- Bump version to 1.0.38
- Update CHANGELOG.md with the apps brand gating change since v1.0.37
- Backfill the [v1.0.38] link reference at the bottom of CHANGELOG.md
Change-Id: I6fd0d1243e2219a1eaa1fae5fae4ff6d8de361da
* refactor: make install.js side-effect-free on require
Change-Id: I5444e3f34642d7c0740b6422a70ca6921a85e363
* feat: add getExpectedChecksum with unit tests
Change-Id: I87548be25d30c384e743da17b1d161b9d9f0ea87
* feat: add verifyChecksum with unit tests
Change-Id: Ifc2067bf1b824b02257dba7b53716fbe18d0f6b6
* feat: harden download with host allowlist and checksum verification
Change-Id: I2580782866049f1f62a2597e86b7bf59d0e50925
* ci: bundle checksums.txt in npm package for install verification
Change-Id: I2d7c44d9d5b9075158f63c0f8cf66c1e0abe3d8d
* ci: use triggering tag and verify checksums.txt presence in release workflow
Address CodeRabbit review: use GITHUB_REF_NAME instead of parsing
package.json to avoid version drift, and add explicit file check to
fail loudly if checksums.txt is missing or empty.
Change-Id: I8a5658412b6afc338ad2a642baba146cceafd0fc
* feat: streaming hash, allowlist tests, and malformed-line coverage
- verifyChecksum: switch from readFileSync to streaming 64KB chunks
to avoid loading entire archive (10-100MB) into memory
- Export and test assertAllowedHost: 7 cases covering allowed hosts,
rejection, case normalization, port handling, invalid URL
- Add ALLOWED_HOSTS comment clarifying it only gates initial URL
- Add getExpectedChecksum tests for malformed/tab-separated lines
Change-Id: Ida639def89c242b3b261a76effae08fd414a10dc
This release prep captures the version bump and changelog entry for v1.0.12 without pulling unrelated workspace edits into the release branch.
Change-Id: Ib343337c4851b7cc15a52dd0068795a92092b781
Constraint: Keep the release PR scoped to package version and changelog only
Rejected: Include .gitignore and local workspace files | unrelated to this release PR
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep release notes aligned with shipped changes only; exclude reverted work from summaries
Tested: make unit-test
Tested: go mod tidy
Tested: go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.1.6 run --new-from-rev=origin/main
Not-tested: Manual tag/release publishing flow
Update the package version and changelog entry so the release branch matches the v1.0.11 changes already queued after v1.0.10.
This keeps the published package version and human-readable release notes aligned without pulling unrelated local workspace changes into the release PR.
Change-Id: Ia937651001e0057df4fe82bd11705c52d343f9a9
* docs: add v1.0.5 changelog
Change-Id: Ia2c5e8f3d3e5fb95b4509e2f5d62a1ee253cd679
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: bump version to v1.0.5
Change-Id: I8d19ec44311f9bf0e700152beab1fd8d261c3f73
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>