Skip to content

v0.1.7

Choose a tag to compare

View all tags
@RMNCLDYO RMNCLDYO released this 06 Sep 00:11
· 23 commits to main since this release
v0.1.7
This tag was signed with the committer’s verified signature.
RMNCLDYO Ray
SSH Key Fingerprint: cG/6ONADAd9ezH4bw3fIJQKSVQiXL9KEWpE4FoDOCxg
Verified
Learn about vigilant mode.
1b7d471
This commit was signed with the committer’s verified signature.
RMNCLDYO Ray
SSH Key Fingerprint: cG/6ONADAd9ezH4bw3fIJQKSVQiXL9KEWpE4FoDOCxg
Verified
Learn about vigilant mode.

v0.1.7

Added

  • SECURITY.md for vulnerability reporting with safe harbor policy
  • CITATION.cff for academic citation support and Zenodo integration with ORCID
  • SUPPORT.md for community support guidelines and response times
  • GitHub Sponsors funding configuration
  • Comprehensive GitHub issue templates (bug reports, feature requests)
  • Modern pull request template following 2025 standards
  • Dependabot configuration for automated dependency updates
  • Security scanning workflow with CodeQL analysis
  • OpenSSF Scorecard integration for security health metrics
  • NPM audit signatures verification workflow
  • Provenance attestation in publish workflow with OIDC trusted publishing
  • Comprehensive README badges for security, quality, and funding
  • Fuzz testing workflow with fast-check integration using native Node.js test runner
  • SSH commit signing for cryptographic verification
  • OpenSSF Best Practices Badge with passing level certification
  • Comprehensive CI workflow with test suite, CodeQL analysis, and fuzz testing

Enhanced

  • Package.json with funding field and provenance configuration
  • Publish workflow with npm provenance and package attestation
  • Repository discoverability with comprehensive topic coverage
  • Branch protection rules for main branch with enhanced security
  • Enhanced token permissions in security workflow following least privilege principle
  • Updated README badges with distinct colors for better visibility
  • Removed sponsors badge to maintain professional appearance
  • Improved npm downloads badge styling with purple color
  • Pinned npm version in all workflows for supply chain security
  • Updated integration tests to support ES module imports with dynamic import()

Fixed

  • ES module compatibility issues in integration tests
  • NPM audit workflow false positive failures with corrected vulnerability check logic
  • CI fuzz testing by replacing Jest with native Node.js test runner
  • Updated attest-build-provenance action to correct SHA hash for v3.0.0
  • Resolved "Cannot use import statement outside a module" errors in test files
  • Fixed pinned dependencies warnings in GitHub workflows

Security

  • All commits now cryptographically signed with SSH keys
  • Branch protection enabled with required reviews and status checks
  • Dependency scanning and vulnerability monitoring
  • Supply chain security with pinned action hashes and npm versions
  • Automated fuzz testing for robustness validation with property-based testing
  • Achieved OpenSSF Best Practices Badge demonstrating commitment to security standards
  • Fixed vulnerability check logic in audit workflow to prevent false positives
  • Comprehensive CI/CD pipeline with security scanning on every commit and PR
  • CodeQL static analysis running on all JavaScript/TypeScript code

Full Changelog: v0.1.6...v0.1.7

Assets 2
Loading