deps: update tree-sitter-language-pack requirement from <1.6.3,>=0.6 to >=0.6,<1.11.1

[dependabot]

Updates the requirements on tree-sitter-language-pack to permit the latest version.

Release notes

Sourced from tree-sitter-language-pack's releases.

v1.11.0

tree-sitter-language-pack 1.11.0 — stable release. Tree-sitter grammars + code-intelligence primitives. Promotes 1.11.0-rc.2.

Changelog

Sourced from tree-sitter-language-pack's changelog.

[1.11.0] - 2026-06-27

Stable release promoting 1.11.0-rc.2 (fully published). Version synced across all manifests.

Fixed

• CI resource exhaustion: reduce parser generation concurrency. The "Clone vendors" step was invoking tree-sitter generate with default concurrency of 3, causing each of the 306 grammars to generate in parallel (~1 GB RSS per instance), exhausting the 7 GB RAM limit on GitHub-hosted runners and triggering SIGTERM (exit 143) at ~13 minutes. Reduced defaults to 8 clone concurrency (from 16) and 2 generate concurrency (from 3) to stay within resource budgets. Fixes CI, CLI, Docker, E2E, Swift, Rust, and Validate workflow failures.

[1.11.0-rc.2] - 2026-06-27

[1.10.9] - 2026-06-24

Fixed

• Kotlin/JVM: Tree.walk() (and other handle-returning calls) no longer crash the JVM. Opaque handle types (Tree, Node, TreeCursor) crossed the JNI boundary as String/JSON while the Rust shim returned a raw jlong, so the JVM dereferenced a primitive as an object reference and faulted with EXCEPTION_ACCESS_VIOLATION. Regenerated with alef 0.27.1, the kotlin-android bridge now returns primitive Long handles (required and optional, via a 0L sentinel) and constructs the wrapper directly. Fixes #146.
• Python: exported exception classes are now catchable. get_language("unknown") raised _native.DownloadError, a different class object than the DownloadError exported from the package, so except DownloadError: never caught it. Regenerated with alef 0.27.1, the native variants derive from the native base Error and the package re-exports the native classes (with matching type stubs), so except DownloadError:/except Error: work. Fixes #147.

[1.10.8] - 2026-06-24

Fixed

• wasm32 builds no longer OOM on pathologically large grammars. Compiling the bundled grammars to wasm32 previously included every parser.c, but a few are huge generated sources (e.g. abl at ~130 MB) that need 18-25 GB＋ of clang RAM at any optimization level — a single one OOMs standard ≤16 GB CI runners (serialization via CARGO_BUILD_JOBS=1 cannot help when one file alone exceeds the budget). build.rs now skips any grammar whose parser.c exceeds a size limit on wasm32 (default 40 MB, configurable via TSLP_WASM_MAX_PARSER_BYTES; 0 disables the gate), emitting a cargo:warning per skipped grammar plus a summary. Skipped grammars are absent from STATIC_LANGUAGES (no dangling FFI symbol) and degrade gracefully at runtime. The 40 MB default keeps every common language (including the ~40 MB sql grammar) and excludes only the handful of unbuildable outliers (abl, systemverilog, razor, fsharp, verilog, gnuplot, latex). (crates/ts-pack-core/build.rs)

• Swift publish now creates the release/swift/<version> branch carrying the substituted XCFramework checksum. The alef-generated Swift e2e/test-app pins .package(url: …, branch: "release/swift/<version>") (the non-destructive layout shared with the

... (truncated)

Commits

• 818e343 chore(swift): update Package.swift with checksum for v1.11.0
• db2e94a chore(release): 1.11.0 [ci skip]
• ddf1a8c fix(release): version sync + NuGet PackageId XbergIo.TreeSitterLanguagePack [...
• b9c0eb9 chore(release): 1.11.0-rc.2
• c68c8d6 chore(docs): correct install instructions (ts-pack-cli + homebrew-tap)
• 47d78a8 chore: remove orphaned packages/typescript
• ff39394 chore: regenerate bindings with alef 0.29.3
• 5a75c14 chore: bump pre-commit-hooks to v3.0.0 and rename KREUZBERG_* to XBERG_*
• bc78fda chore: regenerate bindings and sync version to 1.11.0-rc.1
• 50f95d4 chore: rebrand to Xberg — npm scope, Java/Maven coordinates, CI bot
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Roam Agent Review

Verdict: SAFE (risk_level low)

blast-radius 0/100 · ai-likelihood 14/100 · rule violations 0 · critique high-severity 0

Verdict: SAFE. All structural signals clean at the configured thresholds.

Next steps

• No structural concerns at the configured thresholds. Standard review still recommended.

---

_{Powered by roam-code — Apache 2.0, 100% local. Customize thresholds in .roam/rules.yml. Docs.}

[github-actions]

roam-code Analysis

Mode: incremental (changed-only) — base aa263622b8a6d91fd29d5525da3165cfa67c0a1b, 1 changed+dependent files

Health Score: 79/100 FAIR

health: Fair codebase (79/100) — 46 critical, 11 warnings, focus: god_components
pr-risk: Moderate risk (30/100) — review recommended (risk_level medium) (driver: test_coverage_low)

Health Metrics

Metric	Value
Health Score	79/100
Tangle Ratio	0.1%
Propagation Cost	0.0019
Total Issues	67

PR Risk

Metric	Value
Risk Score	30/100

Quality Gate: PASSED

Gate expression: health_score>=50

SARIF Upload

Metric	Value
Category	roam-code-self-analysis/self-analysis/py3.12
Results Uploaded	80

Full analysis output

health

{
  "_meta": {
    "cache_ttl_s": 300,
    "cacheable": true,
    "index_age_s": 3,
    "latency_ms": null,
    "response_tokens": 4273,
    "roam_version": "13.6.1",
    "timestamp": "2026-06-29T10:37:44Z"
  },
  "actionable_count": 11,
  "actionable_cycles": 2,
  "agent_contract": {
    "confidence": null,
    "facts": [
      "Fair codebase (79/100) — 46 critical, 11 warnings, focus: god_components",
      "health score 79",
      "tangle ratio 0.1",
      "0.0019 propagation cost findings",
      "issue count 67"
    ],
    "next_commands": [
      "roam debt",
      "roam trends --days 30"
    ],
    "risks": []
  },
  "algebraic_connectivity": null,
  "algebraic_connectivity_available": false,
  "bottleneck_thresholds": {
    "p70": 622.3,
    "p90": 5445,
    "population": 2033,
    "utility_multiplier": 1.5
  },
  "category_severity": {
    "bottlenecks": {
      "critical": 15,
      "info": 0,
      "warning": 0
    },
    "cycles": {
      "critical": 1,
      "info": 0,
      "warning": 1
    },
    "god_components": {
      "critical": 30,
      "info": 10,
      "warning": 10
    },
    "layer_violations": {
      "critical": 0,
      "info": 0,
      "warning": 0
    }
  },
  "command": "health",
  "cycles_actionable": 2,
  "cycles_total": 15,
  "framework_filtered": 0,
  "health_score": 79,
  "ignored_cycles": 13,
  "imported_coverable_lines": 0,
  "imported_coverage_files": 0,
  "imported_coverage_pct": null,
  "imported_covered_lines": 0,
  "index_status": {
    "dirty_files": 0,
    "fresh": false,
    "head_commit": "66d98a2be112",
    "hint": "index latest commit ca27857ccd46 != HEAD 66d98a2be112 — git-derived metrics (commits, churn, co-change, weather) may be stale. Run `roam index --force`.",
    "indexed_commit": "ca27857ccd46"
  },
  "issue_count": 67,
  "list_counts": {
    "bottlenecks": 15,
    "cycle_break_suggestions": 1,
    "cycles": 15,
    "god_components": 50,
    "layer_violations": 0,
    "next_steps": 2,
    "score_breakdown": 5
  },
  "project": "roam-code",
  "propagation_cost": 0.0019,
  "schema": "roam-envelope-v1",
  "schema_version": "1.1.0",
  "severity": {
    "critical": 46,
    "info": 23,
    "warning": 11
  },
  "summary": {
    "actionable_cycles": 2,
    "algebraic_connectivity": null,
    "algebraic_connectivity_available": false,
    "category_severity": {
      "bottlenecks": {
        "critical": 15,
        "info": 0,
        "warning": 0
      },
      "cycles": {
        "critical": 1,
        "info": 0,
        "warning": 1
      },
      "god_components": {
        "critical": 30,
        "info": 10,
        "warning": 10
      },
      "layer_violations": {
        "critical": 0,
        "info": 0,
        "warning": 0
      }
    },
    "cycles_actionable": 2,
    "cycles_definition": "Cycle counts derived from `roam.graph.cycles.find_cycles(G, min_size=2)` on the symbol graph. `cycles_total` = all SCCs of size >= 2; `cycles_actionable` = SCCs spanning >=2 files AND no test files (same-file and test-only cycles are informational). Run `roam health` for the per-cycle breakdown.",
    "cycles_total": 15,
    "detail_available": true,
    "god_components": 50,
    "god_components_definition": "God components: symbols where `(in_degree + out_degree) > 20` from the `graph_metrics` table, with utility-aware severity bands (standard >50=CRITICAL >30=WARNING; utility >150=CRITICAL >90=WARNING). Run `roam health` for the per-symbol breakdown. Legacy aliases: `god_objects` (fingerprint), `god_classes` (rules).",
    "health_score": 79,
    "health_score_definition": "weighted geometric mean (0-100) of 5 sigmoid health factors: tangle_ratio, god_components, bottlenecks, layer_violations, file_health (+coverage if available).",
    "ignored_cycles": 13,
    "imported_coverage_files": 0,
    "imported_coverage_pct": null,
    "issue_count": 67,
    "partial_success": true,
    "preserved_list_truncations": {},
    "propagation_cost": 0.0019,
    "severity": {
      "critical": 46,
      "info": 23,
      "warning": 11
    },
    "tangle_ratio": 0.1,
    "tangle_ratio_definition": "fraction of symbols inside non-trivial SCCs; higher = more cyclic coupling.",
    "total_cycles": 15,
    "truncated": true,
    "verdict": "Fair codebase (79/100) — 46 critical, 11 warnings, focus: god_components",
    "warnings_out": [
      "health_algebraic_connectivity_warning:RuntimeWarning:algebraic_connectivity compute failed (ModuleNotFoundError): No module named 'numpy'; returning 0.0 sentinel — value is NOT a legitimate disconnected-graph reading"
    ]
  },
  "tangle_ratio": 0.1,
  "total_cycles": 15,
  "utility_count": 39,
  "version": "13.6.1",
  "warnings_out": [
    "health_algebraic_connectivity_warning:RuntimeWarning:algebraic_connectivity compute failed (ModuleNotFoundError): No module named 'numpy'; returning 0.0 sentinel — value is NOT a legitimate disconnected-graph reading"
  ]
}

pr-risk

{
  "_meta": {
    "cache_ttl_s": 60,
    "cacheable": true,
    "index_age_s": 5,
    "latency_ms": null,
    "response_tokens": 790,
    "roam_version": "13.6.1",
    "timestamp": "2026-06-29T10:37:45Z"
  },
  "actor": null,
  "agent_contract": {
    "confidence": null,
    "facts": [
      "Moderate risk (30/100) — review recommended (risk_level medium) (driver: test_coverage_low)",
      "risk score 30",
      "2 risk rank findings",
      "1 changed files",
      "1 lines added"
    ],
    "next_commands": [],
    "risks": [
      "pr-risk: moderate (30/100) on aa263622b8a6d91fd29d5525da3165cfa67c0a1b..HEAD — driver: test_coverage_low"
    ]
  },
  "author": null,
  "blast_radius_pct": 0,
  "bus_factor_risk": 0,
  "change_shape": "mixed",
  "changed_files": 1,
  "closest_historical_pattern": null,
  "closest_similarity": 0,
  "cluster_spread": 0,
  "clusters_touched": 0,
  "command": "pr-risk",
  "coupling_score": 0,
  "dead_code": [],
  "dead_exports": 0,
  "familiarity": {
    "avg_familiarity": 1,
    "files": [],
    "files_assessed": 0
  },
  "findings": [
    {
      "claim": "pr-risk: moderate (30/100) on aa263622b8a6d91fd29d5525da3165cfa67c0a1b..HEAD — driver: test_coverage_low",
      "confidence": "heuristic",
      "evidence": {
        "actor": null,
        "author": null,
        "blast_radius_pct": 0,
        "bus_factor_risk": 0,
        "changed_files_count": 1,
        "commit_range": "aa263622b8a6d91fd29d5525da3165cfa67c0a1b..HEAD",
        "coupling_score": 0,
        "created_at_epoch": 1782729465,
        "diff_id": "59cbc61fe218",
        "familiarity_risk": 0,
        "file_list": [
          "pyproject.toml"
        ],
        "hotspot_score": 0,
        "label": "aa263622b8a6d91fd29d5525da3165cfa67c0a1b..HEAD",
        "lines_added": 1,
        "lines_removed": 1,
        "minor_risk": 0,
        "novelty_score": 0,
        "reductive_change": false,
        "risk_level": "moderate",
        "risk_score": 30,
        "staged": false,
        "test_coverage_pct": 0,
        "top_driver": "test_coverage_low"
      },
      "finding_id_str": "pr-risk:composite-risk-score:59cbc61fe218",
      "kind": "pr-risk:composite-risk-score",
      "severity": "medium",
      "source_detector": "pr-risk",
      "source_version": "1.0.0",
      "subject_id": null,
      "subject_kind": "commit"
    }
  ],
  "hotspot_score": 0,
  "label": "aa263622b8a6d91fd29d5525da3165cfa67c0a1b..HEAD",
  "layer_spread": 0,
  "layers_touched": 0,
  "lines_added": 1,
  "lines_removed": 1,
  "minor_risk": {
    "files": [],
    "files_assessed": 0,
    "minor_files": 0
  },
  "novelty_score": 0,
  "per_file": [
    {
      "blast": 0,
      "churn": 516,
      "is_test": false,
      "lines_added": 1,
      "lines_removed": 1,
      "path": "pyproject.toml",
      "symbols": 0
    }
  ],
  "project": "roam-code",
  "reductive_change": false,
  "reductive_discount_applied": false,
  "risk_level": "moderate",
  "risk_level_canonical": "medium",
  "risk_rank": 2,
  "risk_score": 30,
  "schema": "roam-envelope-v1",
  "schema_version": "1.1.0",
  "suggested_reviewers": [
    {
      "actor": "Cranot",
      "author": "Cranot",
      "lines": 356
    },
    {
      "actor": "dependabot[bot]",
      "author": "dependabot[bot]",
      "lines": 1
    }
  ],
  "summary": {
    "change_shape": "mixed",
    "changed_files": 1,
    "findings_count": 1,
    "lines_added": 1,
    "lines_removed": 1,
    "partial_success": false,
    "risk_level": "moderate",
    "risk_level_canonical": "medium",
    "risk_rank": 2,
    "risk_score": 30,
    "score_classification": "classified",
    "verdict": "Moderate risk (30/100) — review recommended (risk_level medium) (driver: test_coverage_low)"
  },
  "test_coverage_pct": 0,
  "total_clusters": 11827,
  "total_layers": 33,
  "version": "13.6.1",
  "warnings_out": []
}

---

roam-code analysis | Commands: health pr-risk