🆕 Support deployment of OpenAPI 3.2 documents 🎉

OpenAPI 3.2 was published on 19 September 2025 (see documentation), and is now partially supported by Bump.sh

Dependencies upgrade

As usual, we've updated some external JS dependencies.

And of course, continue having fun playing with APIs 😊 ✨

🐛 Overlays with bump deploy directory/

This release is a tiny bug fix to be able to use the --overlay flags during a deployment of a directory.

E.g.

bump deploy --hub my-hub --overlay my-overlay.yml directory/ 

Will deploy all specification files of the format <api_name>-api.[format] inside the directory/ directory while applying the my-overlay.yml overlay on each deployed documentation.

This release is a direct follow-up to the latest 2.9.6 release where the “authenticated diffs” were forgotten in the new possibility to apply overlays to a diff command.

From now on, all diffs support the --overlay flags (both public & authenticated diffs)

🐛 Two bug fixes around overlays

• The overlay output will not output yaml anchors anymore. Cf #709 for details.
• Using $refs inside an overlay file will now work as expected during a bump deploy my-openapi.yml --overlay my-overlay.yml command. Meaning we now send external refs from the overlay file correctly during deployments. More details inin #722

🆕 New feature on overlays: they can now be applied within the diff command

• The diff command now supports --overlay flag. Aligning with the existing behavior of the bump deploy command, you can now call the bump diff command with overlays. This will apply the given overlay(s) to the previous and next versions being compared. All details in #710

Dependencies upgrade

As usual, we've updated some external JS dependencies.

Thanks again Jake for reporting most of the issues fixed by this release!

And of course, continue having fun designing APIs 😊 ✨

🆕 You can now push a temporary version and create a preview in the context of your documentation

With the bump deploy command, you can now pass a new parameter: --preview. This will have the effect to deploy a “temporary” version which won't be visible by your end users but you'll get a preview of your documentation with the deployed document.

e.g.

bump deploy --doc my-doc --token my-secret-token --preview api-definition-file.json

The returned value will be a URL of the version you pushed, directly available in your context but not accessible from your rendered documentation.

🐛 fixing the overlay command (again!)

There was another case which got broken since the refactoring of 2.9.3: removing all elements of an array would.. not remove all elements and always leave n/2 elements in the array.

This is luckly fixed now and an overlay action like this:

- target: "$.servers.*"
  remove: true

will successfully remove all servers to the openapi document you target with that overlay.

😌 Thanks again Lisa for reporting this!

As usual, have fun designing APIs 😊 ✨

🐛 Fixing the bump overlay command

Both following overlay targets were broken in the previous 2.9.2 release:

• Targeting the root document (target: '$') to add elements with the update action was broken
• Targeting an array element in your OpenAPI document with an update action was broken

This release fixes both bugs 😌. Thanks a lot @lcawl for reporting this issue 🙏

Upgrades

Dev dependencies upgrade including a high severity vulnerability.

As usual, have fun designing APIs 😊 ✨

🆕 The overlay command will now output a warning when target JSONPath is empty

When using either the bump overlay (or during a depoyment with bump deploy --overlay), an overlay targeting inexistant elements will now output on stderr a warning for the user.

This is particularly useful for user input typos in an overlay document.

e.g.

WARNING: Action target '$.serverswithtypo.*' has no matching elements

Upgrades

As usual, the release is packed with dependency updates to make the CLI stable & secure.

Have fun designing APIs 😊 ✨

🆕 Multiple --overlay flags are now supported on the bump deploy command

You can now pass the --overlay overlay-file.yml flag multiple times to the bump deploy command. Meaning you can apply as many different overlay files on your original API definition before publishing your documentation on Bump.sh.

The order of the flags is important as overlays will be applied sequencially one after another.

Usage:

> bump deploy \
    --doc my-doc --token my-secret-token \
    --overlay overlay-translate-to-english.yml --overlay overlay-remove-wip-endpoints.yml 
    openapi-definition.yml

Result:
The file openapi-definition.yml will be overlayed first by the overlay-translate-to-english.yml file, then by the overlay-remove-wip-endpoints.yml and finally be published to the my-doc documentation on Bump.sh.

If you missed the overlay feature of the CLI, head to this guide we wrote to explain the rational behind overlays

🆕 The bump diff command accepts a new --no-fail-on-breaking flag

In the context of CI (Continuous Integration) environments, the CLI make the --fail-on-breaking flag default to true on the bump diff. This is detected by the CI=1 environment variable that is usually set by all CI tools.

We now introduced a new --no-fail-on-breaking flag which allows a user to disable this feature in a CI environment.

Usage:

> bump diff --no-fail-on-breaking openapi-v1.yml openapi-v2.yml

Result:
If the comparison of both API definitions leads to a breaking change, the command will exit with a 0 status code and will NOT make the build fail.

🐛 Two small fixes

• Fix on the overlay feature: when applying an overlay on a YAML input file, both the YAML comments and the line width of the original file will be preserved. Thanks a lot @thim81 for your contribution!
• Fix on the exported core Diff class when using the package as a node dependency. The interface of the class was broken in 2.9.0, it's now fixed and possible to use the class programmatically.

Upgrades

As usual, the release is packed with dependency updates to make the CLI stable & secure.

Have fun designing APIs 😊 ✨

This release is a minor patch upgrade even though there are no feature changes because we've made major upgrades of our CLI framework dependency (from Oclif v1 to Oclif v4!), bumped the minimal version of Node (20+), bumped the TypeScript version and changed the package to be a node module.

In case you see any issues using this new version please let us know at hello@bump.sh

Thanks! And keep having fun designing APIs 😊 ✨

Some dependency npm package upgrade to remove a high security issue and a fix in the bump diff command when used with --format json.

🐛 Always return JSON value with bump diff --format json command

When the JSON format is asked in the bump diff command via the --format json parameter, we now return an empty json array [] even if the diff has no structural changes. Previously we would return a string which didn't align with the format of a structural change.

Have fun designing APIs 😊 ✨