github.com/rust-openssl/rust-openssl).\nBumps the cargo group with 1 update in the /packages/examples/aws/rust directory: [opens",
"files": [
"packages/examples/autonomous-rust-agent/Cargo.lock",
"packages/examples/aws/rust/Cargo.lock",
"packages/examples/bluesky/rust/bluesky-agent/Cargo.lock",
"packages/examples/polymarket/rust/polymarket-demo/Cargo.lock",
"packages/examples/roblox/rust/Cargo.lock",
"packages/examples/virus/Cargo.lock"
]
},
{
"title": "chore(deps): bump the npm_and_yarn group across 28 directories with 1 update",
"prNumber": 7044,
"type": "other",
"body": "Bumps the npm_and_yarn group with 1 update in the /apps/app-form directory: [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 1 update in the /packages/examples/a2a/typescript directory: [uuid](https://github.com/uui",
"files": [
"apps/app-form/package.json",
"packages/app-core/test/contracts/lib/openzeppelin-contracts/package-lock.json",
"packages/app-core/test/contracts/lib/openzeppelin-contracts/package.json",
"packages/examples/a2a/typescript/package.json",
"packages/examples/app/capacitor/backend/package.json",
"packages/examples/app/electron/backend/package.json",
"packages/examples/autonomous/typescript/package.json",
"packages/examples/avatar/package.json",
"packages/examples/bluesky/typescript/package.json",
"packages/examples/browser-extension/chrome/package.json",
"packages/examples/chat/typescript/package.json",
"packages/examples/cloudflare/package.json",
"packages/examples/code/package.json",
"packages/examples/convex/package.json",
"packages/examples/discord/typescript/package.json",
"packages/examples/form/typescript/package.json",
"packages/examples/gcp/typescript/package.json",
"packages/examples/mcp/typescript/package.json",
"packages/examples/moltbook/package.json",
"packages/examples/next/package.json",
"packages/examples/polymarket/typescript/package.json",
"packages/examples/react-wasm/package.json",
"packages/examples/react/package.json",
"packages/examples/rest-api/elysia/package.json",
"packages/examples/rest-api/express/package.json",
"packages/examples/rest-api/hono/package.json",
"packages/examples/roblox/typescript/package.json",
"packages/examples/text-adventure/typescript/package.json",
"packages/examples/vercel/package.json",
"packages/typescript/package.json"
]
},
{
"title": "chore(deps): update dependency vitest to v4",
"prNumber": 7043,
"type": "tests",
"body": "> ℹ️ **Note**\n> \n> This PR body was truncated due to platform limits.\n\nThis PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-con",
"files": [
"packages/benchmarks/configbench/package.json",
"packages/scenario-runner/package.json",
"plugins/plugin-app-control/typescript/package.json",
"plugins/plugin-calendly/package.json",
"plugins/plugin-computeruse/package.json",
"plugins/plugin-github/package.json"
]
},
{
"title": "chore(deps): update dependency typescript to v6",
"prNumber": 7042,
"type": "other",
"body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [typescript](https://www.typescriptlang",
"files": [
"apps/app-companion/package.json",
"packages/app-core/package.json",
"packages/benchmarks/gauntlet/sdk/typescript/package.json",
"packages/benchmarks/solana/solana-gym-env/docs/trajectory-viewer/package.json",
"packages/elizaos/templates/fullstack-app/apps/app/package.json",
"packages/native-plugins/location/package.json",
"packages/native-plugins/macosalarm/package.json",
"packages/native-plugins/talkmode/package.json",
"packages/templates/fullstack-app/apps/app/package.json",
"packages/ui/package.json",
"plugins/plugin-app-control/package.json",
"plugins/plugin-app-control/typescript/package.json",
"plugins/plugin-bluebubbles/typescript/package.json",
"packages/native-plugins/contacts/package.json",
"packages/native-plugins/messages/package.json",
"packages/native-plugins/phone/package.json",
"packages/native-plugins/system/package.json"
]
},
{
"title": "fix(reflection,providers): reduce prompt bloat blowing long-context cap",
"prNumber": 7013,
"type": "bugfix",
"body": "## Summary\n\nThree targeted cuts against the action-planner + reflection pipeline that were shipping duplicate and oversized context on every chat turn. Verified live on a self-hosted deployment (Claude Max subscription) where messages from ",
"files": [
"packages/typescript/src/features/advanced-capabilities/evaluators/reflection.ts",
"packages/typescript/src/features/trust/evaluators/reflection.ts",
"packages/typescript/src/prompts.ts",
"packages/typescript/src/services/message.ts"
]
},
{
"title": "settings UI polish: dropdown sizing, model picker, layout pairing, header drag-strip fix, hot-reload shutdown timeout",
"prNumber": 7059,
"type": "bugfix",
"body": "## Summary\n\nA batch of focused fixes to the elizaOS app shell + settings UI, all six commits stacked cleanly on top of \\`develop\\`:\n\n- **a3f9fdddc3** \\`feat(settings): constrain provider dropdown, drop Advanced Dashboard button, add simple ",
"files": [
"packages/agent/src/contracts/config.ts",
"packages/agent/src/runtime/eliza.ts",
"packages/app-core/src/components/pages/ElizaCloudDashboard.tsx",
"packages/app-core/src/components/pages/SettingsView.tsx",
"packages/app-core/src/components/settings/MediaSettingsSection.tsx",
"packages/app-core/src/components/settings/ProviderSwitcher.tsx",
"packages/app-core/src/config/zod-schema.core.ts",
"packages/ui/src/components/shell/Header.tsx"
]
},
{
"title": "fix(deps): update dependency gymnasium to v1.3.0",
"prNumber": 7058,
"type": "bugfix",
"body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [gymnasium](https://redirect.github.com",
"files": [
"packages/benchmarks/OSWorld/pyproject.toml",
"packages/benchmarks/OSWorld/requirements.txt",
"packages/benchmarks/OSWorld/setup.py",
"packages/benchmarks/OSWorld/uv.lock"
]
},
{
"title": "fix(deps): update dependency commander to v14",
"prNumber": 7057,
"type": "bugfix",
"body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [commander](https://redirect.github.com",
"files": [
"packages/app-core/package.json",
"packages/elizaos/package.json"
]
},
{
"title": "fix(deps): update dependency com.google.firebase:firebase-common-ktx to v21",
"prNumber": 7056,
"type": "bugfix",
"body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [com.google.firebase:firebase-common-kt",
"files": [
"packages/app-core/platforms/android/app/build.gradle"
]
},
{
"title": "fix(deps): update dependency com.android.tools.build:gradle to v9",
"prNumber": 7055,
"type": "bugfix",
"body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [com.android.tools.build:gradle](https:",
"files": [
"packages/app-core/platforms/android/build.gradle"
]
},
{
"title": "fix(deps): update dependency @xterm/xterm to v6",
"prNumber": 7054,
"type": "bugfix",
"body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [@xterm/xterm](https://redirect.github.",
"files": [
"apps/app-task-coordinator/package.json",
"packages/app-core/package.json"
]
},
{
"title": "fix(deps): update dependency com.google.firebase:firebase-common-ktx to v20.4.3",
"prNumber": 7053,
"type": "bugfix",
"body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [com.google.firebase:firebase-common-kt",
"files": [
"packages/app-core/platforms/android/app/build.gradle"
]
},
{
"title": "Complete Android default role wiring",
"prNumber": 7052,
"type": "other",
"body": "\r\n\r\n# Relates to\r\n\r\n\r\n\r\n