Merge main to branch

Author: phillipc

.changeset/config.json

@@ -2,7 +2,37 @@
   "$schema": "https://unpkg.com/@changesets/config@3.1.3/schema.json",
   "changelog": "@changesets/cli/changelog",
   "commit": false,
-  "fixed": [],
+  "fixed": [
+    [
+      "@tko/bind",
+      "@tko/binding.component",
+      "@tko/binding.core",
+      "@tko/binding.foreach",
+      "@tko/binding.if",
+      "@tko/binding.template",
+      "@tko/build.knockout",
+      "@tko/build.reference",
+      "@tko/builder",
+      "@tko/computed",
+      "@tko/filter.punches",
+      "@tko/lifecycle",
+      "@tko/observable",
+      "@tko/provider",
+      "@tko/provider.attr",
+      "@tko/provider.bindingstring",
+      "@tko/provider.component",
+      "@tko/provider.databind",
+      "@tko/provider.multi",
+      "@tko/provider.mustache",
+      "@tko/provider.native",
+      "@tko/provider.virtual",
+      "@tko/utils",
+      "@tko/utils.component",
+      "@tko/utils.functionrewrite",
+      "@tko/utils.jsx",
+      "@tko/utils.parser"
+    ]
+  ],
   "linked": [],
   "access": "public",
   "baseBranch": "main",

.github/dependabot.yml

@@ -7,6 +7,9 @@ updates:
       interval: weekly
       day: monday
     open-pull-requests-limit: 10
+    ignore:
+      # package will be removed
+      - dependency-name: "*jasmine*"
     groups:
       # Group minor/patch devDependency updates into a single PR
       dev-dependencies:

.github/workflows/deploy-docs.yml

@@ -22,10 +22,10 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Setup Pages
-        uses: actions/configure-pages@v5
+        uses: actions/configure-pages@v6
 
       - name: Setup Node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: 22
           cache: npm

.github/workflows/electron.yaml

@@ -19,7 +19,7 @@ jobs:
 
     steps:
     - uses: actions/checkout@v6
-    - uses: actions/setup-node@v4
+    - uses: actions/setup-node@v6
       with:
         node-version: 22
     - run: sudo apt-get install xvfb

.github/workflows/github-release.yml

@@ -0,0 +1,87 @@
+name: Backfill GitHub Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      target_sha:
+        description: Published main commit SHA to tag and release
+        required: true
+        type: string
+
+jobs:
+  backfill-github-release:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout published commit
+        # actions/checkout v6.0.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          ref: ${{ inputs.target_sha }}
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Validate target commit and determine release version
+        id: version
+        env:
+          TARGET_SHA: ${{ inputs.target_sha }}
+        run: |
+          git fetch origin main --depth=1
+
+          if ! git merge-base --is-ancestor "$TARGET_SHA" "origin/main"; then
+            echo "Target SHA $TARGET_SHA is not reachable from origin/main." >&2
+            exit 1
+          fi
+
+          version="$(node tools/release-version.cjs)"
+          echo "version=$version" >> "$GITHUB_OUTPUT"
+
+      - name: Verify published npm version exists
+        env:
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          npm view "@tko/build.reference@$VERSION" version --registry=https://registry.npmjs.org >/dev/null
+
+      - name: Backfill GitHub release if missing
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VERSION: ${{ steps.version.outputs.version }}
+          TARGET_SHA: ${{ inputs.target_sha }}
+        run: |
+          tag="v${VERSION}"
+
+          if gh release view "$tag" --repo "$GITHUB_REPOSITORY" >/dev/null 2>&1; then
+            object_type="$(gh api "repos/$GITHUB_REPOSITORY/git/ref/tags/$tag" --jq '.object.type')"
+            object_sha="$(gh api "repos/$GITHUB_REPOSITORY/git/ref/tags/$tag" --jq '.object.sha')"
+
+            if [ "$object_type" = "tag" ]; then
+              existing_target="$(gh api "repos/$GITHUB_REPOSITORY/git/tags/$object_sha" --jq '.object.sha')"
+            else
+              existing_target="$object_sha"
+            fi
+
+            if [ "$existing_target" = "$TARGET_SHA" ]; then
+              echo "GitHub release $tag already exists on $TARGET_SHA; nothing to do."
+              exit 0
+            fi
+
+            echo "GitHub release $tag already exists on $existing_target, expected $TARGET_SHA." >&2
+            exit 1
+          fi
+
+          prerelease_flag=""
+          case "$VERSION" in
+            *-alpha*|*-beta*|*-rc*)
+              prerelease_flag="--prerelease"
+              ;;
+          esac
+
+          gh release create "$tag" \
+            --repo "$GITHUB_REPOSITORY" \
+            --target "$TARGET_SHA" \
+            --title "TKO ${VERSION}" \
+            --generate-notes \
+            $prerelease_flag

.github/workflows/lint-and-typecheck.yml

@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: 22.x
           cache: 'npm'

.github/workflows/main-build.yml

@@ -14,23 +14,23 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [22.x]
+        node-version: [24.x]
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v6
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ matrix.node-version }}
           cache: 'npm'
 
       - name: Install dependencies
         run: npm install
 
-      - name: Audit for vulnerabilities
-        run: npm audit --audit-level=high
+      - name: Audit for vulnerabilities (prod-mode)
+        run: npm audit --audit-level=high --production
 
       - name: Run Build
         run: make

.github/workflows/publish-check.yml

@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: 22.x
           cache: 'npm'