@dogpile/sdk 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/README.md +7 -7
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.2.1
|
|
4
|
+
|
|
5
|
+
- Prepared the security patch release identity for `@dogpile/sdk@0.2.1` and `dogpile-sdk-0.2.1.tgz`.
|
|
6
|
+
- Added explicit read-only GitHub Actions workflow permissions for release validation jobs.
|
|
7
|
+
- Reworked package identity command scanning to avoid ReDoS-prone install command regexes.
|
|
8
|
+
- Hardened the Hugging Face upload GUI example's markdown table escaping.
|
|
9
|
+
|
|
3
10
|
## 0.2.0
|
|
4
11
|
|
|
5
12
|
- Prepared the Snow Leopard hardening release identity for `@dogpile/sdk@0.2.0` and `dogpile-sdk-0.2.0.tgz`.
|
package/README.md
CHANGED
|
@@ -102,22 +102,22 @@ pnpm run build
|
|
|
102
102
|
pnpm pack --pack-destination ./packed
|
|
103
103
|
```
|
|
104
104
|
|
|
105
|
-
The local tarball is named `dogpile-sdk-0.2.
|
|
106
|
-
`@dogpile/sdk@0.2.
|
|
105
|
+
The local tarball is named `dogpile-sdk-0.2.1.tgz` for the scoped package
|
|
106
|
+
`@dogpile/sdk@0.2.1`. Install that tarball into a fresh consumer project:
|
|
107
107
|
|
|
108
108
|
```sh
|
|
109
109
|
mkdir ../dogpile-quickstart
|
|
110
110
|
cd ../dogpile-quickstart
|
|
111
111
|
pnpm init
|
|
112
|
-
pnpm add ../dogpile/packed/dogpile-sdk-0.2.
|
|
112
|
+
pnpm add ../dogpile/packed/dogpile-sdk-0.2.1.tgz
|
|
113
113
|
```
|
|
114
114
|
|
|
115
115
|
Equivalent install commands for other supported package managers are:
|
|
116
116
|
|
|
117
117
|
```sh
|
|
118
|
-
npm install ../dogpile/packed/dogpile-sdk-0.2.
|
|
119
|
-
yarn add ../dogpile/packed/dogpile-sdk-0.2.
|
|
120
|
-
bun add ../dogpile/packed/dogpile-sdk-0.2.
|
|
118
|
+
npm install ../dogpile/packed/dogpile-sdk-0.2.1.tgz
|
|
119
|
+
yarn add ../dogpile/packed/dogpile-sdk-0.2.1.tgz
|
|
120
|
+
bun add ../dogpile/packed/dogpile-sdk-0.2.1.tgz
|
|
121
121
|
```
|
|
122
122
|
|
|
123
123
|
## Versioning and Stability
|
|
@@ -160,7 +160,7 @@ What each gate proves:
|
|
|
160
160
|
- `pack:check` runs package identity, rebuilds `dist`, verifies package artifacts, runs the packed-tarball quickstart smoke, checks packed JavaScript source maps and declaration maps, and finishes with `npm pack --dry-run`.
|
|
161
161
|
- `publish:check` runs `verify`, reruns the package artifact guard, and then runs `npm publish --dry-run` so the package metadata, export map, and publishable files are checked without publishing.
|
|
162
162
|
|
|
163
|
-
The release identity is `@dogpile/sdk@0.2.
|
|
163
|
+
The release identity is `@dogpile/sdk@0.2.1`. A real `pnpm pack` or `npm pack` for this scoped package produces the local tarball `dogpile-sdk-0.2.1.tgz`; the dry-run package gate must report that tarball filename and the scoped npm package name before publish. See `CHANGELOG.md` for release notes and breaking-change documentation.
|
|
164
164
|
|
|
165
165
|
The browser ESM target is emitted at `dist/browser/index.js` with `dist/browser/index.js.map`; both the package root `browser` condition and the explicit `@dogpile/sdk/browser` subpath resolve to that bundled artifact.
|
|
166
166
|
|