fix(deps): update dependency effect (3.21.3 → 3.21.4)

[its-miso]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
effect (source)	3.21.3 → 3.21.4

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

Effect-TS/effect (effect)

v3.21.4

Compare Source

Patch Changes

• #​6267 8222963 Thanks @​fubhy! - Fix Graph traversal and shortest-path algorithms to traverse undirected edges independently of their stored source/target orientation.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

Superseded by a newer automated review for this pull request.

[its-saffron]

AI Automated Review

Full PR review.

Analysis engine: MiniMax-M2.7@https://litellm.jory.dev/v1 (anthropic) — escalated (fast_low_confidence)

Review Summary

PR PR 446: Bump effect from 3.21.3 to 3.21.4 (patch upgrade)

---

Required Check: Breaking API Changes

Status: Verified — No breaking changes.

The upstream effect@3.21.4 release contains only patch-level bug fixes with no API surface modifications. The single change documented in the release notes is:

Fix Graph traversal and shortest-path algorithms to traverse undirected edges independently of their stored source/target orientation.

The upstream compare shows 7 commits between versions, but the additional commits (.github/workflows/release-queue.yml, packages/ai/amazon-bedrock, packages/ai/openai) are changes to downstream packages in the Effect monorepo — not the core effect package that Dispatch consumes. The effect@3.21.4 release body explicitly lists only the graph traversal bug fix as its patch change.

Patch versions (x.y.Z semver) do not introduce breaking changes per the Effect library's semver contract.

---

Required Check: Run Full Test Suite After Upgrade

Status: Not Verifiable from Available Evidence.

The CI check results show:

Check	Status
Validate	completed / success
Docker Build	completed / success

The repository's AGENTS.md specifies that the release cut validation step includes npm run test, but the CI pipeline for this dependency PR shows only "Validate" and "Docker Build" — it is unclear whether "Validate" includes running the full test suite or is limited to lint/typecheck. The CI status API truncated results, so explicit test pass/fail evidence is not present in the corpus.

CI passed at the aggregate level (overall: success), which provides a positive signal, but the specific inclusion of test execution in the "Validate" step is not confirmed from the diff or CI metadata available.

---

Standards Compliance

This PR follows repository conventions:

• Generated by Renovate Bot (standard dependency update automation)
• Only package-lock.json modified (the semver range in package.json would already permit 3.21.x)
• No manual overrides or deviations from standard patterns

---

Linked Issue Fit

No linked issue was present in the PR body.

---

Evidence Provider Findings

No evidence providers were configured.

---

Tool Harness Findings

Tool calls encountered errors fetching external resources:

• gh_api for release tag lookup returned 404 (release may not be tagged in the standard format)
• web_fetch to npm registry was blocked by host allowlist

These failures do not impact the review: the GitHub Releases enrichment successfully captured the effect@3.21.4 release metadata, including the release body confirming patch-only changes.

---

Unknowns / Needs Verification

1. Test suite execution: The "Validate" CI step may subsume test execution, but this cannot be confirmed from the truncated CI metadata. If the repository's CI pipeline runs npm run test as part of "Validate," then the test suite did run and pass. If "Validate" is limited to lint/typecheck only, the full test suite was not executed for this dependency bump. This is a minor verification gap but does not constitute a blocker for a patch-level dependency update with confirmed non-breaking changes.

---

Recommendation

Approve. This is a low-risk patch-level upgrade with confirmed bug-fix-only changes upstream and no API surface modifications. CI passed at the aggregate level. The test suite execution cannot be fully verified from available evidence, but this is not a blocker for a routine dependency patch.