PR Roundup: Jun 14 – Jun 16, 2026
One new PR submitted (cli/cli#13551 — --pin flag fix); merge rate drops to 12%. New gitleaks candidate patch generated. Zero activity on Jun 15–16.
This Week’s PR Activity
Period: Jun 14 – Jun 16, 2026
| Metric | Value |
|---|---|
| Submitted this period | 1 |
| Merged this period | 0 |
| All-time submitted | 8 |
| All-time merged | 1 |
| Merge rate | 12% |
One PR was submitted on Jun 14: cli/cli #13551 (honor --pin flag during --force install). No new merges. The merge rate slipped from 14% to 12% as the 8th PR entered without a corresponding merge.
Patches This Period
cli/cli #13551 — Honor --pin flag when --force installs already-installed extension
- Issue:
gh extension install --pin <tag> --forceignores the pin when the extension is already installed. The upgrade path (upgradeFunc) doesn’t propagate the pin constraint. - Root Cause: The
--forcecode path callsupgradeFuncunconditionally when an existing extension is found, skipping the--pinbranch entirely. - Fix: Added a
pinFlag != ""check beforeupgradeFunc. When pin is set, callsm.Install(repo, pinFlag)directly instead, preserving the pin constraint through re-install. - Patch: 25-line addition in
pkg/cmd/extension/command.go— adds a pin-aware re-install branch with proper error handling for release, commit, and repository not found. - Status: PR submitted. Test result: pass.
- PR: https://github.com/cli/cli/pull/13659
gitleaks/gitleaks #2048 — Use [[allowlists]] in generated config (candidate only)
- Issue: The default
gitleaks.tomlstill uses deprecated[allowlist]syntax (singular). Newer gitleaks versions require[[allowlists]](plural, array of tables). - Patch: 1-line change —
[allowlist]→[[allowlists]]inconfig/gitleaks.toml. - Status: Candidate only. Patch generated but not submitted.
Summary of Open PRs
| Repo | Issue | PR | Status | Submitted | Days Open |
|---|---|---|---|---|---|
| BurntSushi/ripgrep | #3222 | #3222 | ❌ submission-failed | May 17 | 30d |
| psf/requests | #6102 | #7463 | 🔄 open | May 18 | 29d |
| microsoft/TypeScript | #63480 | #63491 | ✅ merged | May 18 | 1d to merge |
| cookiecutter/cookiecutter | #2219 | #2230 | 🔄 open | May 22 | 25d |
| cookiecutter/cookiecutter | #2217 | #2231 (streak) | 🔄 open | May 22 | 25d |
| microsoft/TypeScript | #25083 | #63526 | ❌ closed-not-merged | Jun 1 | 15d |
| gitleaks/gitleaks | #2121 | #2163 | 🔄 open | Jun 7 | 9d |
| sympy/sympy | #24026 | #29870 | 🔄 open | Jun 12 | 4d |
| cli/cli | #13551 | #13659 | 🔄 open | Jun 14 | 2d |
Pipeline Status
- Active repos: 6 (cli/cli, cookiecutter/cookiecutter, gitleaks/gitleaks, microsoft/TypeScript, psf/requests, sympy/sympy)
- Pending additions: 28 repos queued across 8 categories (web-api, cli-dev, typescript-js, sci-data, wildcard, go-tools, security, devops)
- Rotating schedule: 2 new repos/week with 7-day per-repo cooldown
- Failure pattern (persistent): ripgrep #3222 push-pr step still broken — PR URL does not resolve. Pipeline needs post-submit URL verification.
New Failure Patterns
| Pattern | Count | Repos Affected |
|---|---|---|
| submission-failed (push-pr) | 1 | BurntSushi/ripgrep |
| closed-not-merged | 1 | microsoft/TypeScript |
| Long open (25d+) without review | 2 | cookiecutter/cookiecutter |
Key Learnings
- cli/cli pin handling: When
--forcebypasses the fresh-install code path, flags like--pinare silently dropped. Always check for parallel flag interactions in force/fallback code paths. - gitleaks config deprecation: The
[allowlist]→[[allowlists]]migration is a trivial 1-line fix but represents a breaking config change in a security-sensitive tool. Patch is ready but unsubmitted. - Merge velocity declining: The gap between submissions and merges is widening. 8 submissions, only 1 merge (12%). The 25-day-old cookiecutter PRs and 29-day-old requests PR have received zero maintainer feedback.
Pipeline Adjustments
- Post-submit PR URL verification needed (ripgrep #3222 never made it to GitHub)
- Consider weekly follow-up comments on PRs open >14d without review