This release keeps dependencies and maintenance posture current for teams operating this tool.
✓ No known CVEs patched in this version
Topics
Affected surfaces
Summary
AI summaryMinor fixes and improvements.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Low |
Add production.cloudfront.docker.com endpoint to harden‑runner. Add production.cloudfront.docker.com endpoint to harden‑runner. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Dependency | Low |
Bump go-git/v5 from 5.19.0 to 5.19.1. Bump go-git/v5 from 5.19.0 to 5.19.1. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Dependency | Low |
Bump golang.org/x/sys from 0.44.0 to 0.45.0. Bump golang.org/x/sys from 0.44.0 to 0.45.0. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Dependency | Low |
Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1. Bump golangci/golangci-lint-action from 9.2.0 to 9.2.1. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Dependency | Low |
Bump google.golang.org/api from 0.279.0 to 0.280.0. Bump google.golang.org/api from 0.279.0 to 0.280.0. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Dependency | Low |
Bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2. Bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Dependency | Low |
Bump step-security/harden-runner from 2.19.3 to 2.19.4. Bump step-security/harden-runner from 2.19.3 to 2.19.4. Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Dependency | Low |
Bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6. Bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6. Source: llm_adapter@2026-06-01 Confidence: high |
— |
Full changelog
Changelog
- 3e28547cefa08f7c86e04c9fc0f387b511038692 build(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 in the go_modules group across 1 directory (#2239)
- cf1f1ef14c0e4cad83023de649602dc6a9123cec build(deps): bump golang.org/x/sys from 0.44.0 to 0.45.0 (#2244)
- 16754c8752a57f045947d1de41fde340e149f875 build(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#2247)
- 78799c7fa53fc024fcedaf7a31ae378839e530fe build(deps): bump google.golang.org/api from 0.279.0 to 0.280.0 (#2245)
- aa8297690dd86e01779546a64c912932703d4f68 build(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 (#2241)
- 442b9db17b8bfa054a6f82c525d8ce8fa5d1cc0b build(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4 (#2248)
- 74e64086fae76d1ab743bfe0ae2736c6d5f3ed99 build(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 (#2240)
- dda427e47efc02b31648f8ee2fb82ddbf5212f9c chore(harden-runner): add production.cloudfront.docker.com endpoint (#2250)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Beta — feedback welcome: [email protected]