Skip to content

chore(release): finalize v0.5.1#81

Merged
fvadicamo merged 7 commits into
developfrom
chore/v0.5.1-release
Jul 12, 2026
Merged

chore(release): finalize v0.5.1#81
fvadicamo merged 7 commits into
developfrom
chore/v0.5.1-release

Conversation

@fvadicamo

@fvadicamo fvadicamo commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

What

Release finalization for v0.5.1: version bump 0.5.0 → 0.5.1 across the 8 workspace components, CHANGELOG promotion ([Unreleased][0.5.1] - 2026-07-12 with a fresh empty Unreleased block), lockfile refresh, and backlog bookkeeping (DEBT-024 completed with resolution notes; new DEBT-025 for local .env test isolation).

Also reconciles the esbuild 0.28 security bump that Dependabot recreated against main (PR #77) back into the develop line, so develop and main converge at the release merge. Widget build verified with esbuild 0.28.

Testing

  • make lint green (ruff, mypy, import-linter)
  • make test green: 638 passed, 3 skipped (clean env)
  • npm run build in vektra-learn/widget green with esbuild 0.28

Next

After merge: release PR developmain, tag v0.5.1.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Release
    • Released version 0.5.1 across the platform’s packages.
  • Security
    • Updated development tooling and automation components to incorporate security improvements.
  • Chores
    • Updated the widget build toolchain to a newer version for improved compatibility and maintenance.

fvadicamo and others added 7 commits March 22, 2026 13:35
- Optional enrollment mode for LMS integrations (FEAT-003)
- Widget UX: collapsible sources, a11y, i18n, snippet fix
- Phase 2 stabilization: BUG-010, BUG-011, DEBT-002/003/008
- Sync main history, 3 critical bug fixes from v0.2.0 review
- Version 0.3.0, CHANGELOG, docs update (18 new config vars, ERR-LEARN codes)
- Commit signing guide, quality gate, branching rules in CONTRIBUTING

Reviews: PRs #42-#47, 30+ comments addressed (CodeRabbit, Gemini)
Tests: 576 passed, integration + NFR gates green
Refs: FEAT-003, BUG-010, BUG-011, DEBT-002, DEBT-003, DEBT-008
- Configurable grounding mode strict/hybrid with per-namespace override (FEAT-020)
- QueryTrace persistence for all pipelines, streaming and non-streaming (BUG-013)
- Reranker scores, eval mode tracing, debug query logging (DEBT-014, DEBT-015, DEBT-009, FEAT-019)
- Safeguard bypass fix in hybrid mode, XML escaping, config constraints (PR #57)
- Production-ready chatbot widget, RAG prompt restructure, conversation persistence
- CI: remove latency step requiring LLM (PR #58)

Reviews: 21 inline + 3 outside-diff addressed (CodeRabbit, Gemini, github-code-quality)
Tests: all passing, 28/28 CI checks green
Refs: PRs #49-#58, milestone v0.4.0
- v0.5.0: widget production-ready (FEAT-016/012/004 + WI-1/2/3) + instructor namespace config
- Branding: rebrand to "Vektra RAG" + widget footer "VektraLabs" + vektralabs.github.io org landing
- Security: 2 critical CVEs litellm closed (auth bypass), pytest 9, esbuild 0.25
- DEBT-018 widget primary-color scope, DEBT-020 audit log fallback (admin/learn/ingest)
- Docs: consolidated widget integration guide, CHANGELOG/BACKLOG aligned

Reviews: 14/14 addressed across PR #66/69/70/71/72/73 (Gemini + CodeRabbit + code-quality bot)
Tests: 632 passed; CI all green; integration + NFR gates pass
Refs: closes DEBT-018, DEBT-020; spawns DEBT-022, DEBT-023; coordinated with vektra-moodle#14
Bumps the npm_and_yarn group with 1 update in the /vektra-learn/widget directory: [esbuild](https://github.com/evanw/esbuild).


Updates `esbuild` from 0.25.0 to 0.28.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2025.md)
- [Commits](evanw/esbuild@v0.25.0...v0.28.1)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-version: 0.28.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
…-learn/widget/npm_and_yarn-53cbaf2a5b

chore(deps-dev): Bump esbuild from 0.25.0 to 0.28.1 in /vektra-learn/widget in the npm_and_yarn group across 1 directory
Reconcile the esbuild security bump (PR #77) that Dependabot recreated
against main (default branch) instead of develop.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
- Bump version 0.5.0 -> 0.5.1 across 8 components
- Promote CHANGELOG entry from [Unreleased] to [0.5.1] - 2026-07-12
- Refresh uv.lock for the version change
- BACKLOG: DEBT-024 completed (resolution notes), new DEBT-025
  (isolate unit tests from local .env)
- Reconcile esbuild 0.28 bump from main (PR #77 landed on the
  default branch)

Prepares the develop -> main release PR for v0.5.1
(security hardening: DEBT-024 sweep).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@fvadicamo fvadicamo added dependencies Dependency updates security Security hardening and vulnerability fixes labels Jul 12, 2026
@github-actions github-actions Bot added documentation Improvements or additions to documentation component:shared vektra-shared component component:core vektra-core component component:ingest vektra-ingest component component:index vektra-index component component:admin vektra-admin component labels Jul 12, 2026
@coderabbitai

coderabbitai Bot commented Jul 12, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 53d3068e-92b2-4189-84e6-28c53b20b704

📥 Commits

Reviewing files that changed from the base of the PR and between 43d31fc and cd76653.

⛔ Files ignored due to path filters (3)
  • .s2s/BACKLOG.md is excluded by !.s2s/**
  • uv.lock is excluded by !**/*.lock, !**/*.lock
  • vektra-learn/widget/package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (10)
  • CHANGELOG.md
  • vektra-admin/pyproject.toml
  • vektra-analytics/pyproject.toml
  • vektra-app/pyproject.toml
  • vektra-core/pyproject.toml
  • vektra-index/pyproject.toml
  • vektra-ingest/pyproject.toml
  • vektra-learn/pyproject.toml
  • vektra-learn/widget/package.json
  • vektra-shared/pyproject.toml

📝 Walkthrough

Walkthrough

The release updates Python package versions to 0.5.1, bumps the widget’s development esbuild constraint from ^0.25 to ^0.28, and records development dependency and GitHub Actions updates in the 0.5.1 security changelog.

Changes

Release 0.5.1 updates

Layer / File(s) Summary
Align Python package versions
vektra-*/pyproject.toml
All listed Python packages update their project version from 0.5.0 to 0.5.1.
Update widget tooling and security changelog
vektra-learn/widget/package.json, CHANGELOG.md
The widget esbuild development dependency changes to ^0.28, and the 0.5.1 security section records development dependency and GitHub Actions updates.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

Suggested labels: ci, component:learn, javascript

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the release finalization and version bump to v0.5.1.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/v0.5.1-release

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request bumps the version of all Vektra packages from 0.5.0 to 0.5.1, updates the changelog with details for the 0.5.1 security hardening release, and upgrades esbuild to version 0.28 in the widget build toolchain. It also updates the backlog to mark the DEBT-024 security sweep as completed and schedules a new task (DEBT-025) to isolate unit tests from local environment variables. There are no review comments, and I have no feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

@fvadicamo fvadicamo merged commit fd2ef7c into develop Jul 12, 2026
19 checks passed
@fvadicamo fvadicamo deleted the chore/v0.5.1-release branch July 12, 2026 01:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

component:admin vektra-admin component component:core vektra-core component component:index vektra-index component component:ingest vektra-ingest component component:shared vektra-shared component dependencies Dependency updates documentation Improvements or additions to documentation security Security hardening and vulnerability fixes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant