Skip to content

chore: bump audience to 0.4.0#796

Merged
nattb8 merged 3 commits into
mainfrom
chore/bump-audience-0.4.0
Jun 17, 2026
Merged

chore: bump audience to 0.4.0#796
nattb8 merged 3 commits into
mainfrom
chore/bump-audience-0.4.0

Conversation

@github-actions

@github-actions github-actions Bot commented Jun 16, 2026

Copy link
Copy Markdown

Bump audience package version to 0.4.0.

@github-actions github-actions Bot requested a review from a team as a code owner June 16, 2026 06:34
@github-actions github-actions Bot requested a review from a team as a code owner June 16, 2026 06:34
nattb8 and others added 2 commits June 16, 2026 18:39
@nattb8 @claude
fix(release): scope changelog to correct package tag range
d9c4653 
Use the previous tag of the same type (audience/* or passport) as
fromTag so audience release notes only include PRs merged since the
last audience release, not since the last passport tag.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@nattb8 @claude
fix(release): label audience PRs by changed paths, filter changelog b…
699ea59 
…y package

Add a github-script step to label-pr.yml that detects Audience package
changes (src/Packages/Audience/**) and applies audience-specific labels
(audience-feature, audience-fix, etc.) using branch prefix for sub-type.
Split the changelog builder in release.yml into audience/passport variants
so each release only shows PRs with its own label set.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@socket-security

socket-security Bot commented Jun 16, 2026

Copy link
Copy Markdown

Warning

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Please tag @prodsec or slack us at #ask-security if you need assitance.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: github actions/github-script is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: .github/workflows/label-pr.ymlgithub/actions/github-script@00f12e3e20659f42342b1c0226afda7f7c042325

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore github/actions/github-script@00f12e3e20659f42342b1c0226afda7f7c042325. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@nattb8 nattb8 enabled auto-merge June 16, 2026 23:19
@nattb8 nattb8 disabled auto-merge June 16, 2026 23:19
@nattb8 nattb8 merged commit 42e8f0b into main Jun 17, 2026
62 of 73 checks passed
@nattb8 nattb8 deleted the chore/bump-audience-0.4.0 branch June 17, 2026 00:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JCSanPedro JCSanPedro JCSanPedro approved these changes

@nattb8 nattb8 nattb8 approved these changes

Assignees

No one assigned

Labels

audience-chore audience-release chore

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JCSanPedro @nattb8 @create-or-update-pull-request