chore: release v4.6.0

[matthew-dean]

Summary

• Bump version to 4.6.0 across all packages
• Add CHANGELOG entry covering all changes since v4.5.1
• Update publish workflow: replace deprecated actions/create-release@v1 with gh release create, attach less.js and less.min.js as release assets
• Harden publish script to detect version bumps from squash merges (compares package.json against last git tag)
• Update CONTRIBUTING.md with detailed release documentation
• Remove .github/** from paths-ignore so workflow file changes trigger CI

Closes

Closes #4397
Closes #4354
Closes #4339
Closes #4313
Closes #4396
Closes #4395
Closes #4394

Test plan

• All 205 tests pass
• Build produces dist/less.js and dist/less.min.js
• Verify publish workflow runs correctly after merge

Summary by CodeRabbit

• New Features

  • Version 4.6.0 released with modernization and code-quality improvements.

• Bug Fixes

  • Multiple fixes for tree node behavior, declaration parsing, at-rule handling, and related edge cases.

• Deprecation Warnings

  • Added notices about Less 5.x compatibility changes.

• Documentation

  • Updated changelog and contributing guide with revised release process, versioning examples, asset publishing notes, and updated test command.

• Release

  • Consolidated publishing workflow: unified alpha vs. stable releases, builds/dist are produced during release, and distribution assets are attached to releases.

[coderabbitai]

📝 Walkthrough

Walkthrough

Consolidates GitHub release steps into a single release run using the GitHub CLI, updates workflow permissions and triggers, centralizes alpha vs. master release logic, bumps packages to v4.6.0, updates changelog and contributing docs, and adds version-ahead-of-tag detection to the bump script.

Changes

Cohort / File(s)	Summary
Workflow .github/workflows/publish.yml	Narrowed path filtering, changed permissions.contents to write, removed separate alpha/master release steps and replaced them with a single Create GitHub Release run block that uses gh release and GH_TOKEN.
Release logic script scripts/bump-and-publish.js	Added explicit-version detection: if package.json version > last git tag, prefer that version; added semver try/catch; removed redundant fs require.
Version bumps package.json, packages/less/package.json, packages/test-data/package.json, packages/test-import-module/package.json	Bumped root and package versions from 4.5.x to 4.6.0; added repository object to packages/test-data/package.json.
Docs / Release notes CHANGELOG.md, CONTRIBUTING.md	Added v4.6.0 changelog entry and expanded CONTRIBUTING with new publish flows, version override guidance, release-branch details, and release asset instructions.

Sequence Diagram(s)

sequenceDiagram
  participant GH_Actions as "GitHub Actions"
  participant Script as "bump-and-publish.js"
  participant Builder as "Build (pnpm/npm)"
  participant GH_CLI as "gh (GitHub CLI)"
  participant NPM as "npm registry"

  GH_Actions->>Script: start release job (determine version, IS_ALPHA)
  Script->>Builder: run build to produce assets (`less.js`, `less.min.js`)
  Builder-->>Script: assets produced
  Script->>GH_CLI: `gh release create <version>` (attach assets, --prerelease if alpha)
  GH_CLI->>GH_Actions: create release & attach assets
  Script->>NPM: `npm publish` (tag depends on alpha/master)
  NPM-->>Script: publish result
  GH_Actions-->>GH_Actions: workflow completes

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I hopped through scripts and YAML seas,
One release step now hums with ease.
Versions lifted, changelog bright,
Assets bundled, out of sight —
A tiny thump, a joyous breeze.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'chore: release v4.6.0' clearly and concisely summarizes the main objective: releasing version 4.6.0.
Linked Issues check	✅ Passed	The PR addresses all coding requirements from linked issues: #4397 (@container spacing), #4354 (@apply formatting), #4339 (mixin deprecation), #4313 (:not() expansion), #4396 (Playwright postinstall), and #4395 (Node.js v14 compatibility). CHANGELOG and version bumps confirm these fixes are included.
Out of Scope Changes check	✅ Passed	All changes are scoped to version 4.6.0 release requirements: version bumps, CHANGELOG entry, workflow updates, publishing script hardening, and documentation updates. No unrelated changes detected.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

CONTRIBUTING.md (1)

111-115: Add language specifier to fenced code block.

The commit message example should have a language specifier for consistency with other code blocks in the file. Using text or leaving it empty with proper formatting would satisfy the markdown linter.

Suggested fix

-```
+```text
 feat: new feature
 
 version: 4.6.0

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @CONTRIBUTING.md around lines 111 - 115, Update the fenced code block that
currently shows the commit example (the block containing "feat: new feature" and
"version: 4.6.0") to include a language specifier (e.g., use ```text) so the
markdown linter is satisfied and the block matches other examples in the
document.

</details>

</blockquote></details>
<details>
<summary>scripts/bump-and-publish.js (1)</summary><blockquote>

`487-489`: **Duplicate `require('fs')` statement.**

The `fs` module is already required at line 14. This duplicate require inside the function is unnecessary.


<details>
<summary>Suggested fix</summary>

```diff
   // Output version for GitHub Actions
   if (process.env.GITHUB_OUTPUT) {
-    const fs = require('fs');
     fs.appendFileSync(process.env.GITHUB_OUTPUT, `version=${nextVersion}\n`);
     fs.appendFileSync(process.env.GITHUB_OUTPUT, `tag=${tagName}\n`);
   }
```
</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

```
Verify each finding against the current code and only fix it if needed.

In `@scripts/bump-and-publish.js` around lines 487 - 489, Remove the duplicate
require('fs') inside the if block and use the already-imported fs variable (so
delete the line "const fs = require('fs');" in the block that checks
process.env.GITHUB_OUTPUT) to avoid shadowing and redundant requires; keep the
existing call to fs.appendFileSync(process.env.GITHUB_OUTPUT,
`version=${nextVersion}\n`) unchanged.
```

</details>

</blockquote></details>

</blockquote></details>

<details>
<summary>🤖 Prompt for all review comments with AI agents</summary>

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @CONTRIBUTING.md:

• Around line 111-115: Update the fenced code block that currently shows the
  commit example (the block containing "feat: new feature" and "version: 4.6.0")
  to include a language specifier (e.g., use ```text) so the markdown linter is
  satisfied and the block matches other examples in the document.

In @scripts/bump-and-publish.js:

• Around line 487-489: Remove the duplicate require('fs') inside the if block
  and use the already-imported fs variable (so delete the line "const fs =
  require('fs');" in the block that checks process.env.GITHUB_OUTPUT) to avoid
  shadowing and redundant requires; keep the existing call to
  fs.appendFileSync(process.env.GITHUB_OUTPUT, version=${nextVersion}\n)
  unchanged.

</details>

---

<details>
<summary>ℹ️ Review info</summary>

<details>
<summary>⚙️ Run configuration</summary>

**Configuration used**: Path: .coderabbit.yaml

**Review profile**: CHILL

**Plan**: Pro

**Run ID**: `cb6fe718-dabd-4301-9c6b-0a62ba18bb9a`

</details>

<details>
<summary>📥 Commits</summary>

Reviewing files that changed from the base of the PR and between e6a8efbb9c4d832fcf236fbeb570f92c1109b323 and a08bd0dfea6585d466dbf24030c1fda6ab5a1b39.

</details>

<details>
<summary>📒 Files selected for processing (8)</summary>

* `.github/workflows/publish.yml`
* `CHANGELOG.md`
* `CONTRIBUTING.md`
* `package.json`
* `packages/less/package.json`
* `packages/test-data/package.json`
* `packages/test-import-module/package.json`
* `scripts/bump-and-publish.js`

</details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/publish.yml:
- Around line 147-192: The Create GitHub Release step can fail if a release with
$TAG already exists; modify the step to first check for an existing release
(e.g., use gh release view "$TAG") and branch: if it exists, run gh release edit
"$TAG" to update --title and --notes and use gh release upload to update the
assets (packages/less/dist/less.js and packages/less/dist/less.min.js),
otherwise run gh release create "$TAG" as currently done; ensure the same
PRERELEASE flag and BODY are applied when editing and that upload
replaces/overwrites existing assets to make the step idempotent.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 08f663b0-c82e-4611-9418-0bae5279c7f5

📥 Commits

Reviewing files that changed from the base of the PR and between a08bd0d and 5a1b425.

📒 Files selected for processing (4)

• .github/workflows/publish.yml
• CONTRIBUTING.md
• packages/test-data/package.json
• scripts/bump-and-publish.js

[coderabbitai]

♻️ Duplicate comments (1)

.github/workflows/publish.yml (1)

187-190: ⚠️ Potential issue | 🟡 Minor

Existing-release reruns still leave release metadata stale.

On reruns, Line 187 takes the existing-release path and only re-uploads assets. If TITLE, BODY, or prerelease status changed, the GitHub release will not be brought back in sync. This is still only partially idempotent.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/publish.yml around lines 187 - 190, The workflow currently
treats an existing release (checked via gh release view "$TAG") as immutable and
only re-uploads assets, which leaves TITLE, BODY (notes) and prerelease state
stale on reruns; update the existing-release branch to call gh release edit for
the found TAG and pass the latest metadata (e.g., --title "$TITLE", --notes
"$BODY", and set/remove --prerelease based on the prerelease flag) before
uploading assets so the release metadata is brought back into sync with the
action inputs; ensure you still run gh release upload --clobber after the gh
release edit to update assets.

🧹 Nitpick comments (1)

.github/workflows/publish.yml (1)

132-133: Pin npm to the required range instead of latest.

npm@latest makes the release path non-reproducible and can start failing on a future npm major even though this step only needs 11.5.1+. Pinning the major/range here would keep publishing behavior stable.

Proposed change

-      - name: Ensure npm 11.5.1 or later for trusted publishing
-        run: npm install -g npm@latest
+      - name: Ensure npm 11.5.1 or later for trusted publishing
+        run: npm install -g "npm@^11.5.1"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/publish.yml around lines 132 - 133, Replace the
non-reproducible global install "npm install -g npm@latest" in the workflow step
named "Ensure npm 11.5.1 or later for trusted publishing" with a pinned semver
range that guarantees npm 11.x and at least 11.5.1 (for example use npm@^11.5.1
or an explicit range like ">=11.5.1 <12") so the publish job stays stable;
update the run command accordingly and verify the workflow runs with the pinned
version.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/publish.yml:
- Around line 187-190: The workflow currently treats an existing release
(checked via gh release view "$TAG") as immutable and only re-uploads assets,
which leaves TITLE, BODY (notes) and prerelease state stale on reruns; update
the existing-release branch to call gh release edit for the found TAG and pass
the latest metadata (e.g., --title "$TITLE", --notes "$BODY", and set/remove
--prerelease based on the prerelease flag) before uploading assets so the
release metadata is brought back into sync with the action inputs; ensure you
still run gh release upload --clobber after the gh release edit to update
assets.

---

Nitpick comments:
In @.github/workflows/publish.yml:
- Around line 132-133: Replace the non-reproducible global install "npm install
-g npm@latest" in the workflow step named "Ensure npm 11.5.1 or later for
trusted publishing" with a pinned semver range that guarantees npm 11.x and at
least 11.5.1 (for example use npm@^11.5.1 or an explicit range like ">=11.5.1
<12") so the publish job stays stable; update the run command accordingly and
verify the workflow runs with the pinned version.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 46a13c19-ffe7-44a9-9afb-1ec79577802c

📥 Commits

Reviewing files that changed from the base of the PR and between 5a1b425 and b7300a6.

📒 Files selected for processing (1)

• .github/workflows/publish.yml