docs: update release timestamp and changelog#125
Conversation
github-actions
bot
added
the
documentation
There was a problem hiding this comment.
Pull request overview
This PR adds automated security batch update timestamps to the CHANGELOG.md file as part of the DependabotSecureFlow automation. However, the implementation has critical issues that violate changelog best practices by modifying already-released version sections.
Changes:
- Adds timestamp entry "2026-02-18 19:55 UTC: Automated Security Batch Update (DependabotSecureFlow)" to multiple sections in CHANGELOG.md
- Incorrectly modifies immutable released version sections (1.1.0, 1.2.0, 1.0.0) in addition to the [Unreleased] section
- Adds entry to a duplicate [Unreleased] section at line 173
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| ## [1.1.0] - 2026-01-31 | ||
| ### Added | ||
| - **2026-02-18 19:55 UTC**: Automated Security Batch Update (DependabotSecureFlow) |
There was a problem hiding this comment.
Security update entries dated 2026-02-18 19:55 UTC should not be added to already-released version [1.1.0] which was released on 2026-01-31. Released versions in a changelog should be immutable - all new changes should only be added to the [Unreleased] section. The sed command in the workflow at .github/workflows/dependabot-secure-flow.yaml:132 needs to be modified to only add entries to the first [Unreleased] section, not all "### Added" sections.
|
|
||
| ## [1.2.0] - 2026-02-01 | ||
| ### Added | ||
| - **2026-02-18 19:55 UTC**: Automated Security Batch Update (DependabotSecureFlow) |
There was a problem hiding this comment.
Security update entries dated 2026-02-18 19:55 UTC should not be added to already-released version [1.2.0] which was released on 2026-02-01. Released versions in a changelog should be immutable - all new changes should only be added to the [Unreleased] section. The sed command in the workflow at .github/workflows/dependabot-secure-flow.yaml:132 needs to be modified to only add entries to the first [Unreleased] section, not all "### Added" sections.
|
|
||
| ## [1.0.0] - 2025-12-10 | ||
| ### Added | ||
| - **2026-02-18 19:55 UTC**: Automated Security Batch Update (DependabotSecureFlow) |
There was a problem hiding this comment.
Security update entries dated 2026-02-18 19:55 UTC should not be added to already-released version [1.0.0] which was released on 2025-12-10. Released versions in a changelog should be immutable - all new changes should only be added to the [Unreleased] section. The sed command in the workflow at .github/workflows/dependabot-secure-flow.yaml:132 needs to be modified to only add entries to the first [Unreleased] section, not all "### Added" sections.
| @@ -168,6 +172,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 | |||
|
|
|||
| ## [Unreleased] - 2026-02-16 | |||
There was a problem hiding this comment.
There appears to be a duplicate [Unreleased] section at line 173 (dated 2026-02-16) in addition to the primary [Unreleased] section at line 8. Having multiple [Unreleased] sections violates the Keep a Changelog format and will cause confusion. Only one [Unreleased] section should exist at the top of the changelog.
| ## [Unreleased] - 2026-02-16 | |
| ## [1.1.0] - 2026-02-16 |
Continue Tasks:▶️ 1 queued — View all