@@ -11,6 +11,109 @@ versions follow [SemVer](https://semver.org/).
1111> section ** above** Unreleased, or remove the Unreleased block for the
1212> release commit. Otherwise the GitHub release ships boilerplate.
1313
14+ ## [ 1.0.2] — 2026-05-20
15+
16+ Bug-fix batch on top of v1.0.1 — three review rounds turned up five
17+ real defects and a handful of housekeeping items, all covered by
18+ nine new unit tests (245 → 254). No new features; no behaviour
19+ change for users on the golden path. Highlights: rapid-fire LSP
20+ restarts no longer race into a ` TypeError ` in the extension host;
21+ ` Pipeline-Check: Scan Workspace ` failures land a real
22+ extension-branded error instead of VS Code's generic "Command
23+ failed" toast; ` scan-on-save ` rejections now surface in the output
24+ channel instead of leaking as unhandled promise rejections; the
25+ ` What's New ` upgrade-toast comparison handles double-digit
26+ pre-release identifiers (` rc.10 > rc.2 ` ); and the internal ` ** `
27+ glob no longer matches mid-segment (a file literally named
28+ ` myDockerfile ` is no longer classified as a Dockerfile).
29+
30+ ### Fixed
31+
32+ - ** Restart-during-startup race in the LSP client no longer crashes
33+ the extension host.** ` startClient ` referenced the module-level
34+ ` client ` after awaiting ` client.start() ` ; a concurrent
35+ ` stopClient ` (second ` Pipeline-Check: Restart ` click, or
36+ ` deactivate ` mid-startup) could clear the slot before
37+ ` onDidChangeState ` wired up, throwing `TypeError: Cannot read
38+ properties of undefined`. The client is now captured into a
39+ local before the await, with an identity check after — if the
40+ slot was swapped, the orphaned LSP child is killed cleanly and
41+ no shared state is touched.
42+ - ** ` Pipeline-Check: Scan Workspace ` / ` Refresh Findings ` rejections
43+ surface a real toast.** If ` findFiles ` rejects before the loop
44+ starts (workspace closed mid-call, fs error), ` scanWorkspace `
45+ re-throws; the command surface used to render that as a generic
46+ ` Command 'pipelineCheck.scanWorkspace' resulted in an error `
47+ toast divorced from the click. A new ` runScanCommand ` wrapper
48+ catches the rejection, writes a ` scan: failed to start ` line to
49+ the Pipeline-Check output channel, and shows a
50+ Pipeline-Check-branded ` showErrorMessage ` instead. Per-file
51+ failures still flow through the normal ` formatSummary ` path.
52+ - ** ` scan-on-save ` rejections no longer leak as unhandled promise
53+ rejections.** ` onDidSaveTextDocument ` is fire-and-forget, so a
54+ rejected scan promise used to land as an "unhandled promise
55+ rejection" in the extension-host log with no connection back to
56+ the save that triggered it. The handler now catches scan
57+ failures, routes them through a new optional ` onError ` hook
58+ wired to the Pipeline-Check output channel, and resolves
59+ cleanly. The busy-lock still releases on every exit path.
60+ - ** ` What's New ` upgrade compare now follows semver §11.4 for
61+ pre-release identifiers.** The previous implementation compared
62+ pre-release suffixes lexicographically, so ` rc.10 ` ranked
63+ * below* ` rc.2 ` (because ` '1' < '2' ` in ASCII order) — a user on
64+ ` rc.2 ` upgrading to ` rc.10 ` would not see the upgrade toast.
65+ Numeric identifiers now compare numerically, non-numeric
66+ lexically, numeric ranks below non-numeric, and a longer
67+ identifier set wins on tie.
68+ - ** Internal ` **/ ` glob matcher no longer crosses segment
69+ boundaries.** ` ** ` translated to ` .* ` , so ` **/Dockerfile `
70+ matched ` myDockerfile ` (no slash before the ` D ` ). The
71+ ` disabledProviders ` middleware filter would then silence the
72+ wrong file. ` **/ ` now translates to ` (?:.*/)? ` so the prefix
73+ must end on a real ` / ` (or be empty).
74+
75+ ### Changed
76+
77+ - ** ` vscode:prepublish ` ships with a synced ` package-lock.json ` .**
78+ The lockfile's top-level ` "version" ` had drifted to ` 1.0.0 `
79+ while ` package.json ` advanced through ` 1.0.1 ` ; this release
80+ brings both to ` 1.0.2 ` so the ` npm ci ` reproducibility contract
81+ the publish workflow relies on stays clean.
82+ - ** ` log.setLogChannel ` accepts ` undefined ` .** The module already
83+ treated a missing channel as a no-op; the signature now
84+ documents that explicitly so tests (and any future caller that
85+ needs to detach) don't have to lie via
86+ ` undefined as unknown as OutputChannel ` .
87+
88+ ### Internal
89+
90+ - ** Manifest welcome-link regex now captures dotted command IDs.**
91+ The regression-fence test that verifies every
92+ ` command:pipelineCheck.X ` link in the welcome panel maps to a
93+ declared command was stopping at the first ` . ` , so a future
94+ welcome edit that linked to ` pipelineCheck.findings.refresh `
95+ would have slipped past the check.
96+ - ** ` workspaceScan ` and ` navigate ` test names match what they
97+ actually test, with new sibling tests for the propagation
98+ paths.** The old "withProgress throws" test only exercised the
99+ per-file caught-failure case; a new test now reaches the real
100+ pre-loop ` findScannableFiles ` rejection path. The
101+ "strict comparison" navigate test now uses two findings so it
102+ actually verifies advancement (the old single-element setup
103+ only proved wrap-around).
104+ - ** ` codeLens ` / ` findingsView ` test suites now use the full
105+ ` resetStubState() ` reset.** Closes a latent fragility where a
106+ future assertion on ` __stubCalls.executeCommand ` (populated by
107+ the ` FindingsTreeProvider ` constructor's ` setContext ` call)
108+ would have inherited stale state from earlier tests in the
109+ same file.
110+ - ** CodeQL workflow trimmed.** Drops the GitHub template
111+ scaffolding (` build-mode ` matrix include, ` swift ` -vs-` ubuntu `
112+ runner-os switch, manual-build placeholder step) so the file
113+ shows only what we actually configure — the same three
114+ languages (` actions ` , ` javascript-typescript ` , ` python ` ) and
115+ the same pinned action SHAs.
116+
14117## [ 1.0.1] — 2026-05-19
15118
16119Stability batch on top of v1.0.0 — three rounds of edge-case
0 commit comments