This release fixes issues for SREs watching stability and regressions.
✓ No known CVEs patched in this version
Topics
+13 more
Summary
AI summaryFixed aegis ci failing on projects without a recognized lockfile, now it passes cleanly with an info message.
Full changelog
aegis-cli v0.7.1
Supply-chain security CLI for npm / bun / yarn / pnpm.
Verifying releases
All artifacts are checksummed (checksums.txt) and the checksums file
is signed via cosign keyless OIDC. To verify:
cosign verify-blob \
--certificate-identity-regexp 'https://github.com/qwexvf/aegis-cli/.github/workflows/release.yml.*' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--certificate checksums.txt.pem \
--signature checksums.txt.sig \
checksums.txt
sha256sum -c checksums.txt
SLSA build provenance is attached to every artifact and can be
verified with gh attestation verify <file> --owner qwexvf.
Fixed
aegis cion no-lockfile projects — running on a directory without a recognised lockfile (e.g. monorepo roots where lockfiles live in subdirectories) used to printci: snapshot vanished after save (this is a bug)and exit 1. Now PASSes cleanly with 0 deps and a clear info message ("no lockfile found in /path"). Regression test added so this stays fixed.
Apache-2.0 — see LICENSE.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About qwexvf/aegis-cli
All releases →Related context
Beta — feedback welcome: [email protected]