PrazwalR · dependabot · Apr 10, 2026 · Apr 10, 2026 · Apr 11, 2026 · Apr 11, 2026
diff --git a/.cargo/audit.toml b/.cargo/audit.toml
@@ -10,4 +10,6 @@ ignore = [
     "RUSTSEC-2025-0119", # number_prefix (unmaintained)
     # Transitive dependency in hyper-rustls 0.24.x.
     "RUSTSEC-2025-0134", # rustls-pemfile (unmaintained)
+    # Transitive dependency through tera, mockito, kube-runtime (rand 0.8.5 unsound).
+    "RUSTSEC-2026-0097", # rand (unsound with custom logger)
 ]
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,9 +9,6 @@ updates:
     open-pull-requests-limit: 5
     commit-message:
       prefix: "deps"
-    labels:
-      - "dependencies"
-      - "rust"
     reviewers:
       - "PrazwalR"
     groups:
@@ -38,6 +35,3 @@ updates:
     open-pull-requests-limit: 3
     commit-message:
       prefix: "ci"
-    labels:
-      - "ci"
-      - "dependencies"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,29 +6,35 @@ on:
   pull_request:
     branches: [ main ]
 
+concurrency:
+  group: ci-${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 env:
   CARGO_TERM_COLOR: always
   RUST_BACKTRACE: 1
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
 
 jobs:
   test:
     name: Test Suite
     runs-on: ${{ matrix.os }}
     strategy:
+      fail-fast: false
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
-        rust: [stable, "1.70.0"]  # Test MSRV and stable
+        rust: [stable, "1.91.1"]  # Test MSRV and stable
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install Rust
         uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.rust }}
 
       - name: Cache cargo registry
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: |
             ~/.cargo/registry
@@ -39,22 +45,22 @@ jobs:
             ${{ runner.os }}-${{ matrix.rust }}-cargo-
 
       - name: Run tests
-        run: cargo test --verbose --all-features
+        run: cargo test --verbose --all-features --locked
 
   clippy:
     name: Clippy
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable
         with:
           components: clippy
 
       - name: Cache cargo
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: |
             ~/.cargo/registry
@@ -63,14 +69,14 @@ jobs:
           key: ${{ runner.os }}-clippy-${{ hashFiles('**/Cargo.lock') }}
 
       - name: Run clippy
-        run: cargo clippy --all-targets --all-features -- -D warnings
+        run: cargo clippy --locked --all-targets --all-features -- -D warnings
 
   fmt:
     name: Rustfmt
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable
@@ -97,13 +103,13 @@ jobs:
             binary: apiforge.exe
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install Rust
         uses: dtolnay/rust-toolchain@stable
 
       - name: Cache cargo
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: |
             ~/.cargo/registry
@@ -112,25 +118,26 @@ jobs:
           key: ${{ runner.os }}-release-${{ hashFiles('**/Cargo.lock') }}
 
       - name: Build release
-        run: cargo build --release --verbose
+        run: cargo build --release --verbose --locked
 
       - name: Upload artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: ${{ matrix.artifact }}
           path: target/release/${{ matrix.binary }}
 
   security-audit:
     name: Security Audit
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      issues: write
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install cargo-audit
+        run: cargo install cargo-audit --locked
 
       - name: Run security audit
-        uses: rustsec/audit-check@v2
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+        run: cargo audit
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -7,6 +7,7 @@ on:
 
 env:
   CARGO_TERM_COLOR: always
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
 
 jobs:
   # First, run tests to ensure quality
@@ -21,10 +22,10 @@ jobs:
         uses: dtolnay/rust-toolchain@stable
 
       - name: Run tests
-        run: cargo test --all-features
+        run: cargo test --all-features --locked
 
       - name: Run clippy
-        run: cargo clippy --all-targets --all-features -- -D warnings
+        run: cargo clippy --locked --all-targets --all-features -- -D warnings
 
   # Build binaries for all platforms
   build:
@@ -38,12 +39,11 @@ jobs:
             target: x86_64-unknown-linux-gnu
             artifact: apiforge-linux-amd64
             binary: apiforge
-          - os: ubuntu-latest
+          - os: ubuntu-24.04-arm
             target: aarch64-unknown-linux-gnu
             artifact: apiforge-linux-arm64
             binary: apiforge
-            cross: true
-          - os: macos-latest
+          - os: macos-15-intel
             target: x86_64-apple-darwin
             artifact: apiforge-darwin-amd64
             binary: apiforge
@@ -64,17 +64,22 @@ jobs:
         with:
           targets: ${{ matrix.target }}
 
-      - name: Install cross (Linux ARM64)
-        if: matrix.cross
-        run: cargo install cross --locked
+      - name: Install Linux build dependencies
+        if: runner.os == 'Linux'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends pkg-config libssl-dev
+          sudo rm -rf /var/lib/apt/lists/*
 
-      - name: Build (native)
-        if: "!matrix.cross"
-        run: cargo build --release --target ${{ matrix.target }}
+      - name: Install macOS build dependencies
+        if: runner.os == 'macOS'
+        run: |
+          brew install openssl@3 pkg-config
+          echo "OPENSSL_DIR=$(brew --prefix openssl@3)" >> "$GITHUB_ENV"
+          echo "PKG_CONFIG_PATH=$(brew --prefix openssl@3)/lib/pkgconfig" >> "$GITHUB_ENV"
 
-      - name: Build (cross)
-        if: matrix.cross
-        run: cross build --release --target ${{ matrix.target }}
+      - name: Build
+        run: cargo build --release --target ${{ matrix.target }} --locked
 
       - name: Create archive (Unix)
         if: runner.os != 'Windows'
@@ -109,7 +114,7 @@ jobs:
         uses: dtolnay/rust-toolchain@stable
 
       - name: Publish to crates.io
-        run: cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }}
+        run: cargo publish --locked --token ${{ secrets.CARGO_REGISTRY_TOKEN }}
 
   # Create GitHub Release with binaries
   github-release:
@@ -147,7 +152,7 @@ jobs:
           fi
 
       - name: Create GitHub Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v3
         with:
           name: Apiforge v${{ steps.version.outputs.VERSION }}
           body_path: release_notes.md

diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,5 @@
 # Rust
 /target/
-/demo-api/
 # Cargo.lock tracked for binary app (needed for security audit)
 **/*.rs.bk
 *.pdb

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,31 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.2.4] - 2026-04-12
+
+### Fixed
+- Release workflow now targets `macos-15-intel` for `x86_64-apple-darwin` so the amd64 macOS artifact builds on a native Intel runner.
+- Prevents x86_64 macOS link failures caused by building that target on arm64-hosted `macos-latest`.
+
+## [0.2.3] - 2026-04-12
+
+### Fixed
+- Release workflow now uses `macos-latest` for both macOS targets to avoid unavailable `macos-13` runner cancellations.
+- macOS release builds now install OpenSSL and pkg-config before compiling to prevent `openssl-sys` detection failures.
+
+## [0.2.2] - 2026-04-12
+
+### Fixed
+- Release workflow Linux ARM64 build now uses a native ARM runner (`ubuntu-24.04-arm`) instead of cross-compiling through a container lacking OpenSSL dev libraries.
+- Release workflow installs Linux build dependencies (`pkg-config`, `libssl-dev`) before compiling to avoid OpenSSL discovery failures.
+
+## [0.2.1] - 2026-04-12
+
+### Fixed
+- Release workflow macOS build matrix now uses native runners per architecture:
+  - `x86_64-apple-darwin` on `macos-13`
+  - `aarch64-apple-darwin` on `macos-14`
+
 ## [0.2.0] - 2026-04-10
 
 ### Highlights

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -6,16 +6,16 @@ Thank you for your interest in contributing to Apiforge! This document provides
 
 ### Prerequisites
 
-- Rust 1.70 or later
+- Rust 1.70.0 or later
 - Docker (for building and testing container features)
 - kubectl and a Kubernetes cluster (for testing K8s features)
 - AWS CLI (optional, for ECR features)
 
 ### Building
 
 ```bash
-git clone https://github.com/your-org/apiforge.git
-cd apiforge
+git clone https://github.com/PrazwalR/Apiforge.git
+cd Apiforge
 cargo build
 ```