release: 0.5.0#13
Conversation
|
Firetiger deploy monitoring skipped This PR didn't match the auto-monitor filter configured on your GitHub connection:
Reason: This is an automated release PR with only internal bootstrap script changes, not a modification to kernel API endpoints or Temporal workflows. To monitor this PR anyway, reply with |
|
🧪 Testing To try out this version of the SDK: Expires at: Thu, 18 Jun 2026 03:01:43 GMT |
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
d3308ac to
f31252b
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| } | ||
| } | ||
| options.defaultHeaders = { ...parsed, ...options.defaultHeaders }; | ||
| } |
There was a problem hiding this comment.
Object spread breaks non-Record defaultHeaders types
Medium Severity
When HYPEMAN_CUSTOM_HEADERS is set, the new code merges env headers into options.defaultHeaders via object spread. However, HeadersLike accepts a Headers instance, an array of header tuples, or a branded NullableHeaders — none of which spread into a plain object correctly. A user-supplied Headers instance is silently dropped (no enumerable own properties); arrays produce numeric-key objects; NullableHeaders exposes its internal values/nulls/brand fields. Downstream buildHeaders/iterateHeaders then treats the result as a record and corrupts the headers.
Reviewed by Cursor Bugbot for commit f31252b. Configure here.
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
3 times, most recently
from
34cdd30 to
1e1dd24
Compare
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
2 times, most recently
from
8796aae to
2f48827
Compare
| const parsed: Record<string, string> = {}; | ||
| for (const line of customHeadersEnv.split('\n')) { | ||
| const colon = line.indexOf(':'); | ||
| if (colon >= 0) { |
There was a problem hiding this comment.
Empty header name allowed when line starts with colon
Low Severity
The HYPEMAN_CUSTOM_HEADERS parser uses colon >= 0 which accepts lines starting with :, producing a header with an empty-string name (""). Using colon > 0 would correctly skip such malformed lines, since HTTP header names cannot be empty.
Reviewed by Cursor Bugbot for commit 2f48827. Configure here.
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
2f48827 to
dd4d2d3
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 4 total unresolved issues (including 3 from previous reviews).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit dd4d2d3. Configure here.
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
dd4d2d3 to
4c8ba35
Compare
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
4c8ba35 to
76b4242
Compare
Pin all GitHub Actions referenced in generated workflows (both first-party `actions/*` and third-party) to immutable commit SHAs. Updating pinned actions is now a deliberate codegen-side bump rather than implicit on every workflow run.
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
76b4242 to
2618405
Compare
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
2618405 to
750e597
Compare
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
750e597 to
2c7bcbe
Compare
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
2c7bcbe to
9ca9e66
Compare
stainless-app
Bot
force-pushed
the
release-please--branches--main--changes--next--components--hypeman
branch
from
9ca9e66 to
8405ea9
Compare
Automated Release PR
0.5.0 (2026-05-19)
Full Changelog: v0.4.0...v0.5.0
Features
Bug Fixes
Chores
This pull request is managed by Stainless's GitHub App.
The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.
For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.
🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions
Note
Medium Risk
Medium risk due to changes in request header handling via
HYPEMAN_CUSTOM_HEADERSand post-processing of generated declaration files, which can affect runtime behavior and published types; the rest is mostly CI/tooling/version bumps.Overview
Bumps the package to v0.5.0 and updates release metadata/docs (manifest, changelog,
api.md, spec hashes).Adds new instance-related exported types in
client.ts(health checks, restart policy/status, instance health status) and allows injecting default request headers fromHYPEMAN_CUSTOM_HEADERS.Hardens build/tooling: pins GitHub Actions to SHAs, updates
tsc-multi, removeseslint-plugin-prettierin favor of runningprettierseparately (including a newprettier --checkstep inscripts/lint), improvesscripts/bootstrapenv var handling, updates formatting scripts, redactsapi-key/x-api-keyheaders in debug logs, and post-processes emitted.d.tsto fix@ts-ignoreplacement.Reviewed by Cursor Bugbot for commit 8405ea9. Bugbot is set up for automated code reviews on this repo. Configure here.