From 805d405f6c7c5707e91db69c75de855eb4cb03f5 Mon Sep 17 00:00:00 2001
From: fOuttaMyPaint <154358121+TMHSDigital@users.noreply.github.com>
Date: Sat, 25 Apr 2026 15:47:50 -0400
Subject: [PATCH] fix: version-bump-check parser silently passes all PRs

The version-bump-check job in validate.yml uses
git log --pretty=format:'%H%x00%s%x00%b%x1e' to extract commits
and parse them. Bash command substitution silently strips \0
bytes (with a warning to stderr that nothing inspects), gluing
SHA+SUBJECT+BODY into one field. The regex that extracts
conventional-commit prefixes never matched, so the check has
been silently passing every PR since 2026-04-22 (commit f27e37f).

PR #22 (DTD#4 fix) was a fix:-prefixed PR that did not bump
VERSION. The check should have failed it but did not, allowing
the PR to merge and causing the next release to fail.

Replaces \x00 with \x1f (Unit Separator) which preserves through
bash command substitution. The record separator (\x1e Record
Separator) was already safe and is unchanged. The awk -F
arguments are updated to match.

Closes #24.

Signed-off-by: 154358121+TMHSDigital@users.noreply.github.com
Made-with: Cursor
---
 .github/workflows/validate.yml | 14 ++++++++++----
 VERSION                        |  2 +-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 1c7d1b0..c8ce5ef 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -196,7 +196,13 @@ jobs:
         run: |
           set -euo pipefail
 
-          COMMITS="$(git log "${BASE_SHA}..${HEAD_SHA}" --pretty=format:'%H%x00%s%x00%b%x1e')"
+          # DTD#24: field separator must NOT be NUL (\x00). Bash command
+          # substitution silently strips NUL bytes (with a warning to
+          # stderr that nothing inspects), gluing SHA+SUBJECT+BODY into
+          # one field and breaking the awk parse downstream. Use \x1f
+          # (Unit Separator) which preserves cleanly through bash. The
+          # record separator (\x1e Record Separator) was already safe.
+          COMMITS="$(git log "${BASE_SHA}..${HEAD_SHA}" --pretty=format:'%H%x1f%s%x1f%b%x1e')"
 
           if [ -z "$COMMITS" ]; then
             echo "No new commits to check."
@@ -206,9 +212,9 @@ jobs:
           NEEDS_BUMP="false"
           while IFS= read -r -d $'\x1e' record; do
             [ -z "$record" ] && continue
-            SHA="$(echo "$record" | awk -F '\0' '{print $1}')"
-            SUBJECT="$(echo "$record" | awk -F '\0' '{print $2}')"
-            BODY="$(echo "$record" | awk -F '\0' '{print $3}')"
+            SHA="$(echo "$record" | awk -F $'\x1f' '{print $1}')"
+            SUBJECT="$(echo "$record" | awk -F $'\x1f' '{print $2}')"
+            BODY="$(echo "$record" | awk -F $'\x1f' '{print $3}')"
 
             # Escape hatch: commit opts out.
             if echo "$SUBJECT $BODY" | grep -qF '[skip version]'; then
diff --git a/VERSION b/VERSION
index bfa363e..8decb92 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-1.8.4
+1.8.5