build(deps-dev): bump @earendil-works/pi-coding-agent from 0.75.3 to 0.75.5

[dependabot]

Bumps @earendil-works/pi-coding-agent from 0.75.3 to 0.75.5.

Release notes

Sourced from @​earendil-works/pi-coding-agent's releases.

v0.75.5

New Features

• Cleaner read tool output - Collapsed read tool cards now show only the read line by default, while Ctrl+O still expands the full file content.
• Faster file tools on Windows - Built-in file tools now use async filesystem operations during streaming, and image resizes run off the main TUI thread in a worker.
• More reliable package updates - pi update and git package installs now reconcile pinned git refs and keep package settings intact. See Packages.
• Custom Anthropic-compatible adaptive thinking - Custom provider model configs can opt into adaptive-thinking Claude behavior with compat.forceAdaptiveThinking. See Custom providers and Models.

Added

• Added compat.forceAdaptiveThinking support to custom Anthropic-compatible model configuration docs and validation (#4797 by @​mbazso).
• Added a standard unified patch to edit tool result details for SDK consumers (#4821).

Changed

• Changed collapsed read tool cards to show only the read line until expanded (#4916).
• Replaced the inherited optional koffi dependency for Windows VT input with a tiny vendored native helper, reducing install size while preserving Shift+Tab handling (#4480).
• Changed the root development install documentation to use npm install --ignore-scripts (#4868).

Fixed

• Fixed pi update to reconcile git-pinned packages to their configured ref (#4869).
• Fixed package/resource path handling for Windows and glob/pattern resolution (#4873 by @​mitsuhiko).
• Fixed config pattern matching to resolve patterns from the correct base directory (#4898 by @​haoqixu).
• Fixed theme pickers to list themes by their content name instead of file stem (#4830 by @​Perlence).
• Fixed OpenCode Zen/Go requests to send per-session OpenCode routing headers (#4847).
• Fixed Amazon Bedrock provider loading under strict package managers by inheriting the declared @smithy/node-http-handler dependency from @earendil-works/pi-ai (#4842).
• Fixed inherited Amazon Bedrock Claude requests to send the model output token cap by default, avoiding Bedrock's 4096-token default truncation (#4848).
• Fixed exported session HTML to escape quote characters in attribute values (#4832).
• Fixed GitHub Copilot device-code login to keep opening the verification URL in browser-capable environments while ignoring browser launch failures for headless use (#4788 by @​vegarsti).
• Fixed git package installs to reconcile existing checkouts to the requested ref and update package settings without losing filters (#4870).
• Published a 0.74.2 rescue release that tells Node 20 users to upgrade Node before updating to newer Pi versions (#4876).
• Fixed final bash tool cards to avoid rendering duplicate full-output truncation paths (#4819).
• Fixed bash tool truncation line counts to ignore the trailing newline as an extra output line (#4818).
• Fixed footer home-directory abbreviation to avoid shortening sibling paths that only share the same prefix (#4878).
• Fixed macOS Bun release binaries to resolve the native clipboard sidecar so Ctrl+V image paste can load @mariozechner/clipboard (#4307).
• Fixed coding-agent tools to avoid synchronous filesystem operations during streaming and moved image resizing off the main TUI thread (#4756 by @​mitsuhiko).

v0.75.4

New Features

• Hardened npm install and release path - Pi now ships the CLI with a generated shrinkwrap for transitive dependencies, blocks accidental lockfile changes, verifies dependency pinning and lifecycle-script allowlists in checks, disables lifecycle scripts for self-update and local release installs where supported, and smoke-tests isolated npm and Bun installs before release. See Supply-chain hardening.

Added

• Added interactive update notes after pi update runs, so users can see the installed version's changelog before continuing (#4724 by @​mitsuhiko).
• Exported image resize utilities from the package root for SDK consumers (#4775 by @​xl0).

... (truncated)

Changelog

Sourced from @​earendil-works/pi-coding-agent's changelog.

[0.75.5] - 2026-05-23

New Features

• Cleaner read tool output - Collapsed read tool cards now show only the read line by default, while Ctrl+O still expands the full file content.
• Faster file tools on Windows - Built-in file tools now use async filesystem operations during streaming, and image resizes run off the main TUI thread in a worker.
• More reliable package updates - pi update and git package installs now reconcile pinned git refs and keep package settings intact. See Packages.
• Custom Anthropic-compatible adaptive thinking - Custom provider model configs can opt into adaptive-thinking Claude behavior with compat.forceAdaptiveThinking. See Custom providers and Models.

Added

• Added compat.forceAdaptiveThinking support to custom Anthropic-compatible model configuration docs and validation (#4797 by @​mbazso).
• Added a standard unified patch to edit tool result details for SDK consumers (#4821).

Changed

• Changed collapsed read tool cards to show only the read line until expanded (#4916).
• Replaced the inherited optional koffi dependency for Windows VT input with a tiny vendored native helper, reducing install size while preserving Shift+Tab handling (#4480).
• Changed the root development install documentation to use npm install --ignore-scripts (#4868).

Fixed

• Fixed pi update to reconcile git-pinned packages to their configured ref (#4869).
• Fixed package/resource path handling for Windows and glob/pattern resolution (#4873 by @​mitsuhiko).
• Fixed config pattern matching to resolve patterns from the correct base directory (#4898 by @​haoqixu).
• Fixed theme pickers to list themes by their content name instead of file stem (#4830 by @​Perlence).
• Fixed OpenCode Zen/Go requests to send per-session OpenCode routing headers (#4847).
• Fixed Amazon Bedrock provider loading under strict package managers by inheriting the declared @smithy/node-http-handler dependency from @earendil-works/pi-ai (#4842).
• Fixed inherited Amazon Bedrock Claude requests to send the model output token cap by default, avoiding Bedrock's 4096-token default truncation (#4848).
• Fixed exported session HTML to escape quote characters in attribute values (#4832).
• Fixed GitHub Copilot device-code login to keep opening the verification URL in browser-capable environments while ignoring browser launch failures for headless use (#4788 by @​vegarsti).
• Fixed git package installs to reconcile existing checkouts to the requested ref and update package settings without losing filters (#4870).
• Published a 0.74.2 rescue release that tells Node 20 users to upgrade Node before updating to newer Pi versions (#4876).
• Fixed final bash tool cards to avoid rendering duplicate full-output truncation paths (#4819).
• Fixed bash tool truncation line counts to ignore the trailing newline as an extra output line (#4818).
• Fixed footer home-directory abbreviation to avoid shortening sibling paths that only share the same prefix (#4878).
• Fixed macOS Bun release binaries to resolve the native clipboard sidecar so Ctrl+V image paste can load @mariozechner/clipboard (#4307).
• Fixed coding-agent tools to avoid synchronous filesystem operations during streaming and moved image resizing off the main TUI thread (#4756 by @​mitsuhiko).

[0.75.4] - 2026-05-20

New Features

• Hardened npm install and release path - Pi now ships the CLI with a generated shrinkwrap for transitive dependencies, blocks accidental lockfile changes, verifies dependency pinning and lifecycle-script allowlists in checks, disables lifecycle scripts for self-update and local release installs where supported, and smoke-tests isolated npm and Bun installs before release. See Supply-chain hardening.

Added

• Added interactive update notes after pi update runs, so users can see the installed version's changelog before continuing (#4724 by @​mitsuhiko).
• Exported image resize utilities from the package root for SDK consumers (#4775 by @​xl0).

... (truncated)

Commits

• ea2b70d Release v0.75.5
• b9566fc Audit unreleased changelog entries
• 373bd12 Collapse read output by default
• 8100046 Finish async tool cleanup
• c4f86e3 Merge remote-tracking branch 'origin/main' into pr-4756-squash-cleanup
• 3f89350 fix(coding-agent): ship clipboard sidecar in bun binaries
• ba09f1c Refine async tool control flow
• 2e1f07b fix(coding-agent): avoid invalid footer home abbreviation
• e9146a5 fix(coding-agent): use async operations in tools
• c85dbb1 fix(coding-agent): reconcile pinned git update refs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

^{Need help on this PR? Tag @codesmith with what you need. Autofix is disabled.}

---

Summary by cubic

Upgrade dev dependency @earendil-works/pi-coding-agent from 0.75.3 to 0.75.5 to pick up supply‑chain hardening, cleaner read output, faster Windows file tools, and several bug fixes.

• Dependencies
  • Bump @earendil-works/pi-coding-agent 0.75.3 → 0.75.5.
  • Refresh bun.lock to align @earendil-works/pi-* peers and bump transitive pins like yaml and typebox.

^{Written for commit 9dee993. Summary will update on new commits. Review in cubic}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​earendil-works/​pi-coding-agent@​0.75.3 ⏵ 0.75.5	-5		+1

View full report