Fix: Bump version (@W-22281790@)#284
Merged
Merged
Conversation
unandyala
approved these changes
Apr 29, 2026
patricksullivansf
approved these changes
Apr 29, 2026
joeluong-sfcc
added a commit
that referenced
this pull request
Jul 2, 2026
* Release v5.0.0 (@W-20718643@) (#268) * Release/20260119 5.0.0 preview - for ECOM 26.2 (#266) * update for 5.0.0 release * update docs * handle case for unique items --------- Co-authored-by: Alex Vuong <alex.vuong@salesforce.com> * Feat: Expose a way to pass in custom fetch (@W-21293162@) (#272) * expose a way to pass in custom fetch via client config * update changelog * Release v5.1.0 (@W-21337864@) (#274) * update APIs * update APIs * update docs Feat: Expose a way to pass in custom fetch (@W-21293162@) (#272) * expose a way to pass in custom fetch via client config * update changelog update docs lint * update docs * @W-21076912: Feat: Support enableHttpOnlySessionCookies in SLAS helper functions (#278) * Feat: Support enableHttpOnlySessionCookies in SLAS helper functions * Release v5.2.0 - Add maintenance mode detection Add automatic maintenance mode detection via throwOnMaintenanceHeader option. When enabled, the SDK detects maintenance windows by checking the sfdc_maintenance response header and throws MaintenanceError (503) when the value is 'system' or 'site'. Key features: - Opt-in via client configuration (backward compatible) - New MaintenanceError class with detailed error information - Works with all API endpoints - Takes precedence over other error handling - Comprehensive test coverage (100%) Changes: - Add MaintenanceError class and tests - Add throwOnMaintenanceHeader to ClientConfig - Add header check in doFetch() - Export MaintenanceError from helpers - Update README with usage documentation - Update CHANGELOG for v5.2.0 - Bump version to 5.2.0 * Fixed max bundle size * Release v5.2.0 (@W-222452562) (#283) * update APIs * update docs * update lint config * bump size * update API versions.txt * bump version (#284) * Moved version to 5.2.1 * Release v5.3.0 for ECOM v26.6 (@W-22694475@) (#285) * Release v5.3.0 (@W-22694475@) - Update APIs for ECOM v26.6 - Add Shopper Availability API - Bump version to 5.3.0 - Regenerate docs Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * update CHANGELOG * Note ECOM v26.6 in CHANGELOG Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Feat: Support named imports via package exports map (@W-22860508@) (#286) Add a root `exports` map so bundlers and tooling that resolve `exports` can use named imports, e.g. `import { ShopperLogin } from 'commerce-sdk-isomorphic'`, instead of default-import-and-destructure. The `import`/`require`/`types` conditions point at the existing ESM/CJS bundles and declarations, so existing consumers are unaffected. A prior attempt bundled named imports with per-API subpath bundles that doubled package size and was reverted; this restores named imports only, with no subpath entries and no bundle-size change. Locked by a node --test resolution guard that fails if the exports map is removed. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * Feat: Auto tag and release on release-PR merge (@W-23051165@) (#289) * Feat: Add release-on-merge workflow for auto tag and GitHub release Fires on release-PR merge to main, gated by a strict title regex and a three-source version cross-check (PR title vs package.json vs CHANGELOG.md). Tags the merge commit, creates a GitHub release with notes scoped to the matching CHANGELOG section, and skips-if-exists on rerun. The existing publish.yml chains off release: published; npm publish stays manual. W-23051165 * Test: Lock release-on-merge regex and changelog extractor under node --test The workflow's PR-title regex and the awk pipeline are pure logic that today lives only inside `run:` blocks. The test extracts each run-block straight from the YAML and pipes it to bash with the same env vars the runner sets, so weakening the regex or the awk script in the YAML reflows the test results here too. Wired into yarn test via a new test:workflow script alongside the existing node --test pass for the package exports map. * Fix: Audit fixes — least-priv permissions, unique heredoc, faithful stream capture - Move permissions: contents: write from workflow level to the job, so any future job added below can't silently inherit the elevated scope. - Replace the heredoc delimiter EOF_NOTES with a unique tag (per GitHub's guidance) so a CHANGELOG entry that happens to contain "EOF_NOTES" can't prematurely terminate the GITHUB_OUTPUT block. - Restore the dropped product-prefixed-title NOMATCH test case from the plan. - Fix the sandbox helper to read err.stderr (a renaming bug had it reading err.log, a non-existent property — happy-path tests passed by luck because the workflow writes errors to stdout today; redirect to stderr in the YAML exposed the gap). * Test: Add temporary dispatch workflow to exercise runner plumbing Branch-only verification harness for the release-on-merge workflow's runtime plumbing — step outputs, env propagation, if: gates — that the unit tests can't reach. Push trigger fires once on this commit (expected to fail at the cross-check step against live tree state); workflow_dispatch with overrides exercises the happy path. Reverted in a follow-up commit on this branch before PR merge. * Test: Remove dispatch dry-run workflow used during Phase 5 verification Verification complete on the live GitHub Actions runner across four runs (push: empty title rejected; dispatch: bad title rejected; dispatch: version mismatch with all-three-values printout; dispatch: happy path resolves v5.4.0 and extracts notes via the heredoc delimiter). The runtime plumbing — step outputs, env propagation, if: gate behavior — matches what the unit tests predict, so this temporary harness is no longer needed. * Refactor: Gate the workflow on the PR head ref instead of the title Trades the strict PR-title regex for a head-ref prefix check (release/v<X.Y.Z>). The branch name is the first artifact the release-sdk skill produces, so it's the more predictable anchor — a reviewer hand-editing the PR title can no longer break the gate. The three-source cross-check stays load-bearing: the version step now extracts vX.Y.Z from the head ref, then asserts package.json and the top CHANGELOG.md header agree. A regex anchored on ^release/v$ rejects pre-release suffixes, trailing path segments, and same-day re-cut suffixes, restoring what the title regex used to enforce. Tests rewrite the fixtures to drive the workflow with synthetic head refs; sensitivity proof confirms 4 of 14 cases go red when the regex is weakened to ^release/v(.+)$. * Perf: Shallow checkout in release-on-merge workflow Switches actions/checkout to fetch-depth: 1. The workflow only reads the working tree at merge_commit_sha (package.json, CHANGELOG.md) and talks to the remote for tags/push; no ancestor history is walked. Addresses review comment from @vmarta on .github/workflows/release-on-merge.yml:18. * Chore: Bump bundlesize cap for lib/**/*.js to 60 kB Both lib/index.cjs.js (59.47KB) and lib/index.esm.js (59.34KB) sit just above the prior 59 kB cap; 60 kB clears them with one bullet of headroom while keeping the gate tight. Also re-sorts package.json scripts (sort-package-json moved test:workflow into alphabetical order, picked up incidentally on the same edit). * Docs: Document Node node-fetch keep-alive regression (@W-23158959@) (#290) Node.js 24.17.0 / 22.23.0 shipped a security fix (CVE-2026-48931) that attaches a 'data' listener to keep-alive sockets; node-fetch@2 misreads it and throws false ERR_STREAM_PREMATURE_CLOSE on reused connections. This SDK uses node-fetch@2 on the server path, so it is affected. Document the safe Node versions, the keep-alive workaround, and the planned migration off node-fetch. README-only; no code change. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * Release v5.4.0 (@W-23232620@) (#291) - Update APIs for ECOM v26.7 - Bump version to 5.4.0 - Raise bundlesize cap for commerce-sdk-isomorphic-with-deps.tgz from 1.2 MB to 1.3 MB - Regenerate docs Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Alex Vuong <alex.vuong@salesforce.com> Co-authored-by: Ujwala <59447810+unandyala@users.noreply.github.com> Co-authored-by: Philippe Riand <priand@salesforce.com> Co-authored-by: Philippe Riand <36373169+priandsf@users.noreply.github.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.