chore(deps): bump @sourcegraph/amp-sdk from 0.1.0-20260408083535-gb6b0a7c to 0.1.0-20260420085647-ga5a688e

[dependabot]

Bumps @sourcegraph/amp-sdk from 0.1.0-20260408083535-gb6b0a7c to 0.1.0-20260420085647-ga5a688e.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[github-actions]

Issue Linking Reminder

This PR doesn't appear to have a linked issue. Consider linking to:

• This repo: Closes #123
• ralph-ideas: Closes multivmlabs/ralph-ideas#123

Using Closes, Fixes, or Resolves will auto-close the issue when this PR is merged.

---

If this PR doesn't need an issue, you can ignore this message.

[github-actions]

✔️ Bundle Size Analysis

Metric	Value
Base	2836.86 KB
PR	2836.86 KB
Diff	0 KB (0%)

Bundle breakdown

140K	dist/auth
80K	dist/automation
4.0K	dist/cli.d.ts
4.0K	dist/cli.d.ts.map
24K	dist/cli.js
16K	dist/cli.js.map
740K	dist/commands
28K	dist/config
4.0K	dist/index.d.ts
4.0K	dist/index.d.ts.map
4.0K	dist/index.js
4.0K	dist/index.js.map
916K	dist/integrations
100K	dist/llm
1.3M	dist/loop
188K	dist/mcp
60K	dist/presets
92K	dist/setup
40K	dist/skills
428K	dist/sources
76K	dist/ui
144K	dist/utils
336K	dist/wizard

[greptile-apps]

Greptile Summary

Dependabot bump of the optional @sourcegraph/amp-sdk dependency from 0.1.0-20260408083535-gb6b0a7c to 0.1.0-20260420085647-ga5a688e. The lockfile regeneration also pulled in minor patch bumps of rollup (4.60.1→4.60.2) and postcss (8.5.9→8.5.10) as incidental updates.

Confidence Score: 5/5

Safe to merge — routine optional dependency bump with no code changes.

All changes are confined to package.json and pnpm-lock.yaml. The primary target is an optional dependency, so it cannot introduce a hard breakage. The collateral lockfile updates (rollup, postcss) are patch-level and expected.

No files require special attention.

Important Files Changed

Filename	Overview
package.json	Bumps @sourcegraph/amp-sdk optional dependency from 0.1.0-20260408083535-gb6b0a7c to 0.1.0-20260420085647-ga5a688e.
pnpm-lock.yaml	Lockfile updated to reflect the new @sourcegraph/amp-sdk version; also includes incidental bumps of rollup (4.60.1→4.60.2), all @rollup/rollup-* platform binaries, and postcss (8.5.9→8.5.10) as a result of the lockfile regeneration.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["package.json\n@sourcegraph/amp-sdk\n0.1.0-20260408083535-gb6b0a7c\n→ 0.1.0-20260420085647-ga5a688e"] --> B["pnpm-lock.yaml\namp-sdk snapshot updated"]
    B --> C["rollup 4.60.1 → 4.60.2\n(incidental lockfile update)"]
    B --> D["postcss 8.5.9 → 8.5.10\n(incidental lockfile update)"]

Loading

_{Reviews (1): Last reviewed commit: "chore(deps): bump @sourcegraph/amp-sdk" | Re-trigger Greptile}

[claude]

LGTM — straightforward Dependabot dependency bump with no logic changes.

Extended reasoning...

Overview\nThis PR updates three dependencies in package.json and pnpm-lock.yaml: @sourcegraph/amp-sdk (optional, pre-release patch bump), rollup (4.60.1→4.60.2), and postcss (8.5.9→8.5.10). All changes are purely version strings and integrity hashes in config/lockfile files — no source code is modified.\n\n### Security Risks\nNo security risks. The @sourcegraph/amp-sdk is an optional dependency, and both rollup and postcss are devDependencies used only at build time, not shipped to end users. Patch-level bumps in these packages carry minimal risk.\n\n### Level of Scrutiny\nLow. This is a mechanical Dependabot PR touching only dependency manifests. The changes are consistent and internally coherent (all rollup platform-specific binaries updated together, lockfile matches package.json). No logic, no auth, no crypto.\n\n### Other Factors\nNo bugs found by the hunting system. No prior reviews from me. No outstanding human reviewer comments. This is a safe auto-merge candidate.