From f5516cd594d04e10f59c1d2ac178a332d0b29a26 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Jun 2026 05:51:48 +0200 Subject: [PATCH 1/3] ci(deps): bump actions/checkout from 6.0.3 to 7.0.0 (#321) Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/back-merge.yml | 2 +- .github/workflows/ci.yml | 8 ++++---- .github/workflows/codeql.yml | 2 +- .github/workflows/validate.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/back-merge.yml b/.github/workflows/back-merge.yml index 2a234956..9bdf4af0 100644 --- a/.github/workflows/back-merge.yml +++ b/.github/workflows/back-merge.yml @@ -25,7 +25,7 @@ jobs: app-id: ${{ secrets.AIDD_BOT_APP_ID }} private-key: ${{ secrets.AIDD_BOT_PRIVATE_KEY }} - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ref: next fetch-depth: 0 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3334d65f..356729c1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: contents: read pull-requests: read steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1 @@ -94,7 +94,7 @@ jobs: if: needs.release-please.outputs.release_created == 'true' runs-on: ubuntu-latest steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Build clean marketplace bundle # A self-contained marketplace a user can extract and register with @@ -141,7 +141,7 @@ jobs: - { tool: codex, mode: flat, flag: "--flat" } - { tool: opencode, mode: flat, flag: "--flat" } steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: @@ -193,7 +193,7 @@ jobs: echo "released=false" >> $GITHUB_OUTPUT fi - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 if: steps.check.outputs.released == 'true' - name: Get plugin version diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b2bd1ab6..68b81d32 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,7 +28,7 @@ jobs: language: [javascript-typescript] steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Initialize CodeQL uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index b3ae480a..a719188e 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -22,7 +22,7 @@ jobs: CI: "true" steps: - name: Checkout - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Setup Node uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 From f71bdd2be31c34aa43e5280659432fb3a9f1cdab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 23 Jun 2026 06:11:56 +0200 Subject: [PATCH 2/3] chore(deps-dev): bump js-yaml from 4.2.0 to 5.0.0 (#322) * chore(deps-dev): bump js-yaml from 4.2.0 to 5.0.0 Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.2.0 to 5.0.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/4.2.0...5.0.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 5.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] * fix(framework): use js-yaml v5 named export in validate-yaml js-yaml 5.0.0 is pure ESM and drops the default export. Switch to the named { load } import so the yaml-validity hook stops throwing the missing default export error. Co-Authored-By: Claude Opus 4.8 (1M context) --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Baptiste LAFOURCADE Co-authored-by: Claude Opus 4.8 (1M context) --- package.json | 2 +- pnpm-lock.yaml | 12 ++++++++++-- scripts/validate-yaml.mjs | 4 ++-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 8aa3446b..3a00677e 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "@commitlint/config-conventional": "^21.0.2", "ajv": "8.20.0", "ajv-formats": "3.0.1", - "js-yaml": "4.2.0", + "js-yaml": "5.0.0", "lefthook": "^2.1.9" } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 2aaaa136..d2616131 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -21,8 +21,8 @@ importers: specifier: 3.0.1 version: 3.0.1(ajv@8.20.0) js-yaml: - specifier: 4.2.0 - version: 4.2.0 + specifier: 5.0.0 + version: 5.0.0 lefthook: specifier: ^2.1.9 version: 2.1.9 @@ -269,6 +269,10 @@ packages: resolution: {integrity: sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==} hasBin: true + js-yaml@5.0.0: + resolution: {integrity: sha512-GSvaPUbk1U+FMZ7rJzF+F8e5YVtu7KnD40et/5rBXXRBv2jCO9L3qCewvIDDdudC0QycTFlf6EAA+h3kxBsuUw==} + hasBin: true + json-parse-even-better-errors@2.3.1: resolution: {integrity: sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==} @@ -654,6 +658,10 @@ snapshots: dependencies: argparse: 2.0.1 + js-yaml@5.0.0: + dependencies: + argparse: 2.0.1 + json-parse-even-better-errors@2.3.1: {} json-schema-traverse@1.0.0: {} diff --git a/scripts/validate-yaml.mjs b/scripts/validate-yaml.mjs index e667e2f3..043bcc4a 100755 --- a/scripts/validate-yaml.mjs +++ b/scripts/validate-yaml.mjs @@ -2,14 +2,14 @@ // Validates YAML syntax using the repository's Node dependency, avoiding Python in hooks. import { readFile } from "node:fs/promises"; -import yaml from "js-yaml"; +import { load } from "js-yaml"; const files = process.argv.slice(2).filter((file) => file !== "--"); const errors = []; for (const file of files) { try { - yaml.load(await readFile(file, "utf8"), { filename: file }); + load(await readFile(file, "utf8"), { filename: file }); } catch (error) { errors.push(`${file}: ${error.message}`); } From b1b10332b0c1d0c46c47a3efbee6a531f6a4581a Mon Sep 17 00:00:00 2001 From: "aidd-bot[bot]" <290648294+aidd-bot[bot]@users.noreply.github.com> Date: Tue, 23 Jun 2026 04:12:41 +0000 Subject: [PATCH 3/3] chore: release main (#323) Co-authored-by: aidd-bot[bot] <290648294+aidd-bot[bot]@users.noreply.github.com> --- .claude-plugin/marketplace.json | 2 +- .release-please-manifest.json | 2 +- CHANGELOG.md | 7 +++++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json index b1e7b1d3..7fca55c2 100644 --- a/.claude-plugin/marketplace.json +++ b/.claude-plugin/marketplace.json @@ -1,7 +1,7 @@ { "$schema": "https://json.schemastore.org/claude-code-marketplace.json", "name": "aidd-framework", - "version": "5.0.2", + "version": "5.0.3", "description": "Official plugin marketplace for the AI-Driven Development framework", "owner": { "name": "AI-Driven Dev" diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 7eef9bd7..120d634f 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,5 +1,5 @@ { - ".": "5.0.2", + ".": "5.0.3", "plugins/aidd-context": "2.0.1", "plugins/aidd-dev": "2.0.0", "plugins/aidd-vcs": "2.0.0", diff --git a/CHANGELOG.md b/CHANGELOG.md index 473eb113..aee95075 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## [5.0.3](https://github.com/ai-driven-dev/framework/compare/v5.0.2...v5.0.3) (2026-06-23) + + +### Miscellaneous + +* **deps-dev:** bump js-yaml from 4.2.0 to 5.0.0 ([#322](https://github.com/ai-driven-dev/framework/issues/322)) ([f71bdd2](https://github.com/ai-driven-dev/framework/commit/f71bdd2be31c34aa43e5280659432fb3a9f1cdab)) + ## [5.0.2](https://github.com/ai-driven-dev/framework/compare/v5.0.1...v5.0.2) (2026-06-22)