Release core 0.7.3, server 0.8.3, and cli 0.10.0#163
Conversation
Release debt accumulated since the 0.7.2 / 0.8.2 release (#149): core 0.7.3 (patch): the two client-router fixes from #151 and #157 (JS-handled forms and links were hijacked by the router despite e.preventDefault). server 0.8.3 (patch): #161 (modulepreload hints no longer point at server-only or template-embedded files the auth gate 404s) and #156 (webjs check no longer leaks a git env var across worktrees). Both stay in a single minor line; all in-repo dependents pin ^0.7.0 / ^0.8.0, so no dependent range edits are needed. Lockfile regenerated.
vivek7405
left a comment
There was a problem hiding this comment.
Checked this as a release, since merging it publishes to npm. Patch is the right level for both: all four covered commits are fixes with no new public API, and every dependent pins ^0.7.0 / ^0.8.0 so the bumps stay in range. Walked both changelog files against their linked commits and the prose, PR numbers, SHAs, and commit_count all line up; #156's commit also carried the route-skills hook but the entry correctly scopes itself to the git-env fix. Lockfile shows the two workspace packages at 0.7.3 / 0.8.3, so npm ci will not desync. One thing I am deliberately leaving for a separate release: cli has the whole webjs vendor surface (#105, #89) unreleased and feature-level, which is a 0.9.1 to 0.10.0 minor, not a patch, and does not belong in this fixes-only PR. ui and ts-plugin are genuinely clean.
cli 0.9.1 shipped without the `webjs vendor` command surface that #105 and #89 added (pin / unpin / list / audit / outdated / update, the --from multi-CDN selector, and --download caching). That is feature-level work, so a minor bump. create-webjs and webjsdev are thin shims that delegate to cli; widen their `@webjsdev/cli` range from ^0.9.0 to ^0.10.0 so the workspace keeps linking the local cli (a minor bump falls outside the old caret). They are not in the changelog auto-publish system, so they carry no changelog entry of their own. Lockfile regenerated.
vivek7405
left a comment
There was a problem hiding this comment.
Folded the cli release in too. Minor is right: #105 and #89 are not ancestors of the cli 0.9.1 release commit, and they add a net-new webjs vendor command surface (pin/unpin/list/audit/outdated/update, --from, --download), so additive feature work, 0.9.1 to 0.10.0. Changelog prose matches both diffs and the SHAs/PR numbers line up. The minor breaks the ^0.9.0 caret in create-webjs and webjsdev (the two thin shims that delegate to cli), so I widened those to ^0.10.0; the lockfile links them to the local packages/cli at 0.10.0 with no stray ^0.9.0 left, so npm ci stays green. The four example apps pin cli ^0.8.0 on purpose and resolve the published 0.8.6 from the registry, so I left them alone. One real follow-up, called out in the PR body: the published create-webjs/webjsdev 0.9.0 still pin ^0.9.0, so npm create webjs keeps pulling cli 0.9.x until those shims are themselves republished, which is outside the changelog auto-publish.
Summary
Cuts the accumulated release debt since the 0.7.2 / 0.8.2 release (#149). Two packages carry unreleased fixes.
@webjsdev/core0.7.2 to 0.7.3 (patch)@click+preventDefaultwas hijacked by a capture-phase listener).@webjsdev/server0.8.2 to 0.8.3 (patch)webjs checkfrom leaking a git env var across worktrees.Why now
These fixes are already on
mainbut unpublished. The version-bump assessment after merging #161 found bothcoreandserverowed a patch release. Both stay in a single minor line; every in-repo dependent pins^0.7.0/^0.8.0, so the patch bumps stay in range and no dependent edits were needed.package-lock.jsonregenerated.What merging does
changelog/core/0.7.3.mdandchangelog/server/0.8.3.mdtomain, which triggersrelease.ymltonpm publishboth packages and cut their GitHub Releases (idempotent, already-published versions are skipped).package-lock.json, which all four deployed dogfood services watch, so it redeploysexamples/blog,website,docs, andui-websiteonto the newmain. This is what finally clears the live preload-404s on blog and docs, since the Keep modulepreload hints within the servable set #161 fix is framework-only and did not auto-redeploy the apps on its own merge.Test plan
No code change beyond version + changelog files. CI runs the full suite against the bumped workspace (the lockfile being in sync is enforced by
npm ci).Update: added
@webjsdev/cli0.9.1 to 0.10.0 (minor)Per the version-bump assessment, cli was also owed a release. cli 0.9.1 shipped without the
webjs vendorcommand surface that #105 and #89 landed (pin/unpin/list/audit/outdated/update, the--frommulti-CDN selector,--downloadcaching). That is feature-level, so a minor bump (the published cli is 0.9.1; the vendor commits are not ancestors of the 0.9.1 release).create-webjsandwebjsdevare thin shims that delegate to cli; their@webjsdev/clirange is widened^0.9.0to^0.10.0so the workspace keeps linking the local cli (a minor falls outside the old caret). They are not in the changelog auto-publish system, so they carry no changelog of their own and are NOT version-bumped here.One thing to know: the published
create-webjs@0.9.0/webjsdev@0.9.0still pin cli^0.9.0, sonpm create webjswill keep pulling cli 0.9.x until those two shims are themselves bumped and republished (a manual step, since they are outside thechangelog/**auto-publish). Not blocking this release; flagging it so new scaffolds picking up the vendor commands is a deliberate follow-up.