chore: 🔖 release new versions#2950
Open
github-actions[bot] wants to merge 1 commit into
Open
Conversation
JLekawa
approved these changes
Jul 16, 2026
github-actions
Bot
force-pushed
the
changeset-release/main
branch
from
July 16, 2026 13:43
0cbc205 to
4c35459
Compare
Contributor
Author
|
|
Contributor
Author
Coverage Report
File CoverageNo changed files found. |
Contributor
Author
Performance Benchmark (Lower is Faster)
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.
Releases
@redocly/cli@2.40.0
Minor Changes
--ignore-headersoption to the experimentaldriftandproxycommands.It takes a comma-separated list of header names to skip in undocumented-header checks, and a trailing
*matches by prefix (for examplex-consumer-*).Use it to silence headers a gateway or proxy adds that are not part of the API contract.
Patch Changes
driftcommand'sschema-consistencyrule reporting false-positive "Undocumented query parameter" findings fordeepObject-style query parameters.Traffic keys like
namespace[id]=...&namespace[name]=...are now matched to the documentednamespaceparameter, and the reconstructed object is validated against the parameter schema.driftcommand'sschema-consistencyrule reported false-positive request findings for exchanges the server rejected with a4xxclient error.For example: missing required parameter, missing required body, request-body schema mismatch.
A
4xxresponse means the server never accepted the request.Validating it against the operation's success-path contract flagged the server's own correct rejection as drift.
Response-side validation still runs, so a documented error response whose shape differs from reality is still reported.
driftcommand'ssecurity-baselinerule reported false-positive "credential exposure over insecure HTTP transport" warnings for traffic captured against loopback hosts, for example:localhost,*.localhost,127.0.0.0/8,[::1].Sandboxed recordings no longer produce transport warnings.
@redocly/openapi-core@2.40.0
Minor Changes
dataValuefield.@redocly/respect-core@2.40.0
Patch Changes
Note
Low Risk
Diff is limited to version numbers and release documentation; no application source changes in this PR.
Overview
Release 2.40.0 — bumps
@redocly/cli,@redocly/openapi-core, and@redocly/respect-corefrom 2.39.0 to 2.40.0 and folds prior changesets into published changelogs (docs/@v2/changelog.md, package CHANGELOGs,package-lock.json).@redocly/cli@2.40.0 documents shipped behavior (not new code in this diff):
--ignore-headerson experimentaldriftandproxy;driftfixes forschema-consistency(deepObjectquery params, skipping request checks when the server returns 4xx) andsecurity-baseline(no insecure-transport warnings on loopback); dependency on openapi-core v2.40.0.@redocly/openapi-core@2.40.0 adds linting for the OpenAPI 3.2 Example Object
dataValuefield.@redocly/respect-core@2.40.0 only updates its openapi-core dependency to v2.40.0.
Reviewed by Cursor Bugbot for commit 4c35459. Bugbot is set up for automated code reviews on this repo. Configure here.