chore: bump version to 6.8.4

[vscarpenter]

Summary

• Bumps version 6.8.3 → 6.8.4 to reflect the dependency security fixes and updates landed in 433c36b

Context

The prior commit resolved all 10 bun audit vulnerabilities (3 high, 6 moderate, 1 low) and updated patch/minor dependencies. This PR adds the corresponding version bump that was missed.

Test plan

• bun typecheck passes
• bun audit reports 0 vulnerabilities

🤖 Generated with Claude Code

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[claude]

Code Review - PR #141: Version Bump 6.8.3 → 6.8.4

✅ Overall Assessment

This is a straightforward maintenance PR that correctly increments the patch version to reflect security fixes and dependency updates. The change is minimal, focused, and appropriate.

---

Code Quality & Best Practices ✅

Strengths:

• ✅ Single-purpose PR following semantic versioning (PATCH increment for security fixes)
• ✅ Clean, minimal change (1 line modified in package.json)
• ✅ Clear PR description explaining the context and rationale
• ✅ References the commit that warranted the version bump

Minor Observations:

• The CHANGELOG.md does not currently reflect versions beyond 6.6.2. Consider adding a 6.8.4 entry documenting the security fixes mentioned in the PR description
• The referenced commit 433c36b appears to be a merge commit SHA - consider referencing the specific dependency update commit for clearer traceability

---

Potential Issues 🔍

None identified. This is a low-risk change with no code logic modifications.

---

Performance Considerations ✅

No performance impact - version strings are metadata only.

---

Security Concerns ✅

Positive security impact: The PR description indicates this version bump corresponds to resolving 10 vulnerabilities (3 high, 6 moderate, 1 low) via bun audit fixes.

Recommendation: To validate the security improvements, the test plan should be completed:

• Confirm bun typecheck passes
• Verify bun audit reports 0 vulnerabilities

---

Test Coverage ✅

No new code to test. The test plan items are appropriate for a version bump + dependency security PR.

---

Recommendations

1. Update CHANGELOG.md - Add a 6.8.4 entry documenting the security fixes:

   ## [6.8.4] - 2026-02-13
   
   ### Security
   - Fixed 10 vulnerabilities identified by `bun audit` (3 high, 6 moderate, 1 low)
   - Updated patch/minor dependencies to secure versions

2. Complete Test Plan - Before merging, verify the checklist items to ensure:

   • TypeScript compilation succeeds
   • All security vulnerabilities are resolved

3. Consider Automation - For future version bumps, consider using tools like changeset or semantic-release to automatically update CHANGELOG and package.json together

---

Conclusion

LGTM with minor documentation suggestion. The version bump is correct and the PR is ready to merge once the test plan is validated. The only enhancement would be updating the CHANGELOG to maintain a complete version history.

Approval Status: ✅ Approved (pending test plan completion)

---

Review conducted following CLAUDE.md standards and coding-standards.md guidelines