release: 0.5.0#13
Conversation
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: This is an automated release PR with only internal bootstrap script changes, not a modification to kernel API endpoints or Temporal workflows. To monitor this PR anyway, reply with |
|
🧪 Testing To try out this version of the SDK: Expires at: Fri, 12 Jun 2026 03:05:30 GMT |
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
d3308ac to
f31252b
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| } | ||
| } | ||
| options.defaultHeaders = { ...parsed, ...options.defaultHeaders }; | ||
| } |
There was a problem hiding this comment.
Object spread breaks non-Record defaultHeaders types
Medium Severity
When HYPEMAN_CUSTOM_HEADERS is set, the new code merges env headers into options.defaultHeaders via object spread. However, HeadersLike accepts a Headers instance, an array of header tuples, or a branded NullableHeaders — none of which spread into a plain object correctly. A user-supplied Headers instance is silently dropped (no enumerable own properties); arrays produce numeric-key objects; NullableHeaders exposes its internal values/nulls/brand fields. Downstream buildHeaders/iterateHeaders then treats the result as a record and corrupts the headers.
Reviewed by Cursor Bugbot for commit f31252b. Configure here.
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
3 times, most recently
from
34cdd30 to
1e1dd24
Compare
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
2 times, most recently
from
8796aae to
2f48827
Compare
| const parsed: Record<string, string> = {}; | ||
| for (const line of customHeadersEnv.split('\n')) { | ||
| const colon = line.indexOf(':'); | ||
| if (colon >= 0) { |
There was a problem hiding this comment.
Empty header name allowed when line starts with colon
Low Severity
The HYPEMAN_CUSTOM_HEADERS parser uses colon >= 0 which accepts lines starting with :, producing a header with an empty-string name (""). Using colon > 0 would correctly skip such malformed lines, since HTTP header names cannot be empty.
Reviewed by Cursor Bugbot for commit 2f48827. Configure here.
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
2f48827 to
dd4d2d3
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 4 total unresolved issues (including 3 from previous reviews).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit dd4d2d3. Configure here.
| # format things eslint didn't | ||
| PRETTIER_FILES="$(grep '\.\(js\|json\)$' "$FILE_LIST" || true)" | ||
| if ! [ -z "$PRETTIER_FILES" ]; then | ||
| echo "$PRETTIER_FILES" | xargs ./node_modules/.bin/prettier \ |
There was a problem hiding this comment.
Guard condition in fast-format is always true
Low Severity
The condition ! [ -z "$FILE_LIST" ] checks whether the FILE_LIST variable (a file path string) is non-empty. Since FILE_LIST is assigned from $1 on line 18 and its existence is validated on lines 22–25, this check is always true at this point — making the if guard meaningless. The old code correctly checked whether $PRETTIER_FILES (the grep output) had content. This could be replaced with a check on the file's contents, e.g. [ -s "$FILE_LIST" ], to match the pattern used for $ESLINT_FILES above.
Reviewed by Cursor Bugbot for commit dd4d2d3. Configure here.
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
dd4d2d3 to
4c8ba35
Compare
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
4c8ba35 to
76b4242
Compare
Pin all GitHub Actions referenced in generated workflows (both first-party `actions/*` and third-party) to immutable commit SHAs. Updating pinned actions is now a deliberate codegen-side bump rather than implicit on every workflow run.
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
76b4242 to
2618405
Compare
Automated Release PR
0.5.0 (2026-05-13)
Full Changelog: v0.4.0...v0.5.0
Features
Bug Fixes
Chores
This pull request is managed by Stainless's GitHub App.
The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.
For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.
🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions
Note
Medium Risk
Moderate risk: changes request construction via env-provided default headers and expands log redaction, plus tooling/CI tweaks that can affect build/lint behavior.
Overview
Bumps the SDK to v0.5.0 (manifest/package/version files) and updates OpenAPI/codegen artifacts (including new
Instancefields forcurrent_phase,current_phase_since, andphase_durations_ms).Adds support for setting default request headers via
HYPEMAN_CUSTOM_HEADERSand expands debug log redaction to maskapi-key/x-api-keyheaders.Refactors formatting/linting workflow to run Prettier separately (dropping
eslint-plugin-prettier), adjusts formatting scripts, makesscripts/bootstrapmore robust aroundSKIP_BREW, and pins GitHub Actions to specific SHAs in CI/publish workflows.Reviewed by Cursor Bugbot for commit 2618405. Bugbot is set up for automated code reviews on this repo. Configure here.