Skip to content

Commit 6078aa4

Browse files
committed
Add 0.5.0 release notes
1 parent cc6d4be commit 6078aa4

4 files changed

Lines changed: 45 additions & 1 deletion

File tree

CHANGELOG.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@
55
- Starting with `0.5.0`, project licensing is dual `MIT OR Apache-2.0`
66
- Added `LICENSE-MIT` and `LICENSE-APACHE`
77
- Removed the previous EUPL license files
8+
- Added Fluxheim-style local and GitHub CI checks through `scripts/checks.sh`
9+
- Added Dependabot configuration for Cargo and GitHub Actions updates
10+
- Pinned GitHub Actions to immutable commit SHAs for CodeQL-friendly workflow hardening
11+
- Moved demo-server WebP rendering and encoding onto Tokio's blocking task pool
12+
- Added defense-in-depth HTTP security headers to demo HTML, image, and error responses
13+
- Updated `tokio` to `1.52.3`
814

915
## 0.4.2
1016

GITHUB_METADATA.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,12 +36,20 @@ Release title example:
3636
Release notes template:
3737

3838
```text
39-
License migration and version preparation.
39+
License migration and demo server hardening.
4040
4141
Highlights:
4242
- Starting with 0.5.0, project licensing is MIT OR Apache-2.0
4343
- LICENSE-MIT and LICENSE-APACHE are included
4444
- Previous EUPL license files were removed
45+
- Demo-server avatar encoding now runs on Tokio's blocking task pool
46+
- Demo responses now include defense-in-depth HTTP security headers
47+
- GitHub Actions are pinned to immutable commit SHAs
48+
- Local and GitHub checks now run through scripts/checks.sh
49+
50+
Compatibility:
51+
- No avatar rendering behavior changes are intended
52+
- Published 0.4.x and older versions retain their original release licensing
4553
4654
Licence:
4755
- MIT OR Apache-2.0

README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -310,6 +310,10 @@ The test suite includes:
310310
- Starting with `0.5.0`, project licensing is dual `MIT OR Apache-2.0`
311311
- Added separate `LICENSE-MIT` and `LICENSE-APACHE` files
312312
- Removed the previous EUPL license files
313+
- Added Fluxheim-style local and GitHub CI checks through `scripts/checks.sh`
314+
- Pinned GitHub Actions to immutable commit SHAs for CodeQL-friendly workflow hardening
315+
- Moved demo-server WebP rendering and encoding onto Tokio's blocking task pool
316+
- Added defense-in-depth HTTP security headers to demo HTML, image, and error responses
313317

314318
## What's New In 0.4.2
315319

RELEASE_NOTES_0.5.0.md

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# hashavatar 0.5.0
2+
3+
`hashavatar` 0.5.0 prepares the crate for dual permissive licensing and hardens the bundled demo server without changing the deterministic avatar rendering contract.
4+
5+
## Highlights
6+
7+
- Starting with `0.5.0`, the project is licensed as `MIT OR Apache-2.0`
8+
- Added `LICENSE-MIT` and `LICENSE-APACHE`
9+
- Removed the previous EUPL license files from the current source tree
10+
- Added Fluxheim-style local and GitHub CI checks through `scripts/checks.sh`
11+
- Added Dependabot configuration for Cargo and GitHub Actions updates
12+
- Pinned GitHub Actions to immutable commit SHAs for CodeQL-friendly workflow hardening
13+
14+
## Security And Quality
15+
16+
- Moved demo-server WebP rendering and encoding onto Tokio's blocking task pool to avoid starving async worker threads
17+
- Added defense-in-depth HTTP security headers to demo HTML, image, and error responses
18+
- Added regression coverage for the demo response security headers
19+
- Updated `tokio` to `1.52.3`
20+
- Verified with `scripts/checks.sh`, including formatting, build, clippy, tests, CLI smoke exports, `cargo deny check`, and `cargo audit`
21+
22+
## Compatibility
23+
24+
- No avatar rendering behavior changes are intended in this release.
25+
- Existing deterministic fingerprints remain covered by the golden regression tests.
26+
- Published `0.4.x` and older versions retain their original release licensing. The `MIT OR Apache-2.0` license applies starting with `0.5.0`.

0 commit comments

Comments
 (0)