Skip to content

chore: release v3.5.4#696

Merged
jdx merged 1 commit into
mainfrom
release
Jul 6, 2026
Merged

chore: release v3.5.4#696
jdx merged 1 commit into
mainfrom
release

Conversation

@mise-en-dev

@mise-en-dev mise-en-dev commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator

🐛 Bug Fixes

  • (complete) skip unreadable files in fish shebang completion scan by @GrantD-ADSK in #707

🔍 Other Changes

  • Enable Entire for Codex by @jdx in #695
  • Update sponsor references for jdx.dev by @jdx in #702
  • use release backends for cargo tools by @jdx in #709

📦️ Dependency Updates

New Contributors

@coderabbitai

coderabbitai Bot commented Jun 25, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Adds a 3.5.4 changelog entry, propagates the 3.5.4 version through manifests and generated CLI docs, and bumps eslint to 10.6.0 in package metadata and the lockfile.

Changes

Release 3.5.4 version bump

Layer / File(s) Summary
Changelog entry
CHANGELOG.md
Adds the 3.5.4 release section dated 2026-07-03 with one “🔍 Other Changes” item and dependency update notes.
Version propagation
Cargo.toml, lib/Cargo.toml, cli/Cargo.toml, cli/usage.usage.kdl, docs/cli/reference/commands.json, docs/cli/reference/index.md
Updates version fields and references from 3.5.3 to 3.5.4 across the workspace dependency, manifests, CLI metadata, and generated reference docs.
eslint dependency update
package.json, aube-lock.yaml
Bumps eslint from 10.5.0 to 10.6.0 and updates the lockfile importer, package, and snapshot references that resolve through that version.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

  • jdx/usage#658: Updates the same versioned manifests, CLI metadata, docs, and changelog in a nearby release bump.
  • jdx/usage#677: Also bumps project version fields across the changelog, manifests, usage metadata, generated CLI reference files, and eslint lockfile data.
  • jdx/usage#690: Performs the same coordinated version update pattern across the crate manifests, CLI metadata, and release docs.

Poem

I hopped through the changelog under moonlit dew,
and painted every version a brighter hue.
3.5.4 twinkles like a carrot-star,
tucked in each doc and manifest jar.
Hoppity hop — the release is done! 🐇

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: a v3.5.4 release chore.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@greptile-apps

greptile-apps Bot commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

Greptile Summary

This is a standard release PR bumping the project to v3.5.4, with all version references updated consistently across Rust crates, generated docs, and the JS toolchain lock file.

  • Version bumped from 3.5.3 to 3.5.4 in cli/Cargo.toml, lib/Cargo.toml, Cargo.toml, cli/usage.usage.kdl, docs/cli/reference/commands.json, and docs/cli/reference/index.md.
  • Cargo.lock and aube-lock.yaml updated to reflect minor dependency upgrades (crossbeam, zerocopy, eslint 10.5→10.6).
  • CHANGELOG.md documents the included bug fix (fish shebang scan skipping unreadable files), tooling changes, and dependency updates.

Confidence Score: 5/5

Safe to merge — purely a version bump and lock file update with no logic changes.

All changes are mechanical: version strings incremented uniformly across every manifest and generated file, lock files updated to match, and changelog populated. No functional code was modified.

No files require special attention.

Important Files Changed

Filename Overview
CHANGELOG.md Adds v3.5.4 release notes with bug fixes, dependency updates, and new contributor acknowledgement
Cargo.toml Bumps usage-lib workspace dependency version from 3.5.3 to 3.5.4
Cargo.lock Lock file update: bumps crossbeam-deque, crossbeam-epoch, crossbeam-utils, zerocopy/zerocopy-derive, and usage-cli/usage-lib package versions
cli/Cargo.toml Bumps usage-cli version from 3.5.3 to 3.5.4
lib/Cargo.toml Bumps usage-lib version from 3.5.3 to 3.5.4
package.json Bumps eslint devDependency specifier from ^10.5.0 to ^10.6.0
aube-lock.yaml Lock file update reflecting the eslint 10.5.0 → 10.6.0 upgrade with all peer-dependent packages updated consistently
cli/usage.usage.kdl Generated spec file: version string updated from 3.5.3 to 3.5.4
docs/cli/reference/commands.json Generated docs file: version string updated from 3.5.3 to 3.5.4
docs/cli/reference/index.md Generated docs file: version string updated from 3.5.3 to 3.5.4

Reviews (10): Last reviewed commit: "chore: release v3.5.4" | Re-trigger Greptile

@mise-en-dev mise-en-dev force-pushed the release branch 5 times, most recently from 2361d87 to 30f01ec Compare July 3, 2026 06:21
@mise-en-dev mise-en-dev force-pushed the release branch 3 times, most recently from 0c6e7e1 to 413c2de Compare July 6, 2026 17:42
@socket-security

socket-security Bot commented Jul 6, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: cargo zerocopy is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?cargo/criterion@0.8.2cargo/zerocopy@0.8.53

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/zerocopy@0.8.53. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@jdx jdx merged commit 02a06e8 into main Jul 6, 2026
5 checks passed
@jdx jdx deleted the release branch July 6, 2026 20:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants