Skip to content

chore: release v0.11.0#10

Merged
Destynova2 merged 1 commit intodevelopfrom
release-plz-2026-03-02T22-33-22Z
Mar 2, 2026
Merged

chore: release v0.11.0#10
Destynova2 merged 1 commit intodevelopfrom
release-plz-2026-03-02T22-33-22Z

Conversation

@Destynova2
Copy link
Copy Markdown
Contributor

@Destynova2 Destynova2 commented Mar 2, 2026

🤖 New release

  • grob: 0.10.3 -> 0.11.0 (⚠ API breaking changes)

grob breaking changes

--- failure constructible_struct_adds_field: externally-constructible struct adds field ---

Description:
A pub struct constructible with a struct literal has a new pub field. Existing struct literals must be updated to include the new field.
        ref: https://doc.rust-lang.org/reference/expressions/struct-expr.html
       impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.46.0/src/lints/constructible_struct_adds_field.ron

Failed in:
  field ProviderConfig.pass_through in /tmp/.tmpNWOWkT/grob/src/providers/mod.rs:185
  field ProviderParams.pass_through in /tmp/.tmpNWOWkT/grob/src/providers/mod.rs:123
Changelog

0.11.0 - 2026-03-02

Added

  • add pass-through provider mode for wildcard model routing

This PR was generated with release-plz.

@Destynova2 Destynova2 merged commit afafeee into develop Mar 2, 2026
11 of 12 checks passed
Destynova2 added a commit that referenced this pull request Mar 16, 2026
@Destynova2 @claude
fix(security): resolve 21 CodeQL alerts (2 critical, 18 high, 1 medium)
7035f68 
Critical:
- #9 #10: Replace hard-coded HMAC key with random session key when
  GROB_DLP_SECRET is unset (unpredictable pseudonyms by default)

High:
- #11 #12: Cap Vec::with_capacity to 1024 in OpenAI transform
  (prevents uncontrolled allocation from malicious input)
- #17 #18 #19: Add path traversal check in token_store persist()
  (reject ".." in file path)
- #6 #7 #8: Stop logging full response bodies in OpenAI provider
  (log length instead, truncate to 200 chars on parse error)
- #13 #14: Warn at construction if OAuth token_url uses plaintext HTTP
- #15 #16: Warn at construction if Gemini base_url uses plaintext HTTP
  (new warn_if_cleartext() helper in providers/mod.rs)
- #20 #21 #22: Annotate benchmark TLS cert bypass with lgtm comment
  (intentional: benchmarks use self-signed certs)
- #3: Avoid flowing API key through format string in preset info
- #4 #5: Remove secret values from test assertion messages

Medium:
- #1: Add explicit permissions block to release-plz workflow

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Destynova2 Destynova2 deleted the release-plz-2026-03-02T22-33-22Z branch March 30, 2026 19:51
@Destynova2 Destynova2 mentioned this pull request Apr 1, 2026
Closed
38 tasks
@Destynova2 Destynova2 mentioned this pull request Apr 21, 2026
Merged
4 tasks
Destynova2 added a commit that referenced this pull request Apr 21, 2026
@Destynova2
refactor(dlp): split pii.rs into cards/iban/bic (T-SP-4 #10) (#243)
3aa9ad3 
* refactor(dlp): extract cards module from pii.rs (T-SP-4 #10)

Move credit card regex, Luhn validation, and CC canary generation into
src/features/dlp/cards.rs. pii.rs re-exports luhn_check for backward
compat with external doctests.

First of three splits to slim pii.rs from 1250 LoC toward orchestration-
only (audit item #10 Tier 2).

* refactor(dlp): extract iban module from pii.rs (T-SP-4 #10)

Move IBAN regex, ISO 7064 mod-97 validation, and IBAN canary generator
into src/features/dlp/iban.rs. pii.rs re-exports iban_mod97_check for
backward compat with external doctests.

Second of three splits to slim pii.rs toward orchestration-only.

* refactor(dlp): extract bic module from pii.rs (T-SP-4 #10)

---------

Co-authored-by: commis-ci-fix <commis-ci-fix@grob.local>
@Destynova2 Destynova2 mentioned this pull request Apr 21, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Destynova2