Skip to content

Commit 09b04aa

Browse files
userFRMclaude
andauthored
chore: sync npm package.json to v0.8.0 (#79)
* ci: cross-platform tests, security audit, macOS x86_64 release, npm version sync CI: - Tests now run on Ubuntu, macOS, AND Windows (was Ubuntu-only) - Added cargo-audit security scanning via rustsec/audit-check - Each OS gets its own rust-cache key Release: - Added x86_64-apple-darwin target (Intel Macs were unsupported) - 5 release targets: macOS ARM64, macOS x86_64, Linux x86_64, Linux ARM64, Windows x86_64 npm: - Synced package.json version to 0.8.0 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: patch rustls-webpki vulnerability, configure audit to deny vulns only Update rustls-webpki 0.103.9 → 0.103.11 (RUSTSEC-2026-0049). Configure cargo-audit to --deny vulnerabilities only (not warnings for unmaintained transitive deps in fastembed that we can't control). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: correct cargo-audit flags, ignore unmaintained transitive deps The --deny flag doesn't accept 'vulnerabilities' as a value. Instead, ignore the 3 specific warnings that are all in fastembed's transitive deps (number_prefix, paste, rand) — we can't fix upstream. Actual vulnerabilities (like the rustls-webpki we already patched) will still fail the audit. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 4aac79a commit 09b04aa

4 files changed

Lines changed: 22 additions & 5 deletions

File tree

.github/workflows/ci.yml

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,12 +11,18 @@ env:
1111

1212
jobs:
1313
test:
14-
name: Test
15-
runs-on: ubuntu-latest
14+
name: Test (${{ matrix.os }})
15+
runs-on: ${{ matrix.os }}
16+
strategy:
17+
fail-fast: false
18+
matrix:
19+
os: [ubuntu-latest, macos-latest, windows-latest]
1620
steps:
1721
- uses: actions/checkout@v4
1822
- uses: dtolnay/rust-toolchain@stable
1923
- uses: Swatinem/rust-cache@v2
24+
with:
25+
key: ${{ matrix.os }}
2026
- run: cargo test --workspace
2127

2228
fmt:
@@ -39,3 +45,12 @@ jobs:
3945
components: clippy
4046
- uses: Swatinem/rust-cache@v2
4147
- run: cargo clippy --workspace --all-targets -- -D warnings
48+
49+
audit:
50+
name: Security Audit
51+
runs-on: ubuntu-latest
52+
steps:
53+
- uses: actions/checkout@v4
54+
- uses: dtolnay/rust-toolchain@stable
55+
- run: cargo install cargo-audit --locked
56+
- run: cargo audit --ignore RUSTSEC-2025-0119 --ignore RUSTSEC-2024-0436 --ignore RUSTSEC-2026-0097

.github/workflows/release.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ jobs:
2121
include:
2222
- target: aarch64-apple-darwin
2323
os: macos-latest
24+
- target: x86_64-apple-darwin
25+
os: macos-latest
2426
- target: x86_64-unknown-linux-gnu
2527
os: ubuntu-latest
2628
- target: x86_64-pc-windows-msvc

Cargo.lock

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

npm/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "rpg-encoder",
3-
"version": "0.7.0",
3+
"version": "0.8.0",
44
"mcpName": "io.github.userFRM/rpg-encoder",
55
"description": "RPG-Encoder — semantic code graph for AI-assisted code understanding",
66
"license": "MIT",

0 commit comments

Comments
 (0)