chore: release v0.11.0

[basmasking]

Fixes #778

Changes proposed in this pull request:

• bumped version
• added migration guide
• restricted workflows to access id-token

@MaskingTechnology/jitar

[coderabbitai]

Warning

Rate limit exceeded

@basmasking has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 55 minutes and 50 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 7234a429-96d4-4242-8cce-1f15c94fa4fd

📥 Commits

Reviewing files that changed from the base of the PR and between b95203d and aabd88f.

📒 Files selected for processing (2)

• .github/workflows/codeql.yml
• .github/workflows/nodejsci.yml

Walkthrough

This PR releases Jitar v0.11.0 by bumping versions across the monorepo, adding migration documentation for breaking Vite plugin configuration changes, and fixing GitHub Actions workflow permissions to explicitly set id-token: none alongside contents: read.

Changes

Release v0.11.0

Layer / File(s)	Summary
Migration guide for Vite plugin breaking changes migrations/migrate-from-0.10.x-to-0.11.0.md	Migration documentation describes removal of sourceDir, targetDir, and jitarDir configuration keys, replaced with projectRoot, sourceRoot, configurationFile, and environmentFile to support monorepo structure in the Vite plugin.
GitHub Actions workflow permission fixes .github/workflows/codeql.yml, .github/workflows/nodejsci.yml	CodeQL workflow permissons key corrected to permissions with id-token: none and contents: read; Node.js CI workflow adds explicit top-level permissions block with contents: read and id-token: none.
Monorepo package versions and plugin compatibility package.json, packages/*/package.json, tools/eslint-plugin/package.json	Root and all 25 package manifests bumped from v0.10.8 to v0.11.0; plugin-vite peer dependency updated from ^0.10.7 to ^0.11.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• MaskingTechnology/jitar#677: Performs similar coordinated version bumps across the monorepo package manifests in a previous release cycle.
• MaskingTechnology/jitar#699: Release chore that updates package version numbers and plugin compatibility across the same monorepo files.
• MaskingTechnology/jitar#642: Prior release that updated packages/plugin-vite/package.json version and peer dependency configuration.

Suggested reviewers

• petermasking

Poem

🐰 Hops with joy at version release
From point-ten to point-eleven we leap,
Workflows secured, migrations run deep,
Twenty-five packages in harmony dressed,
Vite plugin dancing its monorepo best! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Linked Issues check	❓ Inconclusive	The PR addresses issue #778 by bumping versions to 0.11.0 and adding migration documentation. Release notes preparation is not evident in code changes; only coding requirements are met.	Verify that release notes have been created separately or document their location/status in a follow-up comment.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title 'chore: release v0.11.0' directly and clearly summarizes the main change: releasing version 0.11.0 of the monorepo.
Description check	✅ Passed	The description covers required sections with all proposed changes listed: version bump, migration guide, and workflow permissions restriction. It follows the template structure.
Out of Scope Changes check	✅ Passed	All changes are within scope: version bumping across monorepo packages, workflow permission fixes, and migration guide documentation align with the 0.11.0 release objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/codeql.yml:
- Around line 14-16: The workflow has a misspelled root-level key "permissons"
which prevents the permissions block (including "contents: read" and "id-token:
none") from being applied; rename the key to "permissions" so the workflow-level
hardening takes effect and the "id-token: none" rule is enforced.

In @.github/workflows/nodejsci.yml:
- Around line 9-11: Fix the typo key "permissons" to "permissions" so the
workflow token restrictions are applied; update the key in the nodejsci.yml
block where "permissons:" appears and also make the same correction in
codeql.yml where the identical typo exists, ensuring the child keys "contents:
read" and "id-token: none" are under "permissions".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a453d7f8-8217-4cd0-b6a5-36ceb0372754

📥 Commits

Reviewing files that changed from the base of the PR and between fc90164 and b95203d.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (24)

• .github/workflows/codeql.yml
• .github/workflows/nodejsci.yml
• migrations/migrate-from-0.10.x-to-0.11.0.md
• package.json
• packages/analysis/package.json
• packages/build/package.json
• packages/cli/package.json
• packages/configuration/package.json
• packages/errors/package.json
• packages/execution/package.json
• packages/health/package.json
• packages/http/package.json
• packages/init/package.json
• packages/jitar/package.json
• packages/logging/package.json
• packages/middleware/package.json
• packages/plugin-vite/package.json
• packages/runtime/package.json
• packages/scheduling/package.json
• packages/serialization/package.json
• packages/services/package.json
• packages/sourcing/package.json
• packages/validation/package.json
• tools/eslint-plugin/package.json

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud