Skip to content

chore(deps-dev): Bump @codluv/versionguard from 0.4.0 to 1.2.0#27

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/codluv/versionguard-1.2.0
Open

chore(deps-dev): Bump @codluv/versionguard from 0.4.0 to 1.2.0#27
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/codluv/versionguard-1.2.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps @codluv/versionguard from 0.4.0 to 1.2.0.

Release notes

Sourced from @​codluv/versionguard's releases.

v1.2.0

Release @​codluv/versionguard@​1.2.0

v1.1.0

Release @​codluv/versionguard@​1.1.0

v1.0.0

Release @​codluv/versionguard@​1.0.0

v0.9.0

Added

  • Add GitHub Dependabot config generation (T007)

    • New github.dependabot config field (default: true) — opinionated default for GitHub-hosted projects
    • vg init wizard generates .github/dependabot.yml from detected manifests automatically
    • Shared MANIFEST_TO_ECOSYSTEM mapping reuses VG's existing ecosystem detection (DRY)
    • Supports all VG manifest types: npm, cargo, pip, pub, composer, maven
    • Always includes github-actions ecosystem entry
    • Minor+patch grouped into single PRs for clean PR lists
    • --no-github headless flag to opt out
    • vg doctor warns when dependabot config is enabled but file is missing
    • CKM auto-generates github topic from GitHubConfig
    • 11 new tests (248 total)

v0.8.1

Fixed

  • Upgrade all dependencies to latest versions

    • glob: 10.5.0 → 13.0.6 (fixed deprecated/vulnerable version, 28 fewer transitive deps)
    • commander: 12.0.0 → 14.0.3 (major upgrade, no API changes needed)
    • vite: 7.1.7 → 8.0.3 (major upgrade, build tool)
    • eslint: 9.37.0 → 10.1.0 (major upgrade, fixes brace-expansion audit vulnerability)
    • @​biomejs/biome: 2.2.4 → 2.4.9
    • typescript-eslint: 8.46.1 → 8.57.2
    • vitest: 4.0.7 → 4.1.2
    • @​vitest/coverage-v8: 4.0.7 → 4.1.2
    • js-yaml: 4.1.0 → 4.1.1
    • @​types/node: 24.6.0 → 25.5.0
    • 0 vulnerabilities (was 6), 0 deprecation warnings

v0.8.0

Added

  • Add repo-wide version literal scanning (T003)

... (truncated)

Changelog

Sourced from @​codluv/versionguard's changelog.

[1.2.0] - 2026-03-30

Added

  • replace local CKM module with ckm-sdk package

    Removes the handrolled src/ckm/ module (engine, types, index) and replaces it with the published ckm-sdk@2026.3.1 package. The CKM engine is now backed by a Rust core via NAPI-RS bindings, providing schema validation, v1→v2 migration, and progressive disclosure — all features the local module lacked.

    The vg ckm CLI command works identically. The CkmEngine type is no longer exported from the public API (the SDK engine is opaque).

[1.1.0] - 2026-03-29

Added

  • sync regex no longer corrupts nested JSON version keys (fixes #10)

    JSON sync targets now use structural parsing instead of regex, only updating the top-level "version" field. The default sync regex also adds a negative lookbehind to prevent matching dotted paths like scripts.version in non-JSON files.

    breaking: remove bump --apply flag (closes #8, #9)

    vg bump is now suggest-only. Version writing to manifests is the responsibility of release automation tools like Changesets — not an enforcement tool. The broken --apply flag that couldn't write TOML (#8) and picked wrong options (#9) has been removed entirely rather than fixed, because it violated VG's integration philosophy.

    breaking: remove deprecated --strict and --scan flags

    All checks run by default since v1.0.0. These flags were dead code. Using them now produces an "unknown option" error instead of a silent deprecation warning.

[1.0.0] - 2026-03-29

Changed

  • Strict by default: validate runs all checks without flags

    BREAKING CHANGES:

    • scan.enabled now defaults to true (was false)
    • Guard checks (hook bypass detection) now run by default via guard.enabled: true
    • New publish status check verifies versions against ecosystem registries
    • --strict and --scan CLI flags are deprecated (still work, print warnings)

... (truncated)

Commits
  • 0a3ef7b feat: replace local CKM module with ckm-sdk@2026.3.1
  • 23e5906 fix(ci): run fix-changelog before validate in release workflow
  • 5810906 chore: version packages (#11)
  • 7c08294 chore: upgrade forge-ts to v0.22.1, regenerate docs
  • 94710be docs: fix forge-ts check errors and regenerate CKM
  • ff7bee5 docs: regenerate CKM and API reference after sync/CLI changes
  • 63d827e chore: ignore clawmsgr config glob pattern
  • f4cea29 fix: sync JSON-aware, remove bump --apply and deprecated flags (#8, #9, #10)
  • 5cefe29 ci: add workflow_dispatch trigger to release workflow
  • 08cac49 fix: restructure changelog for v1.0.0 release
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 1, 2026
@dependabot dependabot bot requested a review from kryptobaseddev as a code owner April 1, 2026 23:00
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/codluv/versionguard-1.2.0 branch from b70c184 to 3df4206 Compare April 3, 2026 19:28
@dependabot
chore(deps-dev): Bump @codluv/versionguard from 0.4.0 to 1.2.0
42e4f91 
Bumps [@codluv/versionguard](https://github.com/kryptobaseddev/versionguard) from 0.4.0 to 1.2.0.
- [Release notes](https://github.com/kryptobaseddev/versionguard/releases)
- [Changelog](https://github.com/kryptobaseddev/versionguard/blob/main/CHANGELOG.md)
- [Commits](kryptobaseddev/versionguard@v0.4.0...v1.2.0)

---
updated-dependencies:
- dependency-name: "@codluv/versionguard"
  dependency-version: 1.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/codluv/versionguard-1.2.0 branch from 3df4206 to 42e4f91 Compare April 6, 2026 19:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kryptobaseddev kryptobaseddev Awaiting requested review from kryptobaseddev kryptobaseddev is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants