v0.4.0
✨ New Features ✨
- Feat(merge): Signed rebase, stuck DCO recovery, dispatch lock, and repo-scoped output fixes @ModeSevenIndustrialSolutions (#277)
🐛 Bug Fixes 🐛
- Fix(ci): Surface Grype findings on audit failure @ModeSevenIndustrialSolutions (#259)
- Fix(merge): Enable auto-merge for blocked PRs @ModeSevenIndustrialSolutions (#270)
- Fix(coverage): Use package name in coverage source list @ModeSevenIndustrialSolutions (#285)
🔧 Maintenance 🔧
- Chore: Bump mypy from 1.20.1 to 1.20.2 @dependabot[bot] (#266)
- Chore: Bump typer from 0.24.1 to 0.25.0 @dependabot[bot] (#265)
- Chore: Bump lfreleng-actions/tag-validate-action from 1.0.1 to 1.0.2 @dependabot[bot] (#262)
- Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-python-codeql.yaml from 0.3.1 to 0.3.3 @dependabot[bot] (#263)
- Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.3.1 to 0.3.3 @dependabot[bot] (#264)
- Chore: pre-commit autoupdate @pre-commit-ci[bot] (#267)
- Chore: Bump release-drafter/release-drafter from 7.2.0 to 7.2.1 @dependabot[bot] (#269)
- Chore: Bump lfreleng-actions/python-test-action from 1.0.2 to 1.1.1 @dependabot[bot] (#272)
- Chore: pre-commit autoupdate @pre-commit-ci[bot] (#276)
- Chore: Bump step-security/harden-runner from 2.19.0 to 2.19.1 @dependabot[bot] (#274)
- Chore: Bump typer from 0.25.0 to 0.25.1 @dependabot[bot] (#273)
- Chore: Bump types-requests from 2.33.0.20260408 to 2.33.0.20260503 @dependabot[bot] (#275)
- Chore: Bump lfreleng-actions/python-audit-action from 0.2.6 to 0.2.7 @dependabot[bot] (#279)
- Chore: Bump lfreleng-actions/python-test-action from 1.1.1 to 1.1.2 @dependabot[bot] (#280)
- Chore: Bump release-drafter/release-drafter from 7.2.1 to 7.3.0 @dependabot[bot] (#281)
- Chore: Bump types-requests from 2.33.0.20260503 to 2.33.0.20260508 @dependabot[bot] (#283)
- Chore: Bump pydantic from 2.13.3 to 2.13.4 @dependabot[bot] (#284)
- Chore: Bump mypy from 1.20.2 to 2.0.0 @dependabot[bot] (#282)
- Chore: Bump urllib3 from 2.6.3 to 2.7.0 in the uv group across 1 directory @dependabot[bot] (#286)
- Chore: pre-commit autoupdate @pre-commit-ci[bot] (#287)
- Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-python-codeql.yaml from 0.3.3 to 0.3.4 @dependabot[bot] (#292)
- Chore: Bump types-requests from 2.33.0.20260508 to 2.33.0.20260513 @dependabot[bot] (#295)
- Chore: Bump mypy from 2.0.0 to 2.1.0 @dependabot[bot] (#293)
- Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.3.3 to 0.3.4 @dependabot[bot] (#291)
- Chore: Bump black from 26.3.1 to 26.5.0 @dependabot[bot] (#294)
- Chore: Bump step-security/harden-runner from 2.19.1 to 2.19.3 @dependabot[bot] (#290)
- Chore: pre-commit autoupdate @pre-commit-ci[bot] (#296)
- Chore: Bump github/codeql-action from 4.35.3 to 4.35.4 @dependabot[bot] (#297)
- Chore: Bump idna from 3.11 to 3.15 in the uv group across 1 directory @dependabot[bot] (#298)
- Chore: Bump step-security/harden-runner from 2.19.1 to 2.19.2 @dependabot[bot] (#299)
- Chore: pre-commit autoupdate @pre-commit-ci[bot] (#303)
- Chore: Bump github/codeql-action from 4.35.4 to 4.35.5 @dependabot[bot] (#302)
- Chore: Bump step-security/harden-runner from 2.19.2 to 2.19.3 @dependabot[bot] (#301)
- Chore: Bump responses from 0.26.0 to 0.26.1 @dependabot[bot] (#306)
- Chore: Bump types-requests from 2.33.0.20260513 to 2.33.0.20260518 @dependabot[bot] (#307)
- Chore: Bump black from 26.5.0 to 26.5.1 @dependabot[bot] (#308)
🎓 Code Quality 🎓
- CI: Queue concurrent release runs instead of cancelling @ModeSevenIndustrialSolutions (#271)
- CI(harden-runner): Switch egress policy to block mode @ModeSevenIndustrialSolutions (#278)
- CI(harden-runner): Add audit fallback for fork PR runs @ModeSevenIndustrialSolutions (#288)
- CI(zizmor): Add per-repo zizmor security audit workflow @ModeSevenIndustrialSolutions (#289)
- CI: Replace legacy harden-runner pair with allow-list loader @ModeSevenIndustrialSolutions (#304)