Releases: aatuh/randutil
Releases · aatuh/randutil
v2.1.3
Summary
Patch release focused on documentation quality, executable examples, repository hygiene, and regression-test coverage. No public API signatures changed.
Added
- Executable examples for root-package derivation and workspace usage, NanoID generation, and ULID generation.
- Regression tests for workspace usage snapshots, disabled-cache behavior, cached stream eviction, derived root contracts, and byte-token ownership.
Changed
- Tightened README navigation, quick-start structure, and deterministic testing guidance.
- Consolidated benchmark evidence guidance in
docs/benchmarks.mdto reduce release-doc drift. - Updated repository ignore rules for local hidden-file artifacts.
Documentation
- Clarified vulnerability-reporting expectations in
SECURITY.md. - Removed the temporary production-readiness tracking file now that readiness evidence lives in permanent project docs and GitHub settings.
Validation
- Local gate:
make finalizepassed on commit81e9431c5bb6efbafdd7a53d296a4ffd090c5e14. - Remote gates passed for the release commit:
v2.1.2
Summary
- Hardened invalid-input handling: collection probabilities now reject NaN and infinities, and Bernoulli has regression coverage for non-finite probabilities.
- Fixed signed full-range integer generation so ranges spanning MinInt64 or MinInt can return the minimum value without ErrResultOutOfRange.
- Rejected UUID v7 timestamps that exceed the 48-bit timestamp field.
- Updated Go/tooling baseline and dependencies: Go 1.25.0, golang.org/x/crypto v0.51.0, govulncheck v1.3.0, gosec v2.26.1, golangci-lint v2.12.2.
- Refreshed GitHub Actions versions and normalized SARIF rule tags before upload.
Documentation
- Clarified production security boundaries: not FIPS/audited crypto; seed quality matters; callers needing strict OS RNG or FIPS paths should use crypto/rand.Reader directly.
- Clarified default RNG state wording and UUID v7 / ULID ordering semantics.
Validation
- Local final gate: make finalize passed.
- Remote Go CI: https://github.com/aatuh/randutil/actions/runs/26205916412
- Remote CodeQL: https://github.com/aatuh/randutil/actions/runs/26205916413
- Remote Scorecard: https://github.com/aatuh/randutil/actions/runs/26205916397
Benchmarks
Benchmark evidence is recorded in docs/benchmarks-v2.1.2.md. The v2.1.1 fallback benchmark run found no benchmark functions, so this release does not claim a measured performance improvement.