From 58c8df5cfa5e13594e62c3123953d3d4acc7eb94 Mon Sep 17 00:00:00 2001
From: kevinccbsg <kevinccbsg@gmail.com>
Date: Fri, 8 May 2026 22:55:23 +0200
Subject: [PATCH] chore: bump version to 0.3.0 and add CHANGELOG for dep
 updates

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 CHANGELOG.md      | 16 ++++++++++++++++
 package-lock.json |  4 ++--
 package.json      |  2 +-
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index df90a14..6ad813b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,21 @@
 # Changelog
 
+## 0.3.0 (2026-05-08)
+
+### Internal
+
+- **deps:** Bump runtime and dev dependencies. Notably crosses `ajv-formats` v2 → v3. The only behavioral change in v3 is that the `date-time` and `time` formats now require a timezone per RFC3339 — strings like `"2024-04-15T00:00:00"` (no `Z` / offset) will now fail validation. Use the new `iso-time` / `iso-date-time` formats to opt back into the v2 behavior.
+- **security:** Bumping `ajv` to ^8.20.0 closes the high-severity `fast-uri` advisories ([GHSA-q3j6-qgpj-74h6](https://github.com/advisories/GHSA-q3j6-qgpj-74h6), [GHSA-v39h-62p7-jpjc](https://github.com/advisories/GHSA-v39h-62p7-jpjc)) pulled in transitively.
+
+| package | from | to |
+|---|---|---|
+| ajv | ^8.18.0 | ^8.20.0 |
+| ajv-formats | ^2.1.1 | ^3.0.1 |
+| @apidevtools/json-schema-ref-parser | ^15.3.4 | ^15.3.5 |
+| path-to-regexp | ^8.4.0 | ^8.4.2 |
+| vitest | ^4.1.2 | ^4.1.5 |
+| @vitest/coverage-v8 | ^4.1.2 | ^4.1.5 |
+
 ## 0.2.0 (2026-04-20)
 
 ### Features
diff --git a/package-lock.json b/package-lock.json
index d8f8de3..ac10f7d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "openapi-mock-validator",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "openapi-mock-validator",
-      "version": "0.2.0",
+      "version": "0.3.0",
       "license": "MIT",
       "dependencies": {
         "@apidevtools/json-schema-ref-parser": "^15.3.5",
diff --git a/package.json b/package.json
index d9f1214..1350ab4 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "openapi-mock-validator",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Validate JSON payloads against OpenAPI 3.0/3.1 specs — catch mock drift before it hits production",
   "type": "module",
   "main": "./dist/index.js",