Skip to content

release: bump to 1.0.1 (security-hardening release)#96

Merged
tcconnally merged 1 commit into
mainfrom
release/1.0.1
Jul 5, 2026
Merged

release: bump to 1.0.1 (security-hardening release)#96
tcconnally merged 1 commit into
mainfrom
release/1.0.1

Conversation

@tcconnally

Copy link
Copy Markdown
Contributor

Release prep: v1.0.1 (security-hardening release)

Bumps __version__ 1.0.0 → 1.0.1 and promotes the accumulated CHANGELOG
[Unreleased] entries to [1.0.1]. This is the version-bump commit for the
four merged security PRs (#92 login-CSRF, #93 HTTP hardening, #94 ledger
atomicity, #95 deploy hardening) from the 2026-07-05 review.

No /v1 contract changes. 268 tests pass. Merging this makes main ready for the
v1.0.1 tag (which triggers the PyPI + GHCR publish).

Promotes the CHANGELOG [Unreleased] security fixes to [1.0.1] and bumps
__version__ 1.0.0 -> 1.0.1. Follow-up to the 2026-07-05 security review: OIDC
login-CSRF, ledger/webhook atomicity, HTTP hardening, and fail-closed deploy
posture. No /v1 contract changes. 268 tests pass.

Code freeze only — the release workflow triggers on the v1.0.1 tag.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@tcconnally tcconnally merged commit 4bbc145 into main Jul 5, 2026
8 checks passed
@tcconnally tcconnally deleted the release/1.0.1 branch July 5, 2026 18:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant