Skip to content

Fix: Bump version (@W-22281790@)#284

Merged
joeluong-sfcc merged 1 commit into
mainfrom
ju/bump-version
Apr 29, 2026
Merged

Fix: Bump version (@W-22281790@)#284
joeluong-sfcc merged 1 commit into
mainfrom
ju/bump-version

Conversation

@joeluong-sfcc

Copy link
Copy Markdown
Contributor

No description provided.

@joeluong-sfcc joeluong-sfcc requested a review from a team as a code owner April 29, 2026 20:50
@joeluong-sfcc joeluong-sfcc merged commit 02bb83b into main Apr 29, 2026
5 checks passed
joeluong-sfcc added a commit that referenced this pull request Jul 2, 2026
* Release v5.0.0 (@W-20718643@) (#268)

* Release/20260119 5.0.0 preview - for ECOM 26.2 (#266)

* update for 5.0.0 release

* update docs

* handle case for unique items

---------

Co-authored-by: Alex Vuong <alex.vuong@salesforce.com>

* Feat: Expose a way to pass in custom fetch (@W-21293162@) (#272)

* expose a way to pass in custom fetch via client config

* update changelog

* Release v5.1.0 (@W-21337864@) (#274)

* update APIs

* update APIs

* update docs

Feat: Expose a way to pass in custom fetch (@W-21293162@) (#272)

* expose a way to pass in custom fetch via client config

* update changelog

update docs

lint

* update docs

* @W-21076912: Feat: Support enableHttpOnlySessionCookies in SLAS helper functions (#278)

* Feat: Support enableHttpOnlySessionCookies in SLAS helper functions

* Release v5.2.0 - Add maintenance mode detection

Add automatic maintenance mode detection via throwOnMaintenanceHeader option.

When enabled, the SDK detects maintenance windows by checking the
sfdc_maintenance response header and throws MaintenanceError (503)
when the value is 'system' or 'site'.

Key features:
- Opt-in via client configuration (backward compatible)
- New MaintenanceError class with detailed error information
- Works with all API endpoints
- Takes precedence over other error handling
- Comprehensive test coverage (100%)

Changes:
- Add MaintenanceError class and tests
- Add throwOnMaintenanceHeader to ClientConfig
- Add header check in doFetch()
- Export MaintenanceError from helpers
- Update README with usage documentation
- Update CHANGELOG for v5.2.0
- Bump version to 5.2.0

* Fixed max bundle size

* Release v5.2.0 (@W-222452562) (#283)

* update APIs

* update docs

* update lint config

* bump size

* update API versions.txt

* bump version (#284)

* Moved version to 5.2.1

* Release v5.3.0 for ECOM v26.6 (@W-22694475@) (#285)

* Release v5.3.0 (@W-22694475@)

- Update APIs for ECOM v26.6
- Add Shopper Availability API
- Bump version to 5.3.0
- Regenerate docs

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* update CHANGELOG

* Note ECOM v26.6 in CHANGELOG

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Feat: Support named imports via package exports map (@W-22860508@) (#286)

Add a root `exports` map so bundlers and tooling that resolve `exports`
can use named imports, e.g. `import { ShopperLogin } from
'commerce-sdk-isomorphic'`, instead of default-import-and-destructure.
The `import`/`require`/`types` conditions point at the existing ESM/CJS
bundles and declarations, so existing consumers are unaffected.

A prior attempt bundled named imports with per-API subpath bundles that
doubled package size and was reverted; this restores named imports only,
with no subpath entries and no bundle-size change.

Locked by a node --test resolution guard that fails if the exports map
is removed.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Feat: Auto tag and release on release-PR merge (@W-23051165@) (#289)

* Feat: Add release-on-merge workflow for auto tag and GitHub release

Fires on release-PR merge to main, gated by a strict title regex and a
three-source version cross-check (PR title vs package.json vs CHANGELOG.md).
Tags the merge commit, creates a GitHub release with notes scoped to the
matching CHANGELOG section, and skips-if-exists on rerun. The existing
publish.yml chains off release: published; npm publish stays manual.

W-23051165

* Test: Lock release-on-merge regex and changelog extractor under node --test

The workflow's PR-title regex and the awk pipeline are pure logic that today
lives only inside `run:` blocks. The test extracts each run-block straight from
the YAML and pipes it to bash with the same env vars the runner sets, so
weakening the regex or the awk script in the YAML reflows the test results
here too. Wired into yarn test via a new test:workflow script alongside the
existing node --test pass for the package exports map.

* Fix: Audit fixes — least-priv permissions, unique heredoc, faithful stream capture

- Move permissions: contents: write from workflow level to the job, so any
  future job added below can't silently inherit the elevated scope.
- Replace the heredoc delimiter EOF_NOTES with a unique tag (per GitHub's
  guidance) so a CHANGELOG entry that happens to contain "EOF_NOTES" can't
  prematurely terminate the GITHUB_OUTPUT block.
- Restore the dropped product-prefixed-title NOMATCH test case from the plan.
- Fix the sandbox helper to read err.stderr (a renaming bug had it reading
  err.log, a non-existent property — happy-path tests passed by luck because
  the workflow writes errors to stdout today; redirect to stderr in the YAML
  exposed the gap).

* Test: Add temporary dispatch workflow to exercise runner plumbing

Branch-only verification harness for the release-on-merge workflow's runtime
plumbing — step outputs, env propagation, if: gates — that the unit tests
can't reach. Push trigger fires once on this commit (expected to fail at the
cross-check step against live tree state); workflow_dispatch with overrides
exercises the happy path. Reverted in a follow-up commit on this branch
before PR merge.

* Test: Remove dispatch dry-run workflow used during Phase 5 verification

Verification complete on the live GitHub Actions runner across four runs
(push: empty title rejected; dispatch: bad title rejected; dispatch:
version mismatch with all-three-values printout; dispatch: happy path
resolves v5.4.0 and extracts notes via the heredoc delimiter). The
runtime plumbing — step outputs, env propagation, if: gate behavior —
matches what the unit tests predict, so this temporary harness is no
longer needed.

* Refactor: Gate the workflow on the PR head ref instead of the title

Trades the strict PR-title regex for a head-ref prefix check
(release/v<X.Y.Z>). The branch name is the first artifact the
release-sdk skill produces, so it's the more predictable anchor — a
reviewer hand-editing the PR title can no longer break the gate.

The three-source cross-check stays load-bearing: the version step now
extracts vX.Y.Z from the head ref, then asserts package.json and the
top CHANGELOG.md header agree. A regex anchored on ^release/v$ rejects
pre-release suffixes, trailing path segments, and same-day re-cut
suffixes, restoring what the title regex used to enforce.

Tests rewrite the fixtures to drive the workflow with synthetic head
refs; sensitivity proof confirms 4 of 14 cases go red when the regex
is weakened to ^release/v(.+)$.

* Perf: Shallow checkout in release-on-merge workflow

Switches actions/checkout to fetch-depth: 1. The workflow only reads
the working tree at merge_commit_sha (package.json, CHANGELOG.md) and
talks to the remote for tags/push; no ancestor history is walked.

Addresses review comment from @vmarta on
.github/workflows/release-on-merge.yml:18.

* Chore: Bump bundlesize cap for lib/**/*.js to 60 kB

Both lib/index.cjs.js (59.47KB) and lib/index.esm.js (59.34KB) sit
just above the prior 59 kB cap; 60 kB clears them with one bullet
of headroom while keeping the gate tight. Also re-sorts package.json
scripts (sort-package-json moved test:workflow into alphabetical
order, picked up incidentally on the same edit).

* Docs: Document Node node-fetch keep-alive regression (@W-23158959@) (#290)

Node.js 24.17.0 / 22.23.0 shipped a security fix (CVE-2026-48931) that
attaches a 'data' listener to keep-alive sockets; node-fetch@2 misreads it
and throws false ERR_STREAM_PREMATURE_CLOSE on reused connections. This SDK
uses node-fetch@2 on the server path, so it is affected. Document the safe
Node versions, the keep-alive workaround, and the planned migration off
node-fetch. README-only; no code change.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Release v5.4.0 (@W-23232620@) (#291)

- Update APIs for ECOM v26.7
- Bump version to 5.4.0
- Raise bundlesize cap for commerce-sdk-isomorphic-with-deps.tgz from 1.2 MB to 1.3 MB
- Regenerate docs

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Alex Vuong <alex.vuong@salesforce.com>
Co-authored-by: Ujwala <59447810+unandyala@users.noreply.github.com>
Co-authored-by: Philippe Riand <priand@salesforce.com>
Co-authored-by: Philippe Riand <36373169+priandsf@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants