|
5 | 5 |
|
6 | 6 | ## [Unreleased] |
7 | 7 |
|
| 8 | +## [0.17.0] - 2026-06-19 |
| 9 | + |
| 10 | +### Security |
| 11 | + |
| 12 | +- **RUSTSEC-2026-0182 / #542 — bump wasmtime 43 → 44.0.3.** A new advisory flags |
| 13 | + a WASIp1 `fd_renumber` resource leak in `wasmtime-wasi`, fixed in 44.0.3. The |
| 14 | + Security Audit gate had gone red repo-wide; rivet's only wasmtime consumer is |
| 15 | + the compose-witness component runner (`wasm_runtime.rs`), which compiles |
| 16 | + unchanged against the new API. `cargo audit` is clean afterward. |
| 17 | + |
| 18 | +### Added |
| 19 | + |
| 20 | +- **#540 / #541 — `rivet check docs` oracle.** Enumerates every candidate path |
| 21 | + the doc scanner considered and tags each `loaded` / `skipped (<reason>)` / |
| 22 | + `excluded (<glob>)`. `--format json` emits the canonical |
| 23 | + `{oracle, entries, total, by_status}` envelope; `--strict` exits non-zero when |
| 24 | + any candidate is skipped (allowlist exclusions do not trip strict). |
| 25 | +- **REQ-202 / #456 — minimal `--no-default-features` build.** `rivet-cli` gates |
| 26 | + the serve + MCP + LSP stack behind cargo features (all kept in `default`, so |
| 27 | + the published binary is byte-for-byte unchanged). `cargo build -p rivet-cli |
| 28 | + --no-default-features` yields the validate/list/add/commit-check core with |
| 29 | + none of axum/rmcp/lsp-server compiled in; `--format html` export, `snapshot`, |
| 30 | + and `embed` (which share the dashboard renderer) are serve-gated and refuse |
| 31 | + with a clear message in the minimal build. |
| 32 | +- **REQ-220 / #431 — `rivet init --vendor-schemas`.** Writes the resolved |
| 33 | + built-in schemas (plus auto-discovered bridges) on-disk into `schemas/`, so a |
| 34 | + project pins its validation against rivet upgrades (the loader prefers on-disk |
| 35 | + over the embedded copy). Never overwrites an existing schema file. |
| 36 | +- **#509 — runner-liveness alert.** A GitHub-hosted scheduled workflow |
| 37 | + (`runner-liveness.yml`) probes the self-hosted runner pool and queued-run age |
| 38 | + every 15 minutes and raises a durable `runner-down` tracking issue when the |
| 39 | + pool stalls, instead of every gate queueing forever with no signal. |
| 40 | + |
| 41 | +### Fixed |
| 42 | + |
| 43 | +- **REQ-218 / #479 — `next-id` honors IDs claimed in git history.** Allocation |
| 44 | + scanned only the working tree, so a reverted commit or an in-flight branch |
| 45 | + could reissue an ID already claimed elsewhere (the reverted-but-burned-ID |
| 46 | + trap). `next-id` |
| 47 | + and `add` now also consider IDs claimed in commit trailers / subject tags |
| 48 | + across all refs; overridable with `RIVET_NEXTID_NO_GIT=1`. |
| 49 | +- **REQ-219 / #500 — JSON error envelope on a parse failure.** A misplaced |
| 50 | + top-level `--project`/`--schemas` (they are deliberately not clap `global`) |
| 51 | + left stdout empty under `--format json`, giving consumers a cryptic "EOF while |
| 52 | + parsing". Such invocations now emit a one-line `{error, hint}` envelope on |
| 53 | + stdout; non-JSON parse errors keep the stderr-only behavior. |
| 54 | +- **#532 / #539 — variant loader skips feature-model binding files.** |
| 55 | + `load_variant_configs_from_dir` no longer trips over `variant:`-wrapped |
| 56 | + binding files. |
| 57 | +- **#522 / #525 — restore `accepted` to the canonical status enum.** |
| 58 | + |
| 59 | +### Changed |
| 60 | + |
| 61 | +- **#533 — npm/npx is now a first-class install path** in the README, with the |
| 62 | + stale committed `npm/` + `platform-packages/` versions synced; RELEASING.md |
| 63 | + documents which version locations are authoritative vs workflow-managed. |
| 64 | +- **#523 / #526 — mutation-testing CI moved off `lean-mem` to `rust-cpu`.** |
| 65 | + |
8 | 66 | ## [0.16.1] - 2026-06-14 |
9 | 67 |
|
10 | 68 | ### Fixed |
|
0 commit comments