Skip to content

chore: merge develop into main for v2.1.0#534

Merged
kexi merged 35 commits into
mainfrom
develop
Jun 23, 2026
Merged

chore: merge develop into main for v2.1.0#534
kexi merged 35 commits into
mainfrom
develop

Conversation

@kexi

@kexi kexi commented Jun 23, 2026

Copy link
Copy Markdown
Owner

Summary

Merge develop into main to publish v2.1.0.

This PR carries the release commit (6912022 chore: release v2.1.0) and the lockfile-specifier follow-up (0014d95), plus any develop work that landed since v2.0.0.

User-facing changes in v2.1.0

  • Added: .vibe.toml files inside git submodules are now loaded end-to-end.
  • Fixed: Progress tree is shown again during worktree creation.

Test plan

  • Release PR chore: release v2.1.0 #533 merged into develop (all CI green)
  • CI green on this PR before merging
  • After merge: tag v2.1.0 on main and create the GitHub Release

github-actions Bot and others added 30 commits June 18, 2026 23:32
@github-actions
chore: update Nix flake to 2.0.0
a220287
@kexi
Merge pull request #521 from kexi/chore/update-nix-flake-2.0.0-277953…
67d2ce3 
…63935-1

chore: update Nix flake to 2.0.0
@kexi
ci: move Nix binary hash updates to release docs
8bd6c2a
@kexi
Merge branch 'develop' into chore/manual-nix-binary-hash-update
0c57e41
@kexi
Merge pull request #522 from kexi/chore/manual-nix-binary-hash-update
dd6cd9c 
ci: move Nix binary hash updates to release docs
@kexi
feat: add submodule auto init config
7b09ed2
@kexi
Merge pull request #524 from kexi/feat/523-submodules-auto-init
1dc35a4 
feat: add submodule auto init config
@kexi
Revert "feat: add submodule auto init config"
fc3d198
@kexi
Merge pull request #525 from kexi/revert-524-feat/523-submodules-auto…
bc7a924 
…-init

revert: remove submodule auto init config
@kexi
feat: read trusted submodule configs
d7dc669
@kexi
fix: read submodule configs from worktrees
7160503
@kexi
test: cover submodule vibe configs in e2e
a5357d6
@dependabot
chore(deps): bump the npm_and_yarn group across 3 directories with 2 …
acdf07e 
…updates

Bumps the npm_and_yarn group with 1 update in the /packages/npm directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).
Bumps the npm_and_yarn group with 1 update in the /packages/e2e directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).
Bumps the npm_and_yarn group with 1 update in the /packages/docs directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).


Updates `vitest` from 2.1.9 to 3.2.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest)

Updates `vitest` from 2.1.9 to 3.2.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest)

Updates `astro` from 5.16.9 to 6.4.6
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.4.6/packages/astro)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 3.2.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 3.2.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: astro
  dependency-version: 6.4.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@kexi
fix: copy submodule files from origin checkout
a22ff4b
@kexi
Merge pull request #527 from kexi/feat/526-submodule-vibe-config
5970844 
feat: read trusted submodule configs
@kexi
docs: update legacy Deno references
5f76096
@kexi
docs: align clean strategy function names
7ff5621
@kexi
Merge branch 'develop' into docs/update-legacy-deno-references
0d36c90
@kexi
Merge pull request #529 from kexi/docs/update-legacy-deno-references
dab6a31 
docs: update legacy Deno references
@dependabot
chore(deps): bump actions/checkout from 6.0.3 to 7.0.0
b1ef6bc 
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@df4cb1c...9c091bb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump softprops/action-gh-release from 3.0.0 to 3.0.1
9a24c18 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@b430933...718ea10)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@kexi
fix: show progress tree during worktree creation
8ac6529
@kexi
Merge pull request #531 from kexi/dependabot/github_actions/softprops…
f4bb8a5 
…/action-gh-release-3.0.1

chore(deps): bump softprops/action-gh-release from 3.0.0 to 3.0.1
@kexi
Merge branch 'develop' into dependabot/github_actions/actions/checkou…
9b6cdc6 
…t-7.0.0
@kexi
Merge branch 'develop' into fix/start-progress-tree
33eb98b
@kexi
Merge pull request #532 from kexi/fix/start-progress-tree
901e7ae 
fix: show progress tree during worktree creation
@kexi
chore(deps): align dependabot npm updates
06d32fd 
Keep the lockfile, Starlight, and Vitest UI peers compatible with Astro 6 and Vitest 3.
@kexi
Merge branch 'develop' into dependabot/github_actions/actions/checkou…
5d9edb3 
…t-7.0.0
@kexi
Merge branch 'develop' into dependabot/npm_and_yarn/packages/npm/npm_…
5662de8 
…and_yarn-fb1baa67f8
@kexi
Merge pull request #530 from kexi/dependabot/github_actions/actions/c…
d898fc4 
…heckout-7.0.0

chore(deps): bump actions/checkout from 6.0.3 to 7.0.0
kexi added 5 commits June 23, 2026 20:42
@kexi
Merge branch 'develop' into dependabot/npm_and_yarn/packages/npm/npm_…
cd9652e 
…and_yarn-fb1baa67f8
@kexi
Merge pull request #528 from kexi/dependabot/npm_and_yarn/packages/np…
82bc082 
…m/npm_and_yarn-fb1baa67f8

chore(deps): bump the npm_and_yarn group across 3 directories with 2 updates
@kexi
chore: release v2.1.0
6912022
@kexi
chore: bump @kexi/vibe-* specifiers in pnpm-lock to 2.1.0
0014d95 
CI `pnpm install --frozen-lockfile` rejected the v2.1.0 bump because
the workspace-link optionalDependencies in pnpm-lock.yaml still pointed
at specifier 2.0.0 while packages/npm/package.json was updated to 2.1.0
by sync-version.ts. sync-version.ts only rewrites manifests; the
lockfile specifier mirror needs to follow.
@kexi
Merge pull request #533 from kexi/release/v2.1.0
a0d0efd 
chore: release v2.1.0
@socket-security

socket-security Bot commented Jun 23, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​astro@​5.16.9 ⏵ 6.4.888100 +2688 +198 +1100

View full report

@socket-security

socket-security Bot commented Jun 23, 2026

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm astro is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: packages/docs/package.jsonnpm/astro@6.4.8

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/astro@6.4.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@kexi kexi merged commit 5141f9b into main Jun 23, 2026
49 of 50 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kexi