Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .bumpversion.toml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# SPDX-License-Identifier: Apache-2.0

[tool.bumpversion]
current_version = "2.5.1"
current_version = "2.5.2"
parse = "(?P<major>\\d+)\\.(?P<minor>\\d+)\\.(?P<patch>\\d+)"
serialize = ["{major}.{minor}.{patch}"]

Expand Down
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,15 @@ All notable changes to zenzic-action are documented in this file. The project ad

## [Unreleased]

## [2.5.2] - 2026-07-04

### 🔒 Security Advisory
- **Core Update**: Bumped Zenzic core dependency to `>=0.19.6` to mitigate the DQS Evasion (leading space bypass), TOML Bomb crash, and duplicate suppression consumption vulnerabilities.

### Changed
- **Dependencies**: Pinned Zenzic core to `0.19.6`.
- **Automation**: Fixed the `pin-core` recipe in the `justfile` to correctly align the core pin in `action.yml`.

## [2.5.1] - 2026-07-03

### 🔒 Security Advisory
Expand Down
12 changes: 6 additions & 6 deletions RELEASE.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,16 +6,16 @@

| Field | Value |
| :------ | :--------- |
| Version | v2.5.1 |
| Date | 2026-07-03 |
| Version | v2.5.2 |
| Date | 2026-07-04 |
| Status | Stable |

## Release Checklist

Before tagging, every item must be green:

- [ ] `action.yml` — `default:` pin updated to the latest Zenzic core version (`0.19.6`)
- [ ] `package.json` version bumped to `2.5.1`
- [ ] `package.json` version bumped to `2.5.2`
- [ ] `pyproject.toml` — synchronized with core pin (`zenzic>=0.19.6`)
- [ ] `just versions` — returns `✅ Ecosystem alignment verified.`
- [ ] `just verify` — exits 0
Expand All @@ -32,15 +32,15 @@ git pull origin main
just release <patch|minor|major>

# 3. Create the release tag and push
git tag v2.5.1
git tag v2.5.2
git push && git push --tags

# 4. Move the floating v2 tag to the new release:
git tag -fa v2 v2.5.1^{} -m "release: v2.5.1"
git tag -fa v2 v2.5.2^{} -m "release: v2.5.2"
git push origin v2 --force

# Verification (Atomic Parity Check):
git rev-parse v2^{} v2.5.1^{}
git rev-parse v2^{} v2.5.2^{}
# SUCCESS: Both hashes must be identical.
```

Expand Down
4 changes: 2 additions & 2 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,8 +75,8 @@ by the wrapper script — it is consumed exclusively by `github/codeql-action/up

| Version | Support status |
|---------|----------------|
| `2.5.1` (current) | ✅ All security fixes |
| `< 2.5.1` | ❌ End of life — no support |
| `2.5.2` (current) | ✅ All security fixes |
| `< 2.5.2` | ❌ End of life — no support |

---

Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "zenzic-action",
"version": "2.5.1",
"version": "2.5.2",
"private": true,
"description": "Official GitHub Action for Zenzic — Documentation Quality Gate",
"license": "Apache-2.0",
Expand Down
Loading