From 21c9b393882dc5daade41198c18320ae25206c7c Mon Sep 17 00:00:00 2001 From: PythonWoods Date: Sat, 4 Jul 2026 18:24:46 +0200 Subject: [PATCH 1/3] chore(deps): pin zenzic core to 0.20.0 Signed-off-by: PythonWoods --- .bumpversion.toml | 2 +- CONTRIBUTING.md | 2 +- README.md | 4 ++-- RELEASE.md | 4 ++-- action.yml | 2 +- pyproject.toml | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.bumpversion.toml b/.bumpversion.toml index 550e519..5a46aef 100644 --- a/.bumpversion.toml +++ b/.bumpversion.toml @@ -47,4 +47,4 @@ replace = '''| `{new_version}` (current) | ✅ All security fixes | # bump-my-version does NOT manage these files; they are listed here for discoverability. # --------------------------------------------------------------------------- [tool.bumpversion.custom_variables.core_version] -current = "0.19.6" +current = "0.20.0" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 666f384..4abfb06 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -120,7 +120,7 @@ Releases are managed by the internal `just` orchestrator to ensure strict synchr just verify # 2. Update the Zenzic core pin to the target version -just pin-core # e.g., just pin-core 0.19.6 +just pin-core # e.g., just pin-core 0.20.0 # 3. Check alignment between core and action dependencies just versions diff --git a/README.md b/README.md index 5402528..6f75fc1 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ The minimal configuration — zero Python setup, SARIF to Code Scanning in one s - name: Run Zenzic Documentation Quality Gate uses: PythonWoods/zenzic-action@v2 with: - version: "0.19.6" + version: "0.20.0" format: sarif upload-sarif: "true" permissions: @@ -210,7 +210,7 @@ Fail-closed rule: | Input | Default | Description | |---|---|---| -| `version` | `0.19.6` | Zenzic version to install. Pin to a specific release for reproducible CI. Set `latest` for continuous evaluation. | +| `version` | `0.20.0` | Zenzic version to install. Pin to a specific release for reproducible CI. Set `latest` for continuous evaluation. | | `format` | `sarif` | Output format: `text`, `json`, or `sarif`. | | `sarif-file` | `zenzic-results.sarif` | SARIF output path (when `format: sarif`). Must be a **relative** path inside the workspace. | | `upload-sarif` | `true` | Upload SARIF to GitHub Code Scanning. | diff --git a/RELEASE.md b/RELEASE.md index 4bc7c9d..98d8314 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -14,9 +14,9 @@ Before tagging, every item must be green: -- [ ] `action.yml` — `default:` pin updated to the latest Zenzic core version (`0.19.6`) +- [ ] `action.yml` — `default:` pin updated to the latest Zenzic core version (`0.20.0`) - [ ] `package.json` version bumped to `2.5.2` -- [ ] `pyproject.toml` — synchronized with core pin (`zenzic>=0.19.6`) +- [ ] `pyproject.toml` — synchronized with core pin (`zenzic>=0.20.0`) - [ ] `just versions` — returns `✅ Ecosystem alignment verified.` - [ ] `just verify` — exits 0 - [ ] `zenzic check .` — zero findings (DQS 100/100) diff --git a/action.yml b/action.yml index 02e535f..ceb07da 100644 --- a/action.yml +++ b/action.yml @@ -16,7 +16,7 @@ inputs: version: description: "Zenzic version to use. Defaults to latest stable." required: false - default: "0.19.6" # x-zenzic-core-pin + default: "0.20.0" # x-zenzic-core-pin format: description: "Output format: 'text', 'json', or 'sarif'." required: false diff --git a/pyproject.toml b/pyproject.toml index a799c9d..4463493 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,7 +10,7 @@ license = {text = "Apache-2.0"} authors = [{name = "PythonWoods", email = "dev@pythonwoods.dev"}] dynamic = ["version"] dependencies = [ - "zenzic>=0.19.6", + "zenzic>=0.20.0", ] [project.urls] From df42cb2ca8b117c4cc391ac5105048339622768a Mon Sep 17 00:00:00 2001 From: PythonWoods Date: Sat, 4 Jul 2026 18:27:55 +0200 Subject: [PATCH 2/3] docs(changelog): prepare v2.6.0 release notes Signed-off-by: PythonWoods --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c61208c..15e0c98 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,12 @@ All notable changes to zenzic-action are documented in this file. The project ad ## [Unreleased] +### Added +- **Core Update**: Bumped Zenzic core dependency to `>=0.20.0` (introduces Custom Rules API v2, deterministic visitation sandbox, and auto-fix expansion for Z121 and Z603). + +### Changed +- **Dependencies**: Pinned Zenzic core to `0.20.0`. + ## [2.5.2] - 2026-07-04 ### 🔒 Security Advisory From 7343073566b583340f6050dd9c96da3bf3ba7fad Mon Sep 17 00:00:00 2001 From: PythonWoods Date: Sat, 4 Jul 2026 18:28:03 +0200 Subject: [PATCH 3/3] release: bump version to 2.6.0 Signed-off-by: PythonWoods --- .bumpversion.toml | 2 +- CHANGELOG.md | 2 ++ RELEASE.md | 10 +++++----- SECURITY.md | 4 ++-- package.json | 2 +- 5 files changed, 11 insertions(+), 9 deletions(-) diff --git a/.bumpversion.toml b/.bumpversion.toml index 5a46aef..18b94d3 100644 --- a/.bumpversion.toml +++ b/.bumpversion.toml @@ -2,7 +2,7 @@ # SPDX-License-Identifier: Apache-2.0 [tool.bumpversion] -current_version = "2.5.2" +current_version = "2.6.0" parse = "(?P\\d+)\\.(?P\\d+)\\.(?P\\d+)" serialize = ["{major}.{minor}.{patch}"] diff --git a/CHANGELOG.md b/CHANGELOG.md index 15e0c98..a48535a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ All notable changes to zenzic-action are documented in this file. The project ad ## [Unreleased] +## [2.6.0] - 2026-07-04 + ### Added - **Core Update**: Bumped Zenzic core dependency to `>=0.20.0` (introduces Custom Rules API v2, deterministic visitation sandbox, and auto-fix expansion for Z121 and Z603). diff --git a/RELEASE.md b/RELEASE.md index 98d8314..adcfb1e 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -6,7 +6,7 @@ | Field | Value | | :------ | :--------- | -| Version | v2.5.2 | +| Version | v2.6.0 | | Date | 2026-07-04 | | Status | Stable | @@ -15,7 +15,7 @@ Before tagging, every item must be green: - [ ] `action.yml` — `default:` pin updated to the latest Zenzic core version (`0.20.0`) -- [ ] `package.json` version bumped to `2.5.2` +- [ ] `package.json` version bumped to `2.6.0` - [ ] `pyproject.toml` — synchronized with core pin (`zenzic>=0.20.0`) - [ ] `just versions` — returns `✅ Ecosystem alignment verified.` - [ ] `just verify` — exits 0 @@ -32,15 +32,15 @@ git pull origin main just release # 3. Create the release tag and push -git tag v2.5.2 +git tag v2.6.0 git push && git push --tags # 4. Move the floating v2 tag to the new release: -git tag -fa v2 v2.5.2^{} -m "release: v2.5.2" +git tag -fa v2 v2.6.0^{} -m "release: v2.6.0" git push origin v2 --force # Verification (Atomic Parity Check): -git rev-parse v2^{} v2.5.2^{} +git rev-parse v2^{} v2.6.0^{} # SUCCESS: Both hashes must be identical. ``` diff --git a/SECURITY.md b/SECURITY.md index 824c4ec..84d1b5b 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -75,8 +75,8 @@ by the wrapper script — it is consumed exclusively by `github/codeql-action/up | Version | Support status | |---------|----------------| -| `2.5.2` (current) | ✅ All security fixes | -| `< 2.5.2` | ❌ End of life — no support | +| `2.6.0` (current) | ✅ All security fixes | +| `< 2.6.0` | ❌ End of life — no support | --- diff --git a/package.json b/package.json index bd0945b..2c7ab7a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "zenzic-action", - "version": "2.5.2", + "version": "2.6.0", "private": true, "description": "Official GitHub Action for Zenzic — Documentation Quality Gate", "license": "Apache-2.0",