Skip to content

Release: 3 features, 4 fixes, 1 test, 4 chores → Main#7530

Merged
h0lybyte merged 12 commits intomainfrom
dev
Mar 2, 2026
Merged

Release: 3 features, 4 fixes, 1 test, 4 chores → Main#7530
h0lybyte merged 12 commits intomainfrom
dev

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 2, 2026
edited
Loading

Release: Dev → Main

12 atomic commits ready for main

Features

Bug Fixes

Tests

Chores

This PR is automatically maintained by CI

@h0lybyte
feat(discordsh): session TTL, combat improvements, and UI fixes (#7528)
4aad9e2 
* feat(discordsh): session TTL, combat improvements, and UI fixes

- Increase session TTL from 10 minutes to 2 hours
- Remove WaitingForActions phase: party combat resolves immediately
  with auto-defend for inactive members
- Add Warrior charge: first attack deals +4 bonus damage and stuns
- Add Rogue ambush flavor text on first attack crit
- Hide direction buttons in City at game start (turn 0)
- Add flavor text for auto-defended party members

* feat(discordsh): add class-specific combat procs and buffs

Warrior: Battle Fury (15% Sharpened), Iron Resolve (12% Shielded)
Rogue: Envenom (20% Poison enemy), Shadow Step (10% Shielded)
Cleric: Blessing of Light (20% Shielded on attack),
        Holy Smite (15% Weaken enemy),
        Prayer of Healing (25% heal 5-10 HP on defend)
@github-project-automation github-project-automation bot moved this to Review in KBVE Mar 2, 2026
@h0lybyte
fix(axum-kbve): add apt-get upgrade to Dockerfile.base to pass Trivy …
64f2a59 
…scan (#7529)

The base image was missing apt-get upgrade -y in the chef stage, leaving
79 Debian vulnerabilities unfixed. This matches the discordsh Dockerfile.base
pattern and patches HIGH/CRITICAL OS-level CVEs that Trivy flags.
@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 2, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 6 package(s) with unknown licenses.
See the Details below.

License Issues

.github/workflows/ci-mc-headless-e2e.yml

PackageVersionLicenseIssue Type
actions/setup-java5.*.*NullUnknown License
actions/upload-artifact7.*.*NullUnknown License

.github/workflows/utils-godot-itch-build-pipeline.yml

PackageVersionLicenseIssue Type
actions/download-artifact8.*.*NullUnknown License
actions/upload-artifact7.*.*NullUnknown License

.github/workflows/utils-unity-azure-deployment.yml

PackageVersionLicenseIssue Type
actions/download-artifact8.*.*NullUnknown License
actions/upload-artifact7.*.*NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/setup-java 5.*.* 🟢 5.7
Details
CheckScoreReason
Maintained🟢 68 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 9SAST tool is not run on all commits -- score normalized to 9
actions/actions/upload-artifact 7.*.* 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1027 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/download-artifact 8.*.* 🟢 6.1
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 10all changesets reviewed
Maintained🟢 1017 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 9SAST tool detected but not run on all commits
actions/actions/upload-artifact 7.*.* 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1027 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/download-artifact 8.*.* 🟢 6.1
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 10all changesets reviewed
Maintained🟢 1017 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 9SAST tool detected but not run on all commits
actions/actions/upload-artifact 7.*.* 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1027 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • .github/workflows/ci-mc-headless-e2e.yml
  • .github/workflows/utils-godot-itch-build-pipeline.yml
  • .github/workflows/utils-unity-azure-deployment.yml

@github-actions github-actions bot changed the title Release: 1 feature → Main Release: 1 feature, 1 fix → Main Mar 2, 2026
@dependabot
chore(deps): bump actions/download-artifact from 4 to 8 (#7531)
4efe823 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 8.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v4...v8)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@h0lybyte h0lybyte self-requested a review as a code owner March 2, 2026 06:04
@github-actions @h0lybyte
fix(laser): add missing README.md to unblock npm publish (#7533)
ef223b6 
Co-authored-by: Al @h0lybyte <5599058+h0lybyte@users.noreply.github.com>
@github-actions github-actions bot changed the title Release: 1 feature, 1 fix → Main Release: 1 feature, 2 fixes, 1 chore → Main Mar 2, 2026
@dependabot
chore(deps): bump actions/setup-java from 4 to 5 (#7532)
712ad42 
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4 to 5.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@github-actions github-actions bot changed the title Release: 1 feature, 2 fixes, 1 chore → Main Release: 1 feature, 2 fixes, 2 chores → Main Mar 2, 2026
@dependabot
chore(deps): bump actions/upload-artifact from 4 to 7 (#7534)
cad9296 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@github-actions github-actions bot changed the title Release: 1 feature, 2 fixes, 2 chores → Main Release: 1 feature, 2 fixes, 3 chores → Main Mar 2, 2026
@dependabot
chore(deps): bump imjasonh/setup-crane from 0.4 to 0.5 (#7535)
3a7f0d2 
Bumps [imjasonh/setup-crane](https://github.com/imjasonh/setup-crane) from 0.4 to 0.5.
- [Release notes](https://github.com/imjasonh/setup-crane/releases)
- [Commits](imjasonh/setup-crane@v0.4...v0.5)

---
updated-dependencies:
- dependency-name: imjasonh/setup-crane
  dependency-version: '0.5'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@github-actions github-actions bot changed the title Release: 1 feature, 2 fixes, 3 chores → Main Release: 1 feature, 2 fixes, 4 chores → Main Mar 2, 2026
@h0lybyte
feat(memes): polish UI — auth page, feed cards, navigation (#7542)
beabc24 
- Replace bare auth redirect with proper sign-in page using OAuth providers
- Improve MemeCard layout: constrained image, rounded corners, frosted-glass overlay
- Add glass-morphism background to ReactionBar for visibility on any image
- Update FeedSkeleton to match revised card layout
- Replace dead /dashboard nav link with /feed (Flame icon)
- Remove dead /dashboard and /settings from user menu
@github-actions github-actions bot changed the title Release: 1 feature, 2 fixes, 4 chores → Main Release: 2 features, 2 fixes, 4 chores → Main Mar 2, 2026
@h0lybyte
fix(astro-kbve): add @kbve/laser tsconfig path for dev resolution (#7543
9248590 
)

The tsconfig.json had path mappings for @kbve/astro and @kbve/droid but
not @kbve/laser, so Vite could not resolve the package during dev since
the built output (laser.es.js) does not exist locally.
@github-actions github-actions bot changed the title Release: 2 features, 2 fixes, 4 chores → Main Release: 2 features, 3 fixes, 4 chores → Main Mar 2, 2026
@h0lybyte
feat(discordsh): initiative system and monster expansion (#7544)
ed65f11 
* feat(discordsh): initiative system, 9 new monsters, charge/ambush rebalance

Add first-strike mechanic where certain monsters attack before the player
on the first turn of combat. Warrior charge and Rogue ambush reduced from
100% to 50% proc rate and blocked entirely against first-strike enemies.

New monsters across all tiers: Cave Spider, Crumbling Statue, Shade Stalker,
Fungal Brute, Ember Wisp, Glass Assassin, Venomfang Lurker, Crystal Golem,
and The Shattered King boss. Multi-enemy spawns expanded at higher depths
with up to 3 enemies at room 5.

* fix(discordsh): clear player effects in armor test to prevent Battle Fury flake

Warrior's Battle Fury proc (15% Sharpened) could carry over between
attack iterations, inflating damage beyond the expected base range.
@github-actions github-actions bot changed the title Release: 2 features, 3 fixes, 4 chores → Main Release: 3 features, 3 fixes, 4 chores → Main Mar 2, 2026
@h0lybyte
test(laser): add hook unit tests and lifecycle e2e coverage (#7545)
2595bca 
* test(laser): add unit tests for hooks and expand PhaserGame/e2e coverage

Add tests for usePhaserGame, usePhaserEvent, and useGameLoop hooks.
Expand PhaserGame tests with callback, dimension, and context coverage.
Add lifecycle e2e tests for mount/unmount/remount scenarios.

* fix(laser): remove unused imports flagged by CodeQL
@github-actions github-actions bot changed the title Release: 3 features, 3 fixes, 4 chores → Main Release: 3 features, 3 fixes, 1 test, 4 chores → Main Mar 2, 2026
@h0lybyte
fix(ci): stop canceling in-progress runs on new commits (#7546)
1ff12c2 
Change cancel-in-progress from true to false on ci-dev and ci-atom
workflows. GitHub Actions queues at most one pending run per
concurrency group, so rapid commits (A,B,C,D) now behave as:
A runs, B+C are superseded in the queue, D runs after A finishes.
This avoids wasting CI minutes restarting nearly-complete runs.
@github-actions github-actions bot changed the title Release: 3 features, 3 fixes, 1 test, 4 chores → Main Release: 3 features, 4 fixes, 1 test, 4 chores → Main Mar 2, 2026
@h0lybyte h0lybyte merged commit 49e2847 into main Mar 2, 2026
16 of 17 checks passed
@github-project-automation github-project-automation bot moved this from Review to Done in KBVE Mar 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@h0lybyte h0lybyte h0lybyte approved these changes

Assignees

No one assigned

Labels

auto-pr dev→main

Projects

KBVE
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@h0lybyte