v1.0.3: UTF-8 boundary fix + rustls-webpki security bump by jdx · Pull Request #108 · jdx/communique

jdx · 2026-04-23T16:53:25Z

A small patch release that fixes a panic when generating notes against releases with multi-byte characters in their bodies, and picks up a security fix in rustls-webpki.

Fixed

Don't panic on multi-byte chars in style-reference bodies — communique generate truncates each recent release body to 3072 bytes to keep the prompt small, but previously sliced &body[..3072] directly. If byte 3072 fell inside a multi-byte UTF-8 character (common with em-dashes, which are 3 bytes), the command would panic with byte index 3072 is not a char boundary. The truncation now walks back to the nearest char boundary before slicing, with a regression test covering the case. (#113) (@jdx)

Security

rustls-webpki bumped to 0.103.13 — Addresses RUSTSEC-2026-0104, a reachable panic in certificate revocation list parsing. Lockfile-only change. (#107) (@jdx)

Docs

Added a dismissible cross-site announcement banner and an en.dev footer to the documentation site, with follow-up polish (contrast, centering, z-index), smarter caching, and ResizeObserver-based height syncing so VitePress's nav offset stays correct on resize. (#109, #110, #111, #112) (@jdx)

gemini-code-assist

Code Review

This pull request bumps the version of the communique package from 1.0.2 to 1.0.3 across Cargo.toml, Cargo.lock, and the CHANGELOG.md. Feedback was provided regarding an inaccurate changelog entry that claims dependencies were updated when only the package version itself was changed.

gemini-code-assist · 2026-04-23T16:55:06Z

 ## Fixed

- Retry malformed `submit_release_notes` tool calls instead of aborting the run, with a cap of 3 attempts ([#105](https://github.com/jdx/communique/pull/105))
+- Bump `rustls-webpki` to 0.103.13 to address [RUSTSEC-2026-0104](https://rustsec.org/advisories/RUSTSEC-2026-0104) (reachable panic in CRL parsing) ([#107](https://github.com/jdx/communique/pull/107))


The changelog entry - update Cargo.lock dependencies appears to be inaccurate for this release. The provided diff for Cargo.lock shows that only the communique package version itself was bumped from 1.0.2 to 1.0.3, with no changes to any other dependencies. If no dependencies were actually updated, this entry should be removed or corrected to reflect the actual changes in this version.

greptile-apps · 2026-04-23T16:57:16Z

Greptile Summary

Release-plz–generated PR that cuts v1.0.3 by bumping the crate version consistently across Cargo.toml, Cargo.lock, communique.usage.kdl, docs/cli/commands.json, and docs/cli/index.md, and prepending a correctly-formatted [1.0.3] changelog section noting a UTF-8 truncation fix plus several banner-related improvements.

Confidence Score: 5/5

Safe to merge — purely release bookkeeping with no functional code changes.

All six changed files are version-string or changelog updates only. Version is consistent across every artifact. The new 1.0.3 changelog block is properly formatted. No logic, dependencies, or API surface changed in this PR.

No files require special attention.

Important Files Changed

Filename	Overview
CHANGELOG.md	Prepends a well-formed [1.0.3] section with Fixed and Other entries; blank lines and section headers are correct in the new block
Cargo.toml	Version bumped from 1.0.2 to 1.0.3; no other changes
Cargo.lock	communique package version updated to 1.0.3 in the lock file; consistent with Cargo.toml
communique.usage.kdl	Version string bumped from 1.0.2 to 1.0.3 in the KDL usage spec
docs/cli/commands.json	version field updated from 1.0.2 to 1.0.3 in the CLI commands JSON
docs/cli/index.md	Version string in the CLI documentation index updated from 1.0.2 to 1.0.3

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[release-plz detects merged PRs] --> B[Bumps version: 1.0.2 → 1.0.3]
    B --> C[Cargo.toml]
    B --> D[Cargo.lock]
    B --> E[communique.usage.kdl]
    B --> F[docs/cli/commands.json]
    B --> G[docs/cli/index.md]
    B --> H[CHANGELOG.md]
    H --> H1[Added 1.0.3 section\nFixed: UTF-8 truncation\nOther: banner improvements]

_{Reviews (6): Last reviewed commit: "[autofix.ci] apply automated fixes" | Re-trigger Greptile}

codecov · 2026-04-23T16:57:47Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.11%. Comparing base (5e74d55) to head (47b72de).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #108   +/-   ##
=======================================
  Coverage   94.11%   94.11%           
=======================================
  Files          26       26           
  Lines        4076     4076           
  Branches     4076     4076           
=======================================
  Hits         3836     3836           
  Misses        155      155           
  Partials       85       85

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

cursor

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit cd979a8. Configure here.}

jdx changed the title ~~chore: release v1.0.3~~ v1.0.3: rustls-webpki security bump Apr 23, 2026

jdx force-pushed the release-plz-2026-04-23T16-53-22Z branch from 1747562 to 2e47175 Compare April 23, 2026 16:54

gemini-code-assist Bot reviewed Apr 23, 2026

View reviewed changes