Skip to content

Hookwarden

[email protected] scope: hookwarden Maintenance

This release keeps dependencies and maintenance posture current for teams operating this tool.

Published 15d Secrets & Credentials
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

cli developer-tools hmac php python static-analysis
+4 more
security signature-verification typescript webhook-security

Summary

AI summary

Updates Patch Changes, https://github.com/Hookwarden/homebrew-tap/pull/1, and https://github.com/Hookwarden/hookwarden/issues/12 across a mixed release.

Changes in this release

Bugfix Medium

Fix v0.3.0 onion-peel bug 7 related to Homebrew formula handling.

Fix v0.3.0 onion-peel bug 7 related to Homebrew formula handling.

Source: granite4.1:30b@2026-05-25-audit

Confidence: low
Refactor Medium

Update release pipeline script `bump-homebrew.sh` for Linux-only formula shape.

Update release pipeline script `bump-homebrew.sh` for Linux-only formula shape.

Source: llm_adapter@2026-05-25

Confidence: low
Refactor Low

Drop SHA_DARWIN_ARM and SHA_DARWIN_X64 extraction from release script.

Drop SHA_DARWIN_ARM and SHA_DARWIN_X64 extraction from release script.

Source: granite4.1:30b@2026-05-25-audit

Confidence: low
Refactor Low

Replace version string replacement with releases/download URL substitution in `bump-homebrew.sh`.

Replace version string replacement with releases/download URL substitution in `bump-homebrew.sh`.

Source: granite4.1:30b@2026-05-25-audit

Confidence: low
Full changelog

Patch Changes

  • 2496be2: Release pipeline: bump-homebrew.sh updated to handle the Linux-only formula shape introduced in v0.3.0 (deferred macOS binaries; see Hookwarden/homebrew-tap#1).

    Two changes coupled to the new formula shape:

    • Drop SHA_DARWIN_ARM / SHA_DARWIN_X64 extraction (mirrors stamp-checksums.py's REQUIRED_TARGETS pattern: explicit Linux-only list, fail-fast on missing pins).
    • Replace sed -i.bak ... version "X.Y.Z" with sed -i.bak ... releases/download/vX.Y.Z — the new formula has no explicit version line (auto-derived from the top-level URL to satisfy brew audit --strict style ordering). Version updates ride the URL substring.

    No user-facing CLI changes — internal release-tooling fix. Closes the v0.3.0 onion-peel bug 7 from #12. Bugs 1–6 (negative-test coverage) will follow in a separate PR.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Hookwarden

Get notified when new releases ship.

Sign up free

About Hookwarden

All releases →

Related context

Beta — feedback welcome: [email protected]