docs: bump version to 2.1.2 in README.md#134
Conversation
Release-As: 3.0.0
🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <[email protected]>
There was a problem hiding this comment.
Pull request overview
This pull request updates the documentation to reflect version 2.1.2 and adds automation tooling for future version bumps. The changes ensure that the README.md usage example references the current version and provide instructions for automating version updates.
- Updated GitHub Action version reference in usage example from v2.1.1 to v2.1.2
- Added new automation command documentation for streamlining version bump process in README.md
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| README.md | Updated the GitHub Action version reference in the usage example from v2.1.1 to v2.1.2 to match the current package version |
| .claude/commands/bump-readme-ver.md | Added new automation command documentation that provides step-by-step instructions for updating README.md version based on package.json |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: toshimaru/[email protected].1 | ||
| - uses: toshimaru/[email protected].2 |
There was a problem hiding this comment.
The workflow example uses a third-party GitHub Action toshimaru/auto-author-assign pinned only to a mutable tag (v2.1.2), which allows an upstream compromise or tag rebind to inject arbitrary code into your CI with access to GITHUB_TOKEN and any exposed secrets. An attacker who gains control over that action repository could change the tag to run malicious code in your workflows, leading to repository takeover or secret exfiltration. To reduce this supply chain risk, pin the action to a specific commit SHA and update it deliberately when you choose to trust a new version.
This pull request introduces a documentation update and a minor workflow improvement. The main changes include instructions for automating version bumps in the
README.mdand updating a GitHub Action to its latest version.Documentation automation:
.claude/commands/bump-readme-ver.mddetailing steps to automatically update the version inREADME.mdbased on thepackage.jsonversion, including error handling ifpackage.jsonis missing.Workflow maintenance:
auto-author-assignGitHub Action inREADME.mdfrom versionv2.1.1tov2.1.2to ensure the workflow uses the latest improvements and fixes.