v0.2.26
·
529 commits
to b03d6a9a2fc6b868a7ccd42a2081dda577ba2acf
since this release
0.2.26 (2026-02-24)
Bug Fixes
- ci: pin protoc version for vendored proto reproducibility (#548) (03e9d35)
- cli: add --cache-dir and simplify defaults wording (#550) (b8701dd)
- cli: fail fast when glob patterns match nothing (#519) (404104b)
- deps: update dependency xgboost to >=3.2,<3.3 (#507) (4489e97)
- enforce consistent scanner patterns across all scanners (#564) (dd6b8d2)
- improve test suite reliability and safety (#565) (4bd04a7)
- remove security anti-patterns from scanning infrastructure (#562) (d02cd0b)
- security: close critical scanner and CI gating gaps (#553) (807a8aa)
- security: resolve CodeQL alerts for workflow permissions and sensitive logging (#570) (d2dfc79)
- security: resolve remaining audit findings (#4-#8) (#556) (7430436)
- security: use URL hostname parsing instead of substring matching (#571) (b4d3696)
- test: relax benchmark timing assertions for Windows CI (#569) (b06faac)
Documentation
- clarify README exit codes (#568) (e57a0de)
- fix accuracy issues across AGENTS.md, README, and CONTRIBUTING (#566) (880e7a4)
- open-source: add user trust docs batch (#534) (dd5e676)
- readme: add cache management flag (#521) (33d74bd)
- ship next-phase open-source readiness docs (#532) (c88035d)
- trim README to essentials, fix inaccuracies (#517) (59c056c)