Skip to content

chore(release): v0.22.2 — dogfooding data-loss/correctness fixes + wasmtime security#635

Merged
avrabe merged 1 commit into
mainfrom
release/v0.22.2
Jun 30, 2026
Merged

chore(release): v0.22.2 — dogfooding data-loss/correctness fixes + wasmtime security#635
avrabe merged 1 commit into
mainfrom
release/v0.22.2

Conversation

@avrabe

@avrabe avrabe commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

v0.22.2 — Dogfooding hardening patch

Five fixes from an internal bug-hunt of rivet's own write/validate paths, all merged to main and each shipped with a regression test proven to fail without the fix:

# Severity Fix
#625 P0 data loss modify --add-tag/--remove-tag corrupted a block-style tags: list → whole file unparseable → rivet list loads 0 artifacts (REQ-034)
#627 High validate --direct/MCP counted self-links as closing a rule → false PASS (REQ-004)
#628 Med-High release status greened an empty/typo'd release scope (REQ-007)
#629 Medium rivet add routed non-deterministically across files (REQ-007)
#632 Security wasmtime 44.0.3 → 45.0.3 for RUSTSEC-2026-0188 (REQ-086)

Version bumped in Cargo.toml/lock + vscode-rivet/package.json; CHANGELOG [0.22.2] added. rivet validate, rivet docs check (0 violations), clippy --all-targets, and the full rivet-core/rivet-cli test suites pass locally.

Note: the self-hosted CI runner pool is currently offline (#509), so the per-PR ci.yml gates (Test/Clippy on self-hosted) are queued. The release was verified locally instead; the release build/publish workflows run on GitHub-hosted runners and are unaffected.

🤖 Generated with Claude Code

…smtime security (#625 #627 #628 #629 #632)

Patch release from an internal bug-hunt of rivet's own write/validate paths:
- #625 (P0 data loss): `modify --add-tag`/`--remove-tag` corrupted a block-style
  `tags:` list, making the whole file unparseable (REQ-034).
- #627: `validate --direct`/MCP counted self-links as closing a rule (false PASS).
- #628: `release status` greened an empty/typo'd release scope.
- #629: `rivet add` routed non-deterministically across files.
- #632 (security): wasmtime 44.0.3 -> 45.0.3 for RUSTSEC-2026-0188.

Each fix shipped with a regression test proven to fail without it.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@avrabe avrabe merged commit 54d545d into main Jun 30, 2026
22 checks passed
@avrabe avrabe deleted the release/v0.22.2 branch June 30, 2026 20:19
@codecov

codecov Bot commented Jun 30, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant