Skip to content

Bump version to v5.41.1 [merge now]#2817

Merged
piyalbasu merged 1 commit into
masterfrom
bump-version
May 27, 2026
Merged

Bump version to v5.41.1 [merge now]#2817
piyalbasu merged 1 commit into
masterfrom
bump-version

Conversation

@github-actions

Copy link
Copy Markdown
Contributor

Bumping version on master branch to v5.41.1.

Copilot AI review requested due to automatic review settings May 27, 2026 14:43

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@piyalbasu piyalbasu merged commit 308a529 into master May 27, 2026
6 checks passed
@piyalbasu piyalbasu deleted the bump-version branch May 27, 2026 14:47
piyalbasu added a commit that referenced this pull request May 29, 2026
* bump versions to 5.41.1 (#2817)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Add CTA to let users know they can paste mnemonic phrase into box (#2803)

* add subtext copy to paste mnemonic phrase

* update snapshots for import screen

* Restore submitProduction Sentry secrets fix on master (re-apply #2783) (#2819)

* Fix submitProduction workflow secrets references

The Sentry env-var guards used the `secrets` context inside step-level
`if:` expressions, which GitHub Actions does not allow ("Unrecognized
named-value: 'secrets'"). Map the Sentry secrets into the workflow-level
`env:` block and check them via `env.*`, matching the existing
`INDEXER_*` pattern.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Scope Sentry secrets to the validation step only

Drop the workflow-level env entries for SENTRY_ORG / SENTRY_PROJECT /
SENTRY_AUTH_TOKEN and collapse the three separate guard steps into one
"Validate Sentry secrets" step with a local env: block. This keeps the
credentials out of every other step's process environment (including
third-party actions in the job) and replaces the gh-run-cancel dance
with a plain exit 1.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Cássio Marcos Goulart <cassiomgoulart@gmail.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Truncate long memos dynamically (#2812)

* adjust long memo truncation

* simplify logic of memo truncation centralized

* cleanup ellipsize logic from claude review

* Strip Amplitude autocapture remote-code from extension bundle

The Chrome Web Store / Firefox AMO rejected the build for shipping
remotely-hosted code:

    https://cdn.amplitude.com/libs/visual-tagging-selector-1.0.0-alpha.js.gz

This URL (and a sibling background-capture URL) comes from
@amplitude/plugin-autocapture-browser, which @amplitude/analytics-browser
imports statically. We initialize Amplitude with `autocapture: false`, so
the code never runs — but the runtime flag does not remove the URLs from
the bundle, and store review scans the static bundle.

Alias the autocapture plugin to a no-op stub via webpack resolve.alias.
This removes the visual-tagging-selector URL directly; because nothing
else imports getOrCreateWindowMessenger / enableBackgroundCapture from
@amplitude/analytics-core, tree-shaking also drops the core messenger
code holding the background-capture URL.

Verified against a clean production build: zero matches for
cdn.amplitude.com, visual-tagging-selector, background-capture, or
loadScriptOnce in the emitted .js, with the Amplitude analytics/experiment
SDKs otherwise intact.

The autocapture SDK first shipped in 5.39.0 (commit a3b2b50, PR #2659).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Order transactions by date (#2810)

* add transaction date ordering

* cleanup mocks and sort logic

* adjust comment to reflect ordering reason

* Don't embed literal blocked CDN URLs in stub comment

Addresses review feedback: the production build emits source maps with
sourcesContent and the store submission zips the build dir recursively,
so a literal blocked remote-code URL in this comment could ride into the
shipped .map artifact and re-trigger the store rejection. Describe the
libs by name instead of writing the full fetchable URLs.

(Verified the stub's source is currently DCE'd out of all emitted maps,
so this is defense-in-depth against future config/bundler changes.)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: leofelix077 <leonardoaalf077@hotmail.com>
Co-authored-by: Cássio Marcos Goulart <cassiomgoulart@gmail.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@github-actions github-actions Bot mentioned this pull request Jun 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants