Skip to content

release#103

Open
JulianWielga wants to merge 36 commits into
masterfrom
dev
Open

release#103
JulianWielga wants to merge 36 commits into
masterfrom
dev

Conversation

@JulianWielga

Copy link
Copy Markdown
Member

No description provided.

JulianWielga and others added 28 commits February 19, 2026 20:21
## [1.2.2-beta.1](v1.2.1...v1.2.2-beta.1) (2026-02-19)

### Bug Fixes

* ci build ([a3f874f](a3f874f))
* update major deps ([b7f5168](b7f5168))
Bumps the dev-dependencies group with 2 updates: [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) and [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional).


Updates `@commitlint/cli` from 20.4.2 to 20.4.3
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.4.3/@commitlint/cli)

Updates `@commitlint/config-conventional` from 20.4.2 to 20.4.3
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.4.3/@commitlint/config-conventional)

---
updated-dependencies:
- dependency-name: "@commitlint/cli"
  dependency-version: 20.4.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 20.4.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
- Add getAllArgs() function to parse multiple --exposes arguments
- Support inline configuration without federation.config.json file
- Auto-prefix keys with ./ if missing (e.g., App -> ./App)
- Validate that both --name and --exposes are provided together
- Priority: inline config > --config > auto-find
- Add warning when both inline config and --config are provided
- Update README.md with inline config examples and usage guide
- Shell-friendly format with tab completion support for file paths
- Add test-inline workspace with sample TypeScript files
- Test coverage: App component with React props, nested utils/helper module
- Inline config tested via workspace make-types script
- Both file-based and inline config tests run via npm test
- Update AGENTS.md with new test structure and commands
- Add validate-types.js scripts for both test workspaces
- Validate presence of expected module declarations
- Validate presence of expected type exports
- Automatically run validation after type generation
- Exit with error code if validation fails
- Update .nvmrc from v16.15.1 to v22.14.0
- Update CI matrix: drop Node 18.x, add Node 24.x (20.x, 22.x, 24.x)
- Remove EBADENGINE warnings for semantic-release v25
- Maintain compatibility with latest semantic-release ecosystem
- All tests pass on Node 22.14.0
# [1.3.0-beta.1](v1.2.2-beta.1...v1.3.0-beta.1) (2026-03-10)

### Bug Fixes

* extension in exposed path ([e707c3e](e707c3e))

### Features

* add inline config via --name and --exposes CLI arguments ([34e4752](34e4752))
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
…s/setup-node-6

build(deps): bump actions/setup-node from 4 to 6
…ns/checkout-6

build(deps): bump actions/checkout from 4 to 6
…endencies-fb1c044c4b

build(deps-dev): bump the dev-dependencies group with 2 updates
- Add inline config examples and documentation
- Include validate-types.js test workflow
- Consolidate duplicate sections
- Add Node v22.14.0 requirement
- Remove redundant subsections
- Keep all critical information for agentic coding
- Add chalk dependency for terminal colors
- Color scheme: red errors, yellow warnings, blue paths/values, gray debug, green success
- Apply colors to CLI output and test validation scripts
# [1.3.0-beta.2](v1.3.0-beta.1...v1.3.0-beta.2) (2026-03-10)

### Features

* add colored output with chalk ([1b33197](1b33197))
Previous commit used unknown key 'minimum-release-age' which npm silently
ignored (warning: Unknown project config). Correct key is 'min-release-age'
and value is in days, not minutes.
Mutable tags (@v6, @v4, @v5) can be retargeted by a compromised action
maintainer, which would let an attacker execute arbitrary code in the
release job that holds NPM_TOKEN. Pinning to commit SHA with a version
comment preserves Dependabot auto-updates.
Replace long-lived NPM_TOKEN with OIDC-based trusted publishing.
The release job now reserves the 'npm-publish' GitHub environment,
which is restricted to master/dev — only workflow runs from those
branches get an OIDC token accepted by npm. Provenance attestations
are generated automatically.

Requires the 'npm-publish' environment to be created in repo settings
before this lands.
@semantic-release/github tries to open an issue on release failure
and comment on closed PRs on success. Issues are disabled on this
repo, so both calls 410'd and blocked the release flow.
Previous CI run created tag v1.3.0-beta.3 and the chore(release)
commit before npm publish failed (NPM_TOKEN had already been removed
but OIDC wasn't fully working yet). The tag exists on remote but
nothing was published to npm. This empty commit gives semantic-release
something releasable so it bumps to 1.3.0-beta.4 with the now-working
OIDC trusted publishing.
semantic-release-bot and others added 2 commits May 28, 2026 10:02
# [1.3.0-beta.3](v1.3.0-beta.2...v1.3.0-beta.3) (2026-05-28)

### Bug Fixes

* trigger release after orphaned 1.3.0-beta.3 tag ([61ddeb3](61ddeb3))
* use correct npm config key for min-release-age ([a50c721](a50c721))

### Performance Improvements

* cache TS build info for incremental type generation ([e8ab9e6](e8ab9e6))
npm rejected publish with E422 because the provenance attestation
(generated from GitHub's canonical 'TouK/federated-types') didn't
match package.json's 'touk/federated-types' (lowercase).

Also switch to the object form to silence the auto-corrected
warning about string→object normalization.
semantic-release-bot and others added 2 commits May 28, 2026 10:39
# [1.3.0-beta.4](v1.3.0-beta.3...v1.3.0-beta.4) (2026-05-28)

### Bug Fixes

* use canonical TouK case in repository URL for npm provenance ([908e120](908e120))
@JulianWielga JulianWielga deployed to npm-publish May 28, 2026 11:28 — with GitHub Actions Active
# [1.3.0-beta.5](v1.3.0-beta.4...v1.3.0-beta.5) (2026-05-28)

### Bug Fixes

* trigger beta release to verify OIDC after secret cleanup ([41fcc4e](41fcc4e))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants