Skip to content

v0.4.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 May 17:21
· 80 commits to main since this release
v0.4.0
e480b4e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • build(deps): bump the npm-minor-patch group in /harness with 2 updates by @dependabot[bot] in #30
  • fix: require claude tool_use_id by @Rul1an in #31
  • build(deps): bump the npm-minor-patch group in /harness with 3 updates by @dependabot[bot] in #32
  • ci: workflow security baseline (PR1 of 5) by @Rul1an in #33
  • feat(evidence): source producer-version from package.json (PR2 of 5) by @Rul1an in #34
  • fix(dependabot): remove unsupported semver-major-days for github-actions by @Rul1an in #39
  • feat(mcp): emit production MCP-interaction evidence + harden command (was PR #35) by @Rul1an in #38
  • feat(policy,trust-gate): wildcard escaping, zod validation, spawn bounds (was PR #36) by @Rul1an in #41
  • ci: setup-node-harness composite action + CI notes (was PR #37) by @Rul1an in #42
  • build(deps): bump github/codeql-action from 4 to 4.35.3 in /.github/workflows in the actions group by @dependabot[bot] in #40
  • feat(verify): recursive forbidden-key scan with runtime/payload split (PR1/3 follow-up audit) by @Rul1an in #43
  • ci(release): drop npm cache to close supply-chain residual (PR2/3 follow-up audit) by @Rul1an in #44
  • feat(mcp): allowUnsafeFullCommand opt-out for trusted command sources (PR3/3 follow-up audit) by @Rul1an in #45
  • chore(release): v0.4.0 by @Rul1an in #46

Full Changelog: v0.3.2...v0.4.0

Contributors

dependabot and Rul1an
Assets 8
Loading