chore: release + packaging hygiene (v0.12.0 changelog, SECURITY.md, dependabot)#238
Open
rylinjames wants to merge 2 commits into
Open
chore: release + packaging hygiene (v0.12.0 changelog, SECURITY.md, dependabot)#238rylinjames wants to merge 2 commits into
rylinjames wants to merge 2 commits into
Conversation
…ependabot) - CHANGELOG.md: add v0.12.0 — 2026-06-03 entry summarising the Reflex → Tether rename; PyPI dist is fastcrest-tether; CLI/import are tether; reflex compat shim (DeprecationWarning) through v0.13.x, removed v0.14.0; REFLEX_* env vars mirror to TETHER_*. - SECURITY.md: new standard security policy — report to playindus@gmail.com (canonical contact from CONTRIBUTING.md), 48 h ack / 7-day SLA, latest minor supported, robot-control network endpoints flagged as high-priority. - .github/dependabot.yml: weekly pip + github-actions dependency updates. - .DS_Store: git rm --cached (was tracked; .gitignore already covers it). No discord-status / PyPI-stats script found anywhere in the repo — item 5 is a no-op (see PR description for details). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Use the brand contact (README's hello@fastcrest.com) in the public SECURITY.md rather than a personal gmail, and reference real env vars (TETHER_NO_TELEMETRY / TETHER_PRO_LICENSE) in the CHANGELOG instead of the nonexistent TETHER_LICENSE_KEY. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
v0.12.0 — 2026-06-03entry: PyPI dist renamed tofastcrest-tether, CLI/import nowtether,reflexcompat shim (DeprecationWarning) through v0.13.x and removed in v0.14.0,REFLEX_*env vars mirror toTETHER_*.playindus@gmail.com(canonical contact from CONTRIBUTING.md), 48 h acknowledgement / 7-day SLA, latest minor supported, robot-control network endpoints called out as high-priority scope.pipandgithub-actions.git rm --cached; file was tracked but already covered by.gitignore.Item 5 — discord-status / PyPI-stats script
Searched the entire repo (all
.py,.sh,.ymlfiles outside.venv/) forpypistats,pypi.org/pypi,discord,reflex-vla(as a current-stats reference), andfastcrest-tether. No such script exists in this repo. Thescripts/modal_*.pyfiles that referencereflex-vlaare intentional historical benchmark fixtures — left untouched per instructions.Test plan
## vX.Y.Z — YYYY-MM-DDformat, same tone)playindus@gmail.com).github/dependabot.ymlparses as valid YAML (yaml.safe_loadverified locally)git ls-files | grep DS_Storereturns empty after mergesrc/code,uv.lock, orDockerfile.jetpacktouched🤖 Generated with Claude Code