From 54b6d5ca681773c4583812e1b9177fc7a2625f99 Mon Sep 17 00:00:00 2001 From: "pr-automation-bot-public[bot]" Date: Fri, 26 Jun 2026 14:48:42 +0000 Subject: [PATCH 1/2] chore: release v1.0.2 --- CHANGELOG.md | 2 ++ Cargo.lock | 10 +++++----- Cargo.toml | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1a4eac8c..d0012cc2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ bump. Currently experimental: sync plugins. # Unreleased +# v1.0.2 + # v1.0.1 * feat: `icp identity import` can now be used with a `--delegation` flag to import a delegated identity. This is most useful for containers or other internal-only delegations; for anything involving a network, `icp identity delegation request` remains the recommended way to work with delegations. diff --git a/Cargo.lock b/Cargo.lock index 01e1e5af..3e3cc534 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3652,7 +3652,7 @@ dependencies = [ [[package]] name = "icp" -version = "1.0.1" +version = "1.0.2" dependencies = [ "async-dropper", "async-trait", @@ -3727,7 +3727,7 @@ dependencies = [ [[package]] name = "icp-canister-interfaces" -version = "1.0.1" +version = "1.0.2" dependencies = [ "bigdecimal", "candid", @@ -3737,7 +3737,7 @@ dependencies = [ [[package]] name = "icp-cli" -version = "1.0.1" +version = "1.0.2" dependencies = [ "anstyle", "anyhow", @@ -3817,7 +3817,7 @@ dependencies = [ [[package]] name = "icp-sync-plugin" -version = "1.0.1" +version = "1.0.2" dependencies = [ "async-trait", "bytes", @@ -6367,7 +6367,7 @@ dependencies = [ [[package]] name = "schema-gen" -version = "1.0.1" +version = "1.0.2" dependencies = [ "icp", "schemars", diff --git a/Cargo.toml b/Cargo.toml index a62b9f0b..098f52c6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,7 +8,7 @@ resolver = "3" [workspace.package] authors = ["DFINITY Stiftung "] edition = "2024" -version = "1.0.1" +version = "1.0.2" repository = "https://github.com/dfinity/icp-cli" rust-version = "1.88.0" license = "Apache-2.0" From 539fce46f8c69e11dc2fd69cda2ab2c3fd4837d9 Mon Sep 17 00:00:00 2001 From: Adam Spofford Date: Fri, 26 Jun 2026 08:57:24 -0700 Subject: [PATCH 2/2] Swap experimental --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa86dd4f..0ffe5214 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,18 +2,18 @@ Convention: changes to experimental features live in a dedicated `## Experimental` subsection under each version. Experimental features may receive breaking changes between releases without a major version -bump. Currently experimental: sync plugins. +bump. Currently experimental: project bundling --> # Unreleased # v1.0.2 -* fixe(bundle): path validation use parent-dir analysis without canonicalize. +* feat(sync-plugin): `plugin` sync steps now reject any `dirs`/`files` entry that is, or traverses, a symlink. Together with the existing relative-path and `..` checks, this keeps a declared path from resolving to a target outside the canister directory. The restriction may be relaxed in a future release if a safe use case emerges. ## Experimental -* feat(sync-plugin): `plugin` sync steps now reject any `dirs`/`files` entry that is, or traverses, a symlink. Together with the existing relative-path and `..` checks, this keeps a declared path from resolving to a target outside the canister directory. The restriction may be relaxed in a future release if a safe use case emerges. +* fix(bundle): path validation use parent-dir analysis without canonicalize. # v1.0.1