Copilot/bump release version #44
Conversation
Summary of ChangesHello @delorenj, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request primarily focuses on preparing for a new release by bumping the project version to "1.7.0" and updating a wide array of dependencies to their latest stable versions. A significant addition is a new script to automate future version bumps, enhancing release management efficiency. The changes also include minor improvements to build scripts and an updated changelog. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request prepares for a new release by bumping the package version to 1.7.0, updating dependencies, and introducing a new script for automating version bumps. The changes are generally good and improve the development workflow.
However, I've found a few issues:
- There is a version mismatch between
package.json(1.7.0) andCHANGELOG.md(1.6.4). The changelog should be updated to match the new version and include the new features. - The new
versionbump.jsscript has a critical command injection vulnerability due to its use ofexecSync. I've provided suggestions to fix this. - I've also added a suggestion to enhance the
versionbump.jsscript to automatically update the changelog, which would help prevent version inconsistencies in the future.
Please address the critical security issue and the changelog inconsistency.
CHANGELOG.md
Outdated
| ## [1.6.4] - 2025-12-09 | ||
|
|
||
| ### Changed | ||
|
|
||
| - **Release Preparation**: Version bump for PR #34 merge and release |
There was a problem hiding this comment.
There's an inconsistency between the version in CHANGELOG.md (1.6.4) and package.json (1.7.0). Given that new features (build and versioning scripts) have been added, a minor version bump to 1.7.0 seems correct according to Semantic Versioning.
Please update the changelog to 1.7.0 and add entries for the new features introduced in this PR, such as the new versionbump script and updated build scripts.
| "name": "@delorenj/mcp-server-trello", | ||
| "mcpName": "io.github.delorenj/mcp-server-trello", | ||
| "version": "1.6.3", | ||
| "version": "1.7.0", |
There was a problem hiding this comment.
The version in package.json is bumped to 1.7.0, but the CHANGELOG.md has been updated for version 1.6.4. Please ensure these are consistent. Since new scripts have been added, a minor version bump to 1.7.0 is appropriate, and the changelog should reflect this.
|
|
||
| // Update package.json | ||
| packageJson.version = newVersion; | ||
| fs.writeFileSync(packageJsonPath, JSON.stringify(packageJson, null, 2) + '\n'); |
There was a problem hiding this comment.
This script is a great addition for automating version bumps! To further improve the release process and ensure consistency, consider extending this script to also update the CHANGELOG.md file. This would prevent discrepancies like the one in this PR where package.json is at 1.7.0 but the changelog was updated for 1.6.4.
There was a problem hiding this comment.
Pull request overview
This PR bumps the release version from 1.6.3 to 1.7.0 and includes several key changes:
- Introduces a new automated version bump script
- Updates all dependencies to newer versions
- Changes the build system from TypeScript compilation to bun bundler
- Removes package-lock.json (switching entirely to bun.lock)
Reviewed changes
Copilot reviewed 3 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/versionbump.js | New automated script for version management with git integration |
| package.json | Version bump to 1.7.0, dependency updates, new build scripts using bun bundler |
| package-lock.json | Deleted - project now uses bun.lock exclusively |
| bun.lock | Updated lock file reflecting all dependency changes |
| CHANGELOG.md | Added release entry (but with incorrect version 1.6.4) |
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: Copilot <[email protected]>
Co-authored-by: Copilot <[email protected]>
|
@copilot open a new pull request to apply changes based on the comments in this thread |
Co-authored-by: delorenj <[email protected]>
Fix CHANGELOG version and revert build script to tsc
No description provided.