chore(release): promote dev to main#422
Merged
Merged
Conversation
Bumps [@inquirer/prompts](https://github.com/SBoudrias/Inquirer.js) from 8.4.1 to 8.4.3. - [Release notes](https://github.com/SBoudrias/Inquirer.js/releases) - [Commits](https://github.com/SBoudrias/Inquirer.js/compare/@inquirer/prompts@8.4.1...@inquirer/prompts@8.4.3) --- updated-dependencies: - dependency-name: "@inquirer/prompts" dependency-version: 8.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…es (#375) Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…with pnpm publish (#411) Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…#374) Bumps [typescript](https://github.com/microsoft/TypeScript) from 5.9.3 to 6.0.3. - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Add typescript ^6 to root devDependencies - Update pnpm.overrides.typescript from ^5.8.3 to ^6 - Remove per-package typescript devDependencies from all 15 packages - Migrate moduleResolution from 'node' to 'bundler' across all tsconfigs - Remove stale baseUrl workarounds no longer needed with bundler resolution - Update module: commonjs -> esnext in standalone tsconfigs (tsup owns output format) - Add ignoreDeprecations: '6.0' where tsup injects its own baseUrl internally Closes #371, #372, #373 Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
Bumps [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) from 4.1.4 to 4.1.6. - [Release notes](https://github.com/vitest-dev/vitest/releases) - [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.6/packages/coverage-v8) --- updated-dependencies: - dependency-name: "@vitest/coverage-v8" dependency-version: 4.1.6 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [tailwind-merge](https://github.com/dcastil/tailwind-merge) from 3.5.0 to 3.6.0. - [Release notes](https://github.com/dcastil/tailwind-merge/releases) - [Commits](dcastil/tailwind-merge@v3.5.0...v3.6.0) --- updated-dependencies: - dependency-name: tailwind-merge dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.58.1 to 8.59.3. - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.3/packages/parser) --- updated-dependencies: - dependency-name: "@typescript-eslint/parser" dependency-version: 8.59.3 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [turbo](https://github.com/vercel/turborepo) from 2.9.6 to 2.9.14. - [Release notes](https://github.com/vercel/turborepo/releases) - [Changelog](https://github.com/vercel/turborepo/blob/main/RELEASE.md) - [Commits](vercel/turborepo@v2.9.6...v2.9.14) --- updated-dependencies: - dependency-name: turbo dependency-version: 2.9.12 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…#418) * chore(deps): bump react and react-dom from 19.2.5 to 19.2.6 Updates pnpm.overrides pins for react and react-dom. Refreshes E2E visual regression baselines for React 19.2.6. Closes #414 * test(e2e): use mobile-firefox locally, full matrix in CI Locally: single mobile-firefox project (avoids extra browser installs, catches the most cross-browser edge cases). CI: retains mobile-chrome + mobile-safari for full coverage. Mirrors the existing reuseExistingServer: !process.env.CI pattern. --------- Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
- hono: >=4.12.14 -> >=4.12.18 (GHSA-qp7p-654g-cw7p, GHSA-hm8q-7f3q-5f36, GHSA-p77w-8qqv-26rm, GHSA-9vqf-7f2p-gf9v, GHSA-69xw-7hcm-h432 + others) - undici: ^7.0.0 -> >=7.24.0 (CVE-2026-1526, CVE-2026-2229, CVE-2026-1528, CVE-2026-2581 + others) - @hono/node-server: >=1.19.10 -> >=1.19.13 (GHSA-92pp-h63x-v22m) - js-yaml: add >=4.1.1 override (CVE-2025-64718 / GHSA-mh29-5h37-fv8m) - postcss: add >=8.5.10 override (CVE-2026-41305 / GHSA-qx2v-qp2m-jg93) Resolves ~90 of 98 open Dependabot alerts via pnpm override floor bumps. Existing overrides for next, basic-ftp, minimatch, lodash, picomatch, path-to-regexp, brace-expansion, glob, flatted, tmp, express-rate-limit, fast-uri, rollup, and diff already cover the remaining alerts.
Automated commits on dev (prerelease version bumps, back-merge re-entry) used the GitHub skip-ci flag in their messages to suppress CI reruns. However, GitHub scans the ENTIRE commit message body, not just the subject line — and standard merge commits to main auto-populate their body with the list of individual PR commits. This caused the skip flag to appear in the main merge commit body, suppressing ALL workflow triggers on every dev-to-main merge. Remove skip-ci flags from all automated commit messages in prerelease.yml and release.yml. Loop prevention is handled entirely by the existing job-level if conditions, which is the correct mechanism. Update the startsWith guard in release.yml to match the new commit message string. Root cause confirmed: PRs #410 and #419 both show zero workflow runs on main because their merge commit bodies contained skip-ci lines from automated dev commits. Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
Three items from Phase 1 of the types-hierarchy-refactor that were missed when PR #408 merged: 1. collections/src/types.ts zombie removed The original CollectionProvider interface definitions were left in place after being moved to @stackwright/types. types.ts is now a re-export shim; file-collection-provider.ts imports directly from @stackwright/types. 2. HookHandler forwarded through hooks-registry and scaffold-core HookHandler was canonical in @stackwright/types and re-exported by hooks-registry/src/hooks.ts but not forwarded through index.ts, making it unavailable via public import paths. Both packages now re-export it alongside the other scaffold hook types. 3. generate-agent-docs extended with interface contracts table (step 8) A new auto-generated section in both AGENTS.md files documents the TypeScript interface contracts from @stackwright/types: CollectionProvider, CollectionEntry, CollectionListOptions, CollectionListResult, ScaffoldHookContext, ScaffoldHook, HookHandler, ScaffoldHookType. Delimited by stackwright:interface-table:start/end markers, updated by the existing generate-agent-docs command alongside the content-type-table. Changesets: collections-types-cleanup (patch), hookhandler-reexport (patch for hooks-registry + scaffold-core), generate-agent-docs-interfaces (patch for cli). Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
Contributor
🧪 Coverage Report\n\n### Overall Coverage\n\n| Metric | Coverage |\n|--------|----------|\n| Lines |
|
Contributor
✅ Visual Regression Test ResultsStatus: ✅ All visual tests passed! All screenshots match the baseline. No visual regressions detected! 🎉 |
Contributor
⚡ Performance Benchmark Results✅ Build Time Benchmarks: PASSED✅ Bundle Size Benchmarks: PASSED❌ Runtime Vitals Benchmarks: FAILED📝 Note: Detailed results are available in the job logs. 🎯 Performance Budgets:
Updated: 2026-05-15T17:34:10.152Z |
Contributor
♿ Accessibility Test ResultsOverall Status: ✅ 0/0 tests passed 🦮 WCAG 2.1 AA ComplianceNo WCAG test results available ⌨️ Keyboard NavigationNo keyboard navigation test results available 📊 Detailed ReportDownload the full HTML accessibility report from the workflow artifacts for:
🔍 Testing ChecklistOur accessibility tests verify:
Powered by @axe-core/playwright and Playwright |
…eset compat (#423) The security fix in bbf46a4 added a global js-yaml >=4.1.1 pnpm override. @changesets/cli@2.31.0 has a transitive dep (read-yaml-file@1.1.0) that calls yaml.safeLoad(), removed in js-yaml v4. This crashed pnpm changeset version in CI on every prerelease and release run. Add a scoped override 'read-yaml-file>js-yaml: ^3' using pnpm's package>dep syntax, which pins js-yaml to v3 only within read-yaml-file's dep tree. Everything else stays on the >=4.1.1 security-fix version. Co-authored-by: Stackwright Bot <bot@per-aspera.dev>
Contributor
🧪 Coverage Report\n\n### Overall Coverage\n\n| Metric | Coverage |\n|--------|----------|\n| Lines |
|
Contributor
✅ Visual Regression Test ResultsStatus: ✅ All visual tests passed! All screenshots match the baseline. No visual regressions detected! 🎉 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What's in this release
Fixes
fix(ci): remove skip-ci flags from automated commit messages (fix(ci): remove [skip ci] from automated commit messages #421)
Automated commits on
devused the GitHub skip-ci flag to suppress CI reruns. This flag leaked intodev→mainmerge commit bodies and suppressed ALL workflow triggers on every release merge tomain, including PRs chore: release — promote dev to stable (includes @stackwright/types@1.5.0 CollectionProvider types) #410 and chore(release): merge dev → main #419. Removed from all automated commit messages inprerelease.ymlandrelease.yml; loop prevention now relies entirely on the existing job-levelifconditions.fix(types): complete Phase 1 cleanup of types-hierarchy-refactor (fix(types): complete Phase 1 cleanup of types-hierarchy-refactor #420)
Three items missed when PR fix(types): move scaffold hook interfaces from hooks-registry to types #408 merged:
collections/src/types.tszombie removed (re-export shim),HookHandlerforwarded through@stackwright/hooks-registryand@stackwright/scaffold-corepublic index files, andgenerate-agent-docsextended with an interface contracts table in bothAGENTS.mdfiles.Dependencies & maintenance
Use a standard merge commit, NOT a squash merge.
One pre-existing automated commit in this diff (
bef72455—chore: bump prerelease versions) still carries the old skip-ci flag from before PR #421 landed. GitHub's squash merge auto-populates the commit body with individual commit titles — if that commit appears in the body, CI will be suppressed onmainone more time.A standard merge commit uses
Merge pull request #N from Per-Aspera-LLC/devas its message and does NOT include individual commit titles in the body, so the flag cannot leak.This is a one-time caveat. All future
dev→mainreleases will be safe — PR #421 ensures no new automated commits will carry the skip-ci flag going forward.