Skip to content

chore(main): release 1.28.0#16

Open
github-actions[bot] wants to merge 1 commit into
mainfrom
release-please--branches--main
Open

chore(main): release 1.28.0#16
github-actions[bot] wants to merge 1 commit into
mainfrom
release-please--branches--main

Conversation

@github-actions

@github-actions github-actions Bot commented May 11, 2026
edited
Loading

Copy link
Copy Markdown

🤖 I have created a release beep boop

1.28.0 (2026-05-12)

Features

  • sdk: implement layered @lithosphere/blockchain-core + @lithosphere/sdk (4701d55)

Bug Fixes

  • ci: build sdk-template's workspace deps before the template itself (08c29ee)
  • ci: quote Slither step name — colon broke YAML parser (04ba66d)
  • deploy: reach indexer /version via docker exec, not host curl (6e02878)
  • explorer: revert OTel instrumentation to unblock deploys (a9d2a6d)
  • forge: profile selection via FOUNDRY_PROFILE env, not --profile flag (d5c1971)
  • indexer: bind /version + /health before DB wait (f0aff8f)
  • integration: add sslmode=disable to test DATABASE_URL (133c417)
  • slither: also convert printers_to_run + detectors_to_exclude to strings (67a4053)
  • slither: filter_paths must be a comma-separated string, not a list (8111e19)

Security

  • bump explorer's @coinbase/wallet-sdk to 4.3.7 (was 4.0.3 via web3modal) (e9a1e8e)
  • images: strip bundled npm from api/indexer/explorer runner stages (af4a18d)
  • p10: add pre-construction path check for CodeQL js/request-forgery (a01f4dc)
  • p10: close remaining 12 CodeQL alerts (4 fixed, 8 dismissed) (38649a3)
  • p10: CodeQL SAST for the JS/TS surface (84bbbf0)
  • p10: license allow/deny policy + CI gate (a625789)
  • p10: make sanitizeForLog match CodeQL's recognised sanitizer pattern (5201549)
  • p10: SLSA Build L2 build-provenance attestation on published images (5410d66)
  • p10: triage CodeQL first-scan — fix 8/23 at source (ae2c0c7)
  • p7: flip production Slither from advisory to blocking (1e82620)
  • p7: run Slither against production contracts, not just template (22aa7a6)

Observability

  • p9: Cost dashboard — VPS spend visibility for operators (25902f5)
  • p9: explorer instrumentation.ts + /api/version (f8109de)
  • p9: HTTP request metrics + SLO Grafana dashboard (635cbd9)
  • p9: propagate build metadata commit -> image -> running container (20f0233)
  • p9: structured JSON logging + request-id correlation (8bf7fda)
  • p9: wire env-gated OpenTelemetry SDK in api + indexer (ebc449d)

Deployment

  • p3: Cosign + SLSA verify pre-check in deploy-simple (7e5e57d)
  • p4: formal approval flow + post-deploy SHA verification (70263ee)

Developer Experience

  • p5: make integration-test — one-command local integration suite (fb84877)
  • p8: GraphQL schema artifact + drift gate (216f26f)
  • p8: OpenAPI REST artifact + drift gate (f32d511)

SDK

  • p8: refresh sdk-template scaffold to consume @lithosphere/sdk (ad0bc5b)

This PR was generated with Release Please. See documentation.

@github-actions github-actions Bot force-pushed the release-please--branches--main branch 17 times, most recently from 83b852d to 14f9607 Compare May 12, 2026 08:21
@github-actions github-actions Bot force-pushed the release-please--branches--main branch from 14f9607 to 4b2a3c1 Compare May 12, 2026 08:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

autorelease: pending

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants