peczenyj / GDPR-IAB-TCFv2

96%

main: 96%

LAST BUILD ON BRANCH v0.530

branch: SELECT

CHANGE BRANCH

x

• No branch selected
• add-range-section-cache
• add-support-to-publisher-tc
• chore/adopt-mojolicious-perltidyrc
• chore/cmp-validator-version-coherence
• chore/compress-test-corpus
• chore/contributor-quality-of-life
• chore/declare-min-perl-5.8.9
• chore/dockerfile-perl-5.42-recommends
• chore/maintenance-mode-handover
• chore/normalize-pod-abstracts
• chore/pod-and-message-cleanup
• chore/remove-json-array-flag
• chore/structural-json-asserts
• devel
• docs/registry-freshness-roadmap
• docs/slsa-level-2
• docs/track-phase-5-cmp-validator
• feat/cli-bundling
• feat/cli-cmp-validator-integration
• feat/cli-color-support
• feat/cli-dump
• feat/cli-short-help-and-unknown-subcommand
• feat/cli-version
• feat/cmp-validator-http-options
• feat/cross-lang-validator-parity
• feat/docker-distribution
• feat/docker-latest-tag
• feat/golden-corpus-validator-scenarios
• feat/is-v23-deadline-investigation
• feat/parser-split-and-shortcut
• feat/perf-optimizations
• feat/perl-5.10
• feat/perl-5.12
• feat/phase-0-core-logic
• feat/phase-1-tcf-v23-segments
• feat/phase-1-v23-logic
• feat/phase-2-validator
• feat/phase-2-validator-v2
• feat/phase-3-alignment
• feat/phase-3-constants-v23-aliases
• feat/phase-4-bench-and-perf
• feat/phase-4-performance
• feat/phase-5-cmp-validator
• feat/phase-5-cmp-validator-redux
• feat/phase-6.1-validator-reason
• feat/phase-6.2-validator-failure
• feat/phase-6.3-tcf-carve-out
• feat/phase-6.4-publisher-restriction-reasons
• feat/phase-6.5-per-call-overrides
• feat/quality-refinement
• feat/release-prep-0.530
• feat/roadmap-modernization
• feat/slsa-level-1
• feat/test-synopsis
• feat/todo-validator-strict-legal-basis-coupling
• feat/todo-validator-strict-legal-basis-scope
• feat/validator-go-alignment
• fix-but-index-out-of-bonds-while-parsing-range-based-consent-strings
• fix/bigint-fallback-json-serialization
• fix/cli-concise-errors
• fix/cli-error-formatting
• fix/cli-vendor-id-shadowed-by-version
• fix/final-review-refinements
• fix/golden-mem
• fix/json-regex-key-order-tests
• fix/optional-cmp-deps
• fix/perl-5.8-defined-or-syntax
• fix/pod-files-installed-as-modules
• fix/post-release-audit
• fix/publisher-restrictions-boundary-check
• fix/release-workflow
• fix/restore-cli-version-option
• fix/restore-pause-indexation-v0.401
• fix/uint36-timestamp-32bit-perl
• fix/use-test-warn
• fix/vendor-segment-parser-cleanup
• main
• refactor-publisher-restrictions
• refactor-range-section
• refactor/cmp-validator-rename
• refactor_bitfield
• release/0.100
• release/0.200
• release/0.350
• release/0.380
• release/0.400
• release/0.401
• release/0.510
• release/0.511
• release/0.512
• release/0.520
• release/v0.083
• release/v0.400
• v0.06
• v0.07
• v0.08
• v0.081
• v0.082
• v0.083
• v0.084
• v0.100
• v0.200
• v0.201
• v0.202
• v0.203
• v0.300
• v0.320
• v0.330
• v0.340
• v0.350
• v0.351
• v0.352
• v0.360
• v0.370
• v0.380
• v0.390
• v0.391
• v0.400
• v0.401
• v0.500
• v0.510
• v0.511
• v0.512
• v0.520
• v0.530
• vv0.083

Build # 26581719317

Build Type

push

github

Committed by web-flow

Commit Message

Release v0.530 (#140)

* docs: claim SLSA Build Level 2 (#137)

* docs: claim SLSA Build Level 2

The release pipeline already satisfies Build L2: it runs on a hosted
build platform (GitHub-hosted runners) and emits provenance signed via
Sigstore with an identity bound to the release workflow. v0.520 was the
first release to produce these signed attestations for both the CPAN
tarball and the Docker image, so the SECURITY.md claim is updated from
Build Level 1 to Build Level 2.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* docs: add SLSA Build Level 2 badge to README

Add an SLSA badge to the POD badge block in lib/GDPR/IAB/TCFv2.pm and
regenerate README.md. There is no official SLSA badge service, so this
uses a static shields.io badge linking to slsa.dev, consistent with the
SECURITY.md Build Level 2 claim.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* docs: point SLSA badge at the GitHub attestations page

Link the badge to the repository's attestations listing so a reader can
go straight to the signed build provenance.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>

* Feat/cross lang validator parity (#138)

* feat: add CMPDeleted/CMPUnknown reason codes

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* feat: CMPValidator lifecycle state() (active/deleted/unknown)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* feat: map CMP lifecycle state to CMPDeleted/CMPUnknown reasons

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* feat: auto-enforce TCF v2.3 policy>=5 and disclosed vendors after deadline

Date-based gate (created >= deadline), so legacy policy-5 strings created before
the deadline are not forced to carry a disclosed-vendors segment here.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* feat: add global vendor gate (ReasonVendorNotAllowed)

A vendor with neither consent nor legitimate interest a... (continued)

Coverage Stats

63 of 63 new or added lines in 2 files covered. (100.0%)

3 existing lines in 1 file now uncovered.

1217 of 1264 relevant lines covered (96.28%)

25316.67 hits per line