Skip to content

Release/1.0.3#528

Merged
colinmxs merged 3 commits into
developfrom
release/1.0.3
Jun 30, 2026
Merged

Release/1.0.3#528
colinmxs merged 3 commits into
developfrom
release/1.0.3

Conversation

@colinmxs

Copy link
Copy Markdown
Contributor

No description provided.

colinmxs added 3 commits June 30, 2026 11:01
#517 (headline) — assistants can use tools again, reverting the 1.0.0 KB-only restriction (#382). Filed under ✨ Improved, with a deployment-note callout since
  it's a user-visible behavior change.
  - #521 — CodeQL sweep (2 HIGH URL/host findings, 24-site log-injection pass, hardened CI checkout) → 🔒 Security.
  - #520 — 6 Dependabot CVEs (Astro, esbuild, pydantic-settings) → 📦 Dependencies table.
  - #518 — nightly pipeline script-path fix → 🐛 Fixed.
Patch release: CI/CD pipeline cleanup, re-enabled path-scoped auto-deploys,
serialized platform+backend deploys, and a joserfc CVE / CodeQL dependency sweep.
No application code or user-facing behavior changes.

- Bump VERSION to 1.0.3; sync manifests + lockfiles
- Brief RELEASE_NOTES.md and CHANGELOG.md entries (#524, #525, #526)
- Steering: scale release-notes depth to release size (brief patches, deep features)
@colinmxs colinmxs merged commit 4132c03 into develop Jun 30, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant