Skip to content

chore: release v0.11.1#11

Merged
Destynova2 merged 1 commit intodevelopfrom
release-plz-2026-03-02T23-04-52Z
Mar 2, 2026
Merged

chore: release v0.11.1#11
Destynova2 merged 1 commit intodevelopfrom
release-plz-2026-03-02T23-04-52Z

Conversation

@Destynova2
Copy link
Copy Markdown
Contributor

@Destynova2 Destynova2 commented Mar 2, 2026

🤖 New release

  • grob: 0.11.0 -> 0.11.1 (✓ API compatible changes)
Changelog

0.11.1 - 2026-03-02

Added

  • add Windows platform support via #[cfg] guards

This PR was generated with release-plz.

@Destynova2 Destynova2 merged commit aadd558 into develop Mar 2, 2026
13 of 14 checks passed
Destynova2 added a commit that referenced this pull request Mar 16, 2026
@Destynova2 @claude
fix(security): resolve 21 CodeQL alerts (2 critical, 18 high, 1 medium)
7035f68 
Critical:
- #9 #10: Replace hard-coded HMAC key with random session key when
  GROB_DLP_SECRET is unset (unpredictable pseudonyms by default)

High:
- #11 #12: Cap Vec::with_capacity to 1024 in OpenAI transform
  (prevents uncontrolled allocation from malicious input)
- #17 #18 #19: Add path traversal check in token_store persist()
  (reject ".." in file path)
- #6 #7 #8: Stop logging full response bodies in OpenAI provider
  (log length instead, truncate to 200 chars on parse error)
- #13 #14: Warn at construction if OAuth token_url uses plaintext HTTP
- #15 #16: Warn at construction if Gemini base_url uses plaintext HTTP
  (new warn_if_cleartext() helper in providers/mod.rs)
- #20 #21 #22: Annotate benchmark TLS cert bypass with lgtm comment
  (intentional: benchmarks use self-signed certs)
- #3: Avoid flowing API key through format string in preset info
- #4 #5: Remove secret values from test assertion messages

Medium:
- #1: Add explicit permissions block to release-plz workflow

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Destynova2 added a commit that referenced this pull request Mar 26, 2026
@Destynova2 @claude
chore(deps): update fuzz/Cargo.lock — fix Dependabot alerts
961dd8d 
- aws-lc-sys removed from dependency tree (no longer needed)
- rustls-webpki 0.103.9 → 0.103.10 (CRL matching fix)

Fixes: Dependabot alerts #9, #11, #15

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Destynova2 Destynova2 deleted the release-plz-2026-03-02T23-04-52Z branch March 30, 2026 19:51
@Destynova2 Destynova2 mentioned this pull request Apr 1, 2026
Closed
38 tasks
@Destynova2 Destynova2 mentioned this pull request Apr 21, 2026
Merged
6 tasks
Destynova2 added a commit that referenced this pull request Apr 21, 2026
@Destynova2
refactor(cli-config): split cli/config.rs 1080 LOC en 10 sous-modules (
f1969f8 
…#11) (#241)

Split `src/cli/config.rs` (1080 LOC god file) en 10 sous-modules par
domaine TOML. Ancien fichier renomme vers `config/mod.rs` puis allege
en module fin de re-exports (52 LOC).

Modules extraits :
- budget.rs        (22 LOC) BudgetConfig
- cache.rs         (49 LOC) CacheConfig
- security.rs     (216 LOC) SecurityConfig, ComplianceConfig, EnforcementMode, TeeConfig, FipsConfig
- server.rs       (140 LOC) ServerConfig, TimeoutConfig, TlsConfig, AcmeConfig
- telemetry.rs     (89 LOC) TracingConfig, OtelConfig
- user.rs          (32 LOC) UserConfig, PresetConfig
- routing.rs      (217 LOC) RouterConfig, PromptRule, ModelConfig, ModelMapping,
                            ModelStrategy, FanOutMode, FanOutConfig, TierConfig,
                            TierMatchCondition, ProjectConfig, ProjectRouterOverlay
- providers.rs    (149 LOC) ProviderConfig, AuthType, PoolConfig, PoolStrategy
- reliability.rs  (191 LOC) CircuitBreakerProviderConfig, HealthCheckProviderConfig,
                            parse_duration
- harness.rs       (22 LOC) HarnessConfig (cfg(feature = "harness"))

Tous les fichiers sont <= 220 LOC (seuil cible 300 LOC).

Move pur, aucune logique change, 0 diff comportemental. API publique
inchangee : `crate::cli::*` re-exporte via `config::*`. `default_true()`
partage entre security.rs et telemetry.rs est centralise dans mod.rs
comme `pub(crate) fn` (resolu via `super::default_true`).

Les doc-links `crate::cli::config::parse_duration` sont mis a jour vers
le chemin canonique public `crate::cli::parse_duration`.

Validation locale : cargo fmt + cargo clippy --all-features --all-targets
-D warnings + cargo test --all-features --lib (958 passed) + cargo test
--doc (19 passed). Commit pousse via gh api a cause d'une anomalie
ghost-reset dans le worktree (memory feedback_commis_push_ghosting).
@Destynova2 Destynova2 mentioned this pull request Apr 21, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Destynova2