Skip to content

fix(tin-2435): bump tummycrypt_tinyland_auth to 0.4.0 (A4 propagation)#13

Merged
Jess Sullivan (Jesssullivan) merged 1 commit into
mainfrom
jess/tin-2435-bump-auth-0-4-0
Jul 4, 2026
Merged

fix(tin-2435): bump tummycrypt_tinyland_auth to 0.4.0 (A4 propagation)#13
Jess Sullivan (Jesssullivan) merged 1 commit into
mainfrom
jess/tin-2435-bump-auth-0-4-0

Conversation

@Jesssullivan

Copy link
Copy Markdown
Contributor

Summary

Consumer-bump for TIN-2435 (A4 propagation). tummycrypt_tinyland_auth 0.4.0
was just promoted in tinyland-inc/bazel-registry; this repo was still pinned
to 0.3.0 in MODULE.bazel.

  • Bumped bazel_dep(name = "tummycrypt_tinyland_auth", ...) from 0.3.00.4.0.
  • 0.4.0 is additive per its CHANGELOG (RBAC SSOT hardening, P2 view-grants):
    moderator/editor/contributor gain admin.events.view; event_manager gains
    admin.content.view; new exports ROLE_CHARTER, MEMBER_SELF_SERVICE_CORE,
    FEATURE_DOMAINS.
  • Grep-verified this repo's src/ and tests/ do not reference the auth
    package's role/permission matrix at all, so no test assertions required
    changes
    .
  • package.json / pnpm-lock.yaml left untouched: the auth dependency there
    is a caret range (^0.3.0 dev, ^0.2.2 || ^0.3.0 peer), not an exact pin,
    and there's no CI step tying the npm range to the Bazel pin. Per house
    convention, the Bazel module graph is the source of truth for in-ecosystem
    deps, not npm resolution.
  • No MODULE.bazel.lock exists in this repo, so no lockfile regeneration
    was needed.

Test plan

  • pnpm typecheck — clean
  • pnpm test — 119/119 passing (identical to pre-bump baseline)
  • pnpm build — clean
  • pnpm check:package (publint) — all good
  • bazelisk build //:pkg //:test — green, resolves 0.4.0 from
    tinyland-inc/bazel-registry (local disk-cache only, no RBE touched —
    this repo's .bazelrc has no remote-execution config)
  • bazelisk test //:test — 1/1 passing

Consumer-bump for TIN-2435 (A4 propagation). Bumps the tummycrypt_tinyland_auth
bazel_dep pin from 0.3.0 to 0.4.0 to pick up the P2 view-grants RBAC data
reconciliation (moderator/editor/contributor gain admin.events.view;
event_manager gains admin.content.view) plus new ROLE_CHARTER,
MEMBER_SELF_SERVICE_CORE, and FEATURE_DOMAINS exports.

This repo (tinyland-security) does not itself reference the auth package's
role/permission matrix in src or tests (grep-verified), so no test assertions
needed updating. package.json/pnpm-lock.yaml are left untouched: the auth dep
there is a caret range (^0.3.0 / peer ^0.2.2 || ^0.3.0), not an exact pin, and
there is no CI parity check tying the npm range to the Bazel pin, so per house
rule the Bazel module graph remains the sole source of truth for this bump.

No MODULE.bazel.lock exists in this repo, so no lockfile regeneration was
required.

Verified locally: pnpm typecheck, pnpm test (119/119 passing), pnpm build,
pnpm check:package, and bazelisk build/test //:pkg //:test all green with
the new pin resolved from the tinyland-inc bazel-registry.
@Jesssullivan Jess Sullivan (Jesssullivan) merged commit bffb8e6 into main Jul 4, 2026
4 checks passed
@Jesssullivan Jess Sullivan (Jesssullivan) deleted the jess/tin-2435-bump-auth-0-4-0 branch July 4, 2026 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant