chore: release v3.4.1

[mise-en-dev]

📚 Documentation

• use KDLv2 raw multiline strings by @salim-b in #657

New Contributors

• @salim-b made their first contribution in #657

Summary by CodeRabbit

• Chores

  • Version bumped to 3.5.0 across packages and CLI artifacts.
  • Updated semver dependency and lockfile.

• New Features

  • Added a sponsors command.

• Documentation

  • Updated CLI reference and release notes to 3.5.0.
  • Added KDLv2 raw multiline string notes and sponsor feed/footer docs.
  • Revised changelog CI note to reference trusted publishing for crates.
  • Added new contributor attribution.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Release bump to 3.5.0: changelog added and a 3.4.0 CI bullet updated; crate versions and workspace dependency bumped; generated CLI spec, JSON reference, and usage docs updated; semver dev dependency and lockfile entries bumped to 7.8.2.

Changes

Version 3.5.0 Release

Layer / File(s)	Summary
Package manifests and changelog CHANGELOG.md, lib/Cargo.toml, cli/Cargo.toml, Cargo.toml	CHANGELOG adds the 3.5.0 release with feature/documentation bullets and a new contributor attribution; the 3.4.0 CI bullet text is updated. Package versions (lib, cli) and workspace dependency usage-lib are bumped to 3.5.0.
Generated specs and documentation cli/usage.usage.kdl, docs/cli/reference/commands.json, docs/cli/reference/index.md	Generated CLI KDL spec version, top-level JSON reference version, and markdown usage page display are updated to 3.5.0.
Lockfile and devDependencies aube-lock.yaml, package.json	Developer dependency semver bumped from 7.8.1 → 7.8.2 with corresponding lockfile package/snapshot/integrity updates; package.json devDependency updated to ^7.8.2.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I hop and tuck a tiny note,
Version numbers in my coat.
Manifests updated, changelog too,
Lockfiles nudged and docs anew.
I twitch my nose and bounce through.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title claims it's releasing v3.4.1, but the actual changes show version bumps to 3.5.0 across all Cargo.toml files and documentation.	Update the PR title to accurately reflect the actual version being released, such as 'chore: release v3.5.0' or correct the version numbers in the changed files.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This is a release PR bumping all packages from v3.4.0 to v3.5.0, updating the changelog, and pulling in minor dependency updates. Note that the PR title says "release v3.4.1" while all version strings in the diff are set to 3.5.0 — the title appears to be a copy-paste mistake.

• All Cargo.toml files (lib, cli, root workspace) and generated artifacts (usage.usage.kdl, commands.json, index.md) are consistently updated to 3.5.0.
• Lockfile dependencies updated: regex 1.12.3→1.12.4, zerocopy 0.8.50→0.8.52, and semver 7.8.1→7.8.4 (both Cargo.lock and aube-lock.yaml/package.json).

Confidence Score: 5/5

Safe to merge — all changes are mechanical version bumps and lockfile updates with no logic changes.

Every file touched is a version string, generated artifact, lockfile, or changelog entry. Version numbers are consistent across all files (all point to 3.5.0). Dependency updates (regex, zerocopy, semver) are minor patch/patch bumps with no API changes.

No files require special attention beyond the PR title mismatch noted in the comment.

Important Files Changed

Filename	Overview
CHANGELOG.md	Prepends 3.5.0 release notes and backfills a 3.4.0 entry; content is informational only.
Cargo.lock	Lockfile updates: regex 1.12.3→1.12.4, regex-syntax 0.8.10→0.8.11, zerocopy 0.8.50→0.8.52, and usage-cli/usage-lib version bumped to 3.5.0.
Cargo.toml	Bumps usage-lib workspace dependency reference from 3.4.0 to 3.5.0.
cli/Cargo.toml	Version bump from 3.4.0 to 3.5.0.
lib/Cargo.toml	Version bump from 3.4.0 to 3.5.0.
package.json	semver dev dependency specifier bumped from ^7.8.1 to ^7.8.4.

_{Reviews (14): Last reviewed commit: "chore: release v3.5.0" | Re-trigger Greptile}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.95%. Comparing base (f1d6e61) to head (3245e9f).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #658      +/-   ##
==========================================
- Coverage   79.31%   77.95%   -1.37%     
==========================================
  Files          56       56              
  Lines       10487    10546      +59     
  Branches    10487    10546      +59     
==========================================
- Hits         8318     8221      -97     
- Misses       1409     1468      +59     
- Partials      760      857      +97     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: cargo zerocopy is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → cargo/zerocopy@0.8.52 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore cargo/zerocopy@0.8.52. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report