Bump NEXT_CHANGELOG to v1.0.0 and add SECURITY.md support policy#5277
Closed
simonfaltum wants to merge 1 commit into
Closed
Bump NEXT_CHANGELOG to v1.0.0 and add SECURITY.md support policy#5277simonfaltum wants to merge 1 commit into
simonfaltum wants to merge 1 commit into
Conversation
Mark the upcoming release as v1.0.0 (first major / GA) and document the support window for the 0.299.x line. Co-authored-by: Isaac
simonfaltum
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
simonfaltum
temporarily deployed
to
test-trigger-is
GitHub Actions
Inactive
andrewnester
approved these changes
May 20, 2026
Member
Author
|
These changes will be moved to another PR, where we also update the README so have everything done in one go. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
The next CLI release is v1.0.0, the first generally available major release (the previous shipped release was v0.299.2;
v0.300.0was only a placeholder inNEXT_CHANGELOG.md, never released). The release notes need to reflect the v1.0 milestone, andSECURITY.mdneeds to document how long the 0.x line will continue to receive patches so users have a clear migration window.Changes
Before:
NEXT_CHANGELOG.mdheaded the next release asv0.300.0(placeholder) with no GA messaging.SECURITY.mdonly had a one-line vulnerability reporting paragraph; no statement of which versions are supported.Now:
NEXT_CHANGELOG.mdheads the next release asv1.0.0(jumping from the v0.299.2 released line) and opens Notable Changes with a one-line GA statement: first major release, semver from here on, 0.299.x continues to get security-critical patches through June 2027 with a pointer to SECURITY.md.SECURITY.mdgets a Supported Versions table at the top: 1.x (full support), 0.299.x (security-critical patches only, through June 2027), < 0.299 (not supported), plus a short paragraph explaining the policy.Conflicts likely with #5272 (also touches
NEXT_CHANGELOG.mdNotable Changes). Whichever lands first, the other rebases.Test plan
./task checksclean (tidy, whitespace, links, deadcode).This pull request and its description were written by Claude.