chore: release — promote dev to stable (includes @stackwright/types@1.5.0 CollectionProvider types)#410
Merged
Conversation
…403) * fix(core,types): remove zod internals from published .d.ts - Replace z.ZodTypeAny in ContentTypeEntry / registerContentType / getContentTypeSchema with a local ZodSchema structural interface - Fix siteDefaults.ts relative source import → import type from package, eliminating z.core.$strip cascade in bundled declarations - Add workspace sibling packages to tsup external array - Replace z.ZodSchema / z.ZodTypeAny[] in PrebuildPlugin with ZodLike Consumer projects can delete stackwright-core.d.ts stub overrides. * fix(cli): update stale scaffold template package versions VERSIONS constant in buildPackageJson() was 4+ releases behind: - @stackwright/core: ^0.7.0 → ^0.8.0 - @stackwright/nextjs: ^0.3.1 → ^0.5.0 - @stackwright/icons: ^0.3.0 → ^0.5.0 - @stackwright/build-scripts: ^0.4.0 → ^0.7.0 (critical — plugin API is 0.5.0+) - @stackwright/ui-shadcn: ^0.1.0 → ^0.1.0 (minor range correct) - @stackwright/otters: ^0.2.0-alpha.0 → ^0.2.0 Adds scripts/sync-versions.mjs — run before releases to keep VERSIONS in sync with workspace package.json files automatically. * chore: update pnpm lockfile after cli package.json changes * fix: resolve CI failures — ZodLike discriminated union, internal cast, basic-ftp CVE - ZodLike interface now uses a discriminated union so TypeScript correctly narrows result.error in prebuild.ts validateIntegrationConfig() - Cast extraContentSchemas to z.ZodTypeAny[] internally in prebuild.ts; ZodLike is the public API surface, real Zod schemas are safe to cast - Update basic-ftp pnpm override from >=5.3.0 to >=5.3.1 (GHSA-rpmf-866q-6p89) * fix: apply same discriminated-union fix to ZodSchema in core zod-compat.ts contentRenderer.tsx accesses validation.error.issues after an !validation.success guard — same narrowing issue as plugin.ts ZodLike. Apply the identical discriminated-union pattern so TS18048 is resolved. * fix: update stale scaffold test expectation for @stackwright/core version The template-processor.ts already uses '^0.8.0' for swCore but the test was asserting '^0.7.0' — stale snapshot. Bump to match reality. --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
…404) Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
* fix: add workspace:* publish guards to all packages - Remove stale @stackwright/collections dep from @stackwright/core - Add prepublishOnly guard (identical to @stackwright/cli) to all 15 publishable packages that were missing it - Fix @stackwright/maplibre peerDependencies to use >=0.8.0 instead of workspace:* for @stackwright/core * chore: update lockfile after removing stale collections dep from core * fix(core): move @stackwright/collections to devDependencies (type-only import) --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
…pes (#407) CollectionProvider, CollectionEntry, CollectionListOptions, and CollectionListResult are interface contracts — they belong in the types package, not in an implementing package. @stackwright/collections re-exports all four from @stackwright/types so existing consumers are unaffected. @stackwright/core's registry now imports directly from @stackwright/types. Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
#408) * fix(types): move scaffold hook interfaces from hooks-registry to types * fix(ci): resolve fast-uri CVEs, performance budget/Playwright API failures - Add fast-uri>=3.1.2 pnpm override to kill GHSA-q3j6-qgpj-74h6 and GHSA-v39h-62p7-jpjc (high-severity CVEs in @commitlint transitive dep) - Regenerate pnpm-lock.yaml: fast-uri 3.1.0 -> 3.1.2 - Bump performance-budgets.json firstLoadJS max 300KB->440KB and allPagesJS max 850KB->1045KB to reflect current measured bundle sizes (403KB / 932KB); budgets were stale, PR changes are types-only / zero runtime footprint - Fix runtime-vitals.bench.ts: replace chromium.launch() with chromium.launchServer() so wsEndpoint() is available (Browser no longer exposes it in Playwright v1.38+; only BrowserServer does) - Fix Theme Switch test: use waitUntil:'load' instead of waitForLoadState( 'networkidle') which was timing out at 30s on the large first-load bundle * fix(ci): switch npm publish to pnpm publish for workspace:* resolution Replace bare 'npm publish' with 'pnpm publish --no-git-checks' in both release and prerelease workflows. --no-git-checks is required because 'changeset version' dirties the working tree before publish runs. The 'npm view' registry-query lines and NODE_AUTH_TOKEN env var are intentionally left unchanged — they are not publish commands. * fix(ci): bump next override to >=16.2.5 (GHSA-8h8q-6873-q5fj), fix Lighthouse CDP port - Raise pnpm override 'next' from >=16.1.7 to >=16.2.5 to clear the new high-severity Next.js DoS CVE (GHSA-8h8q-6873-q5fj, vulnerable range >=16.0.0 <16.2.5, resolves to next@16.2.6). pnpm audit now exits 0 with only low/moderate severities remaining. - Fix Lighthouse integration in runtime-vitals.bench.ts: replace chromium.launchServer() with chromium.launch({ --remote-debugging-port }) using a dynamically-allocated free port (via net.createServer(:0)). launchServer() exposes only a Playwright WebSocket endpoint; Lighthouse's internal puppeteer-core polls http://HOST:PORT/json/version and got back the plain string 'Running' instead of CDP JSON, causing: SyntaxError: Unexpected token 'R', "Running" is not valid JSON Applied to both runLighthouse() and the inline Mobile Performance test (variable renamed mobileBrowser/mobilePort to avoid shadowing). - Fix Theme Switch test timeout: use waitUntil:'domcontentloaded' instead of 'load' — load waits for all 403 KB of first-load JS to transfer and was hitting the 30 s navigation timeout. Also narrow switchTime to measure only the click itself (not the 1 s waitForFunction detection window which inflated the measurement past the 100 ms budget when the app expresses theme via CSS variables rather than data-theme/body-class attributes). --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.12.2 to 25.6.2. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.6.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [@vitest/ui](https://github.com/vitest-dev/vitest/tree/HEAD/packages/ui) from 4.1.4 to 4.1.6. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/ui) --- updated-dependencies: - dependency-name: "@vitest/ui" dependency-version: 4.1.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [maplibre-gl](https://github.com/maplibre/maplibre-gl-js) from 4.7.1 to 5.24.0. - [Release notes](https://github.com/maplibre/maplibre-gl-js/releases) - [Changelog](https://github.com/maplibre/maplibre-gl-js/blob/main/CHANGELOG.md) - [Commits](maplibre/maplibre-gl-js@v4.7.1...v5.24.0) --- updated-dependencies: - dependency-name: maplibre-gl dependency-version: 5.24.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…tjs (#370) Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [eslint-config-next](https://github.com/vercel/next.js/tree/HEAD/packages/eslint-config-next) from 16.2.3 to 16.2.6. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](https://github.com/vercel/next.js/commits/v16.2.6/packages/eslint-config-next) --- updated-dependencies: - dependency-name: eslint-config-next dependency-version: 16.2.4 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
Contributor
🧪 Coverage Report\n\n### Overall Coverage\n\n| Metric | Coverage |\n|--------|----------|\n| Lines |
|
Contributor
✅ Visual Regression Test ResultsStatus: ✅ All visual tests passed! All screenshots match the baseline. No visual regressions detected! 🎉 |
Contributor
⚡ Performance Benchmark Results✅ Build Time Benchmarks: PASSED✅ Bundle Size Benchmarks: PASSED❌ Runtime Vitals Benchmarks: FAILED📝 Note: Detailed results are available in the job logs. 🎯 Performance Budgets:
Updated: 2026-05-12T17:58:32.425Z |
Contributor
♿ Accessibility Test ResultsOverall Status: ✅ 0/0 tests passed 🦮 WCAG 2.1 AA ComplianceNo WCAG test results available ⌨️ Keyboard NavigationNo keyboard navigation test results available 📊 Detailed ReportDownload the full HTML accessibility report from the workflow artifacts for:
🔍 Testing ChecklistOur accessibility tests verify:
Powered by @axe-core/playwright and Playwright |
perasperaactual
pushed a commit
that referenced
this pull request
May 15, 2026
Automated commits on dev (prerelease version bumps, back-merge re-entry) used [skip ci] in their messages to suppress CI reruns. However, GitHub's [skip ci] check scans the ENTIRE commit message including the body — and standard merge commits to main auto-populate their body with the list of individual PR commits. This caused [skip ci] to appear in the main merge commit body, suppressing ALL workflow triggers on every dev→main merge. Remove [skip ci] from all automated commit messages in prerelease.yml and release.yml. Loop prevention is handled entirely by the existing job-level if conditions, which is the correct mechanism. Update the startsWith guard in release.yml to match the new commit message string (without [skip ci]). Root cause confirmed: PRs #410 and #419 both show zero workflow runs on main because their merge commit bodies contained [skip ci] lines from automated dev commits.
perasperaactual
pushed a commit
that referenced
this pull request
May 15, 2026
Automated commits on dev (prerelease version bumps, back-merge re-entry) used the GitHub skip-ci flag in their messages to suppress CI reruns. However, GitHub scans the ENTIRE commit message body, not just the subject line — and standard merge commits to main auto-populate their body with the list of individual PR commits. This caused the skip flag to appear in the main merge commit body, suppressing ALL workflow triggers on every dev-to-main merge. Remove skip-ci flags from all automated commit messages in prerelease.yml and release.yml. Loop prevention is handled entirely by the existing job-level if conditions, which is the correct mechanism. Update the startsWith guard in release.yml to match the new commit message string. Root cause confirmed: PRs #410 and #419 both show zero workflow runs on main because their merge commit bodies contained skip-ci lines from automated dev commits.
perasperaactual
added a commit
that referenced
this pull request
May 15, 2026
Automated commits on dev (prerelease version bumps, back-merge re-entry) used the GitHub skip-ci flag in their messages to suppress CI reruns. However, GitHub scans the ENTIRE commit message body, not just the subject line — and standard merge commits to main auto-populate their body with the list of individual PR commits. This caused the skip flag to appear in the main merge commit body, suppressing ALL workflow triggers on every dev-to-main merge. Remove skip-ci flags from all automated commit messages in prerelease.yml and release.yml. Loop prevention is handled entirely by the existing job-level if conditions, which is the correct mechanism. Update the startsWith guard in release.yml to match the new commit message string. Root cause confirmed: PRs #410 and #419 both show zero workflow runs on main because their merge commit bodies contained skip-ci lines from automated dev commits. Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release PR: dev → main
Why
Promotes all pending changesets from
devtomainfor a stable publish.The last stable release (2026-05-08) predates PR #407 by one day, leaving
CollectionProvider,CollectionEntry,CollectionListOptions, andCollectionListResultabsent from the published@stackwright/types@1.4.1.What's in this release
collection-provider-interfaces-to-typesfix-types-prebuild-plugin-zod-compatzodlike-export-path-fixscaffold-hook-interfaces-to-typesworkspace-publish-guardsfix-cli-bundle-workspace-depsfix-scaffold-template-versionsfix-core-dts-zod-compatExpected graduated stable versions
@stackwright/types:1.5.0← gate unblocked here@stackwright/collections: patch bump@stackwright/core: patch bump@stackwright/build-scripts: patch bump@stackwright/hooks-registry: patch bump@stackwright/icons: patch bump@stackwright/cli: patch bumpThe
workspace-publish-guardschangeset added aprepublishOnlycheck thatcaused the previous
workflow_dispatchondev(run 25647771171) to fail with:ERR: workspace: specifiers found in publishable dep fields: [ 'workspace:*', 'workspace:*' ]Root cause:
@stackwright/build-scriptscarriesworkspace:*deps on@stackwright/sbom-generator(no changeset → not graduated bychangeset version).If the Release workflow hits the same error on
main, the guard check inpackages/build-scripts/package.jsonprepublishOnlywill need to be scoped toonly check
dependencies/peerDependenciesafterpnpm changeset versionhas had a chance to replace
workspace:refs — orsbom-generatorneeds ano-op patch changeset added so it gets graduated.
Opened by code-puppy-077cd7 as part of gate-unblock for
@stackwright-pro/typesdependency pin.