Skip to content

chore: merge develop into main for v2.1.0#534

Merged
kexi merged 35 commits into
mainfrom
develop
Jun 23, 2026
Merged

chore: merge develop into main for v2.1.0#534
kexi merged 35 commits into
mainfrom
develop

Conversation

@kexi

@kexi kexi commented Jun 23, 2026

Copy link
Copy Markdown
Owner

Summary

Merge develop into main to publish v2.1.0.

This PR carries the release commit (6912022 chore: release v2.1.0) and the lockfile-specifier follow-up (0014d95), plus any develop work that landed since v2.0.0.

User-facing changes in v2.1.0

  • Added: .vibe.toml files inside git submodules are now loaded end-to-end.
  • Fixed: Progress tree is shown again during worktree creation.

Test plan

  • Release PR chore: release v2.1.0 #533 merged into develop (all CI green)
  • CI green on this PR before merging
  • After merge: tag v2.1.0 on main and create the GitHub Release

github-actions Bot and others added 30 commits June 18, 2026 23:32
…63935-1

chore: update Nix flake to 2.0.0
ci: move Nix binary hash updates to release docs
…-init

revert: remove submodule auto init config
…updates

Bumps the npm_and_yarn group with 1 update in the /packages/npm directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).
Bumps the npm_and_yarn group with 1 update in the /packages/e2e directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).
Bumps the npm_and_yarn group with 1 update in the /packages/docs directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).


Updates `vitest` from 2.1.9 to 3.2.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest)

Updates `vitest` from 2.1.9 to 3.2.6
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v3.2.6/packages/vitest)

Updates `astro` from 5.16.9 to 6.4.6
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.4.6/packages/astro)

---
updated-dependencies:
- dependency-name: vitest
  dependency-version: 3.2.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: vitest
  dependency-version: 3.2.6
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: astro
  dependency-version: 6.4.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@df4cb1c...9c091bb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@b430933...718ea10)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
…/action-gh-release-3.0.1

chore(deps): bump softprops/action-gh-release from 3.0.0 to 3.0.1
fix: show progress tree during worktree creation
Keep the lockfile, Starlight, and Vitest UI peers compatible with Astro 6 and Vitest 3.
…heckout-7.0.0

chore(deps): bump actions/checkout from 6.0.3 to 7.0.0
kexi added 5 commits June 23, 2026 20:42
…m/npm_and_yarn-fb1baa67f8

chore(deps): bump the npm_and_yarn group across 3 directories with 2 updates
CI `pnpm install --frozen-lockfile` rejected the v2.1.0 bump because
the workspace-link optionalDependencies in pnpm-lock.yaml still pointed
at specifier 2.0.0 while packages/npm/package.json was updated to 2.1.0
by sync-version.ts. sync-version.ts only rewrites manifests; the
lockfile specifier mirror needs to follow.
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatednpm/​astro@​5.16.9 ⏵ 6.4.888100 +2688 +198 +1100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm astro is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: packages/docs/package.jsonnpm/astro@6.4.8

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/astro@6.4.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@kexi kexi merged commit 5141f9b into main Jun 23, 2026
49 of 50 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant