Skip to content

helpbutton-qs: v3.0.0

Choose a tag to compare

View all tags
@mountaindude mountaindude released this 29 May 05:26
helpbutton-qs-v3.0.0
49e86ad
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

3.0.0 (2026-05-29)

Mostly incremental, small fixes and documentation updates, but a couple of bigger things too:

  • Removed the "Sense session" auth strategy in the bug report/feedback dialogs. It had nothing to do with Sense authentication and should not have been there in the first place. Less is more.
  • Optional merge of menu items in the app toolbar help button, in the situations where the extension is deployed on more than one app sheet. Previously the menu items from each extension would have been stacked after each other, causing duplicates and a potentially very long dropdown from the help button. No more - just enable the merge in the extension property panel and the help button dropdown stays nice and relevant.
  • Added an SBOM as part of the release assets.

⚠ BREAKING CHANGES

  • auth: Remove the "Sense session" auth strategy, as it really had nothing to do with Sense auth...

Features

  • add configurable menu item merge modes (b42b371)
  • add live updates to demo server dashboard (1299b7a)
  • auth: Remove the "Sense session" auth strategy, as it really had nothing to do with Sense auth... (27852d3)
  • security: Add new zizmor workflow (7f54110)

Bug Fixes

  • clamp rating to [1,5] to prevent resource exhaustion in demo-server (4d6a13c)
  • disable funding via Polar, as they cannot handle Github sponsorships (according to their won support) (b1e2886)
  • guard renderStars against resource exhaustion via unbounded repeat() (40787d0)
  • log resolved merge mode in debug output, not raw undefined (604718c)
  • require integer feedback ratings in demo server (b15a278)
  • simplify release artifact upload glob (dfdbcde)
  • tighten release SBOM generation (c515d71)
  • Update conditional checks for repository owner in CI workflows (fdeca39)
  • use comma-separated release artifacts (2ab1158)
  • validate rating in renderStars to prevent resource exhaustion (fb5fbd0)

Miscellaneous

  • demo server: update deps to latest versions (9ea0669)
  • deps: bump astral-sh/setup-uv from 8.0.0 to 8.1.0 (2b62380)
  • deps: bump webpack-dev-server (2cfbcab)
  • deps: bump webpack-dev-server from 5.2.3 to 5.2.4 in the npm_and_yarn group across 1 directory (b7cdac2)
  • Move legacy HTML inject help button to legacy folder (e3b6764)

Refactoring

  • align stored demo rating with integer validation (21bc131)
  • clarify inline comments in mergeMenuItems two-pass logic (b4d0c85)
  • normalize menu merge mode internally (04514fb)
  • replace O(n²) splice dedup with O(n) two-pass approach in mergeMenuItems (9ea62e3)

Documentation

  • add menu items property refs (42f5ed5)
  • add missing JSDoc to source helpers (9be3ab8)
  • add README security stance (ee5c447)
  • add supply-chain security note (7837e46)
  • align JSDoc formatting with review feedback (d3cfd96)
  • clarify menu merge behavior (492a7e6)
  • clarify menu merge comment (640229c)
  • clarify merge mode property and caveat (4ead1ed)
  • clarify security review follow-up note (f74a761)
  • clarify unlabeled merge behavior (f49aada)
  • correct capitalization in project title (477fce3)
  • record 2026 security review findings (f3b68da)
  • reorganize documentation by audience (f99eeff)
  • update security findings in release workflow section (c4d3dd8)

🛡 VirusTotal GitHub Action analysis:

Assets 4
Loading