chore(release): auto-bump CITATION.cff and refresh SECURITY.md (#110)

ozeranskii · web-flow · commit c80cf60a5699 · 2026-04-12T16:18:54.000+02:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -88,6 +88,13 @@ jobs:
       - name: Refresh lockfile
         run: uv lock
 
+      - name: Update CITATION.cff metadata
+        env:
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          DATE=$(date -u +%Y-%m-%d)
+          yq -i ".version = \"${VERSION}\" | .\"date-released\" = \"${DATE}\"" CITATION.cff
+
       - name: Ensure changelog exists
         run: touch ${CHANGELOG_FILE}
 
@@ -114,7 +121,7 @@ jobs:
         env:
           VERSION: ${{ steps.version.outputs.version }}
         run: |
-          git add pyproject.toml uv.lock ${CHANGELOG_FILE}
+          git add pyproject.toml uv.lock CITATION.cff ${CHANGELOG_FILE}
           git commit -m "chore: release v${VERSION}"
 
       - name: Create and push tag
diff --git a/SECURITY.md b/SECURITY.md
@@ -6,10 +6,10 @@ We release patches for security vulnerabilities in the following versions:
 
 | Version | Supported          |
 |---------|--------------------|
-| 0.1.x   | :white_check_mark: |
-| < 0.1   | :x:                |
+| 0.4.x   | :white_check_mark: |
+| < 0.4   | :x:                |
 
-**Note:** As this project is in early development (0.1.x), we recommend always using the latest release.
+**Note:** This project is still pre-1.0. Security patches are only backported to the latest minor series; always use the most recent release.
 
 ## Reporting a Vulnerability
 
