Install
npm i @opengsd/gsd-core@1.3.1
# or
npm i @opengsd/gsd-core@latestWhat's Changed
Note: the auto-generated changelog came up empty because this hotfix shipped via direct commits to the hotfix branch (no merged PRs in the
v1.3.0..v1.3.1range). Manually documented below.
Fix
- Installer no longer aborts on upgrade with
applied migration checksum changed(#670, #675). Editing the body of an already-released installer migration (the v1.3.0get-shit-done→gsd-corerename) drifted its computed checksum, and the integrity guard hard-aborted every prior install on upgrade. Already-applied migrations are never re-run, so the drift is inert — the installer now detects and reconciles the drifted checksum (plan.checksumDrift) instead of aborting, and a CI baseline test locks shipped-migration checksums going forward. This was a 100%-reproducible blocker on all platforms. - Resolved a moderate
honoadvisory (GHSA-3hrh-pfw6-9m5x and related) carried in the v1.3.0 production dependency tree (bumped to 4.12.23).
Internal
- Published via npm OIDC trusted publishing with SLSA provenance; the standalone hotfix workflow was consolidated into the Release workflow.
Full Changelog: v1.3.0...v1.3.1