fix(release): include all file changes in version bump detection

[JosephDoUrden]

Summary

• Remove the .py/.ts suffix filter from has_changes() in scripts/release.py so that all file changes within a package directory trigger a version bump
• Previously, lockfile-only changes (e.g. uv.lock from Dependabot) were silently skipped, leaving stale versions in pyproject.toml

Fixes #3870

Problem

has_changes() filtered changed files to only .py and .ts suffixes:

relevant_files = [f for f in changed_files if f.suffix in [".py", ".ts"]]

This caused packages with only lockfile changes between tags to retain stale versions. Downstream consumers (SBOM generators, CVE scanners) rely on the version in pyproject.toml to match the CalVer release tag.

Change

Any change within a package directory now counts as a relevant change, removing the suffix filter entirely.

AI Disclosure

AI assistance (Claude) was used for issue research. The implementation was written and reviewed by the author.

[cliffhall]

@claude review

[claude]

Claude finished @cliffhall's task in 1m 0s —— View job

---

PR Review

• Gather context and read changed files
• Analyze the change
• Post review feedback

---

Summary: The fix is correct and well-scoped. A few observations below.

---

What changed

scripts/release.py lines 114–116 (has_changes()):

# Before
changed_files = [Path(f) for f in output.stdout.splitlines()]
relevant_files = [f for f in changed_files if f.suffix in [".py", ".ts"]]
return len(relevant_files) >= 1

# After
changed_files = output.stdout.splitlines()
return len(changed_files) >= 1

---

Assessment

The fix is correct. The original suffix filter (.py/.ts only) was too narrow for a polyglot monorepo that uses uv.lock, pyproject.toml, package.json, and other non-source files as meaningful package artifacts. Lockfile-only changes (e.g., Dependabot uv.lock bumps) were silently excluded, leaving pyproject.toml version stale relative to the CalVer release tag.

The code simplification is clean. Dropping the Path(f) conversion is appropriate since .suffix is no longer needed.

Edge cases look fine:

• Empty output: "".splitlines() → [], so len([]) >= 1 → False ✓
• No trailing-newline issue: splitlines() doesn't produce spurious empty strings ✓

---

Minor considerations

1. Over-triggering on doc/config changes

With the filter removed, a README, .gitignore, or pyrightconfig.json change inside a package directory will trigger a version bump. For CalVer (YYYY.M.D) this is mostly harmless — same-day changes produce the same version string regardless — but it's worth being aware of. If fine-grained control matters later, an exclusion list (e.g., skip *.md) could be added, but that's optional and out of scope for this fix.

2. Cosmetic nit

return len(changed_files) >= 1 is equivalent to return bool(changed_files), though the current form is clear enough and matches the style of the removed lines.

---

Verdict

The change is a straightforward, correct fix with no regressions. The behavior change (all files trigger version bumps, not just .py/.ts) aligns with the intent of the CalVer release system and is well-justified by the linked issue. Good to merge.