Update CHANGELOG with security updates and patch info

[HackingRepo]

PR Summary by Qodo

Document 1.0.5 security patch in CHANGELOG
📝 Documentation 🕐 Less than 5 minutes

Walkthroughs

Description

• Add a new 1.0.5 release entry to the CHANGELOG.
• Document the GHSA-5846-7qm3-r52j security fix for the new patch release.

High-Level Assessment

The approach is appropriate for this change: recording the new security patch release in the changelog. The only minor follow-up to consider (optional) is keeping formatting consistent (e.g., link the GHSA advisory and standardize wording across entries), but no alternative implementation is needed.

File Changes

Documentation (1)

CHANGELOG.md Add 1.0.5 section with GHSA security fix +5/-0

Add 1.0.5 section with GHSA security fix

• Adds a new 1.0.5 release section to the changelog. Documents a security update referencing GHSA-5846-7qm3-r52j.

CHANGELOG.md

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (2) 📘 Rule violations (0)

1. Version/changelog inconsistency 🐞 Bug ⚙ Maintainability

Description

CHANGELOG.md now documents a 1.0.5 release, but package.json still declares version 1.0.3, creating
an inconsistent source of truth for the current release version. This can confuse
consumers/maintainers about what version is actually published vs. what is documented as released.

Code

CHANGELOG.md[R33-34]

+## 1.0.5
+

Evidence

The changelog adds a new 1.0.5 section, while the package metadata still declares 1.0.3, so the
documented latest version and the package’s declared version diverge.

CHANGELOG.md[33-36]
package.json[1-6]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`CHANGELOG.md` includes a `## 1.0.5` release section, but `package.json` still reports version `1.0.3`. This makes the repository’s release documentation inconsistent with the package metadata.

## Issue Context
If `1.0.5` is intended to be released/published, `package.json` should be bumped accordingly. If `1.0.5` is not yet released, the changelog should clarify that it is unreleased (or avoid adding the section until release).

## Fix Focus Areas
- CHANGELOG.md[33-36]
- package.json[1-6]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Unclear security bullet text 🐞 Bug ⚙ Maintainability

Description

The new 1.0.5 security changelog bullet uses grammatically incorrect and unclear wording ("Fix
Claude Mythos finded"), reducing the clarity of what was fixed. It also diverges from the
established phrasing used by prior GHSA entries in the same file.

Code

CHANGELOG.md[R35-36]

+⚠️ Security Updates:
+- Fix Claude Mythos finded GHSA-5846-7qm3-r52j

Evidence

Earlier GHSA changelog bullets use the - Fix GHSA-... vuln pattern, while the new entry adds
unclear extra words and omits the prior consistent phrasing.

CHANGELOG.md[16-20]
CHANGELOG.md[25-29]
CHANGELOG.md[33-36]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The `1.0.5` security entry is unclear/grammatically incorrect and inconsistent with previous GHSA entries, which makes the changelog harder to read and less professional.

## Issue Context
Earlier security entries use a consistent, concise pattern like `- Fix GHSA-... vuln`.

## Fix Focus Areas
- CHANGELOG.md[35-36]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

[codacy-production]

Not up to standards ⛔

🔴 Issues 1 minor

Alerts:
⚠ 1 issue (≤ 0 issues of at least minor severity)

Results:
1 new issue

Category	Results
CodeStyle	1 minor

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}