This release includes 2 security fixes for security teams reviewing exposed deployments.
Topics
+4 more
Affected surfaces
ReleasePort's take
Light signalThe v0.2.8-1 release patches vulnerabilities in several runtime dependencies and bumps sanitize‑html to a safer version.
Why it matters: Patching uuid, hono, postcss, fast-uri, ip-address, and upgrading sanitize-html to 2.17.4 mitigates known security flaws affecting dependency surfaces; adopt immediately for exposed runtimes.
Summary
AI summaryMinor fixes and improvements.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Medium |
Add table to persist token usage. Add table to persist token usage. Source: llm_adapter@2026-05-24 Confidence: low |
— |
| Dependency | Medium |
Patch pnpm audit vulnerabilities in uuid, hono, postcss, fast-uri, ip-address, babel. Patch pnpm audit vulnerabilities in uuid, hono, postcss, fast-uri, ip-address, babel. Source: llm_adapter@2026-05-24 Confidence: high |
— |
| Dependency | Medium |
Bump sanitize-html from 2.17.3 to 2.17.4. Bump sanitize-html from 2.17.3 to 2.17.4. Source: llm_adapter@2026-05-24 Confidence: high |
— |
| Deprecation | Low |
Archive old specs. Archive old specs. Source: granite4.1:30b@2026-05-24-audit Confidence: low |
— |
| Bugfix | Medium |
Improve logging security. Improve logging security. Source: llm_adapter@2026-05-24 Confidence: low |
— |
| Refactor | Low |
Refactor docker file. Refactor docker file. Source: granite4.1:30b@2026-05-24-audit Confidence: low |
— |
| Refactor | Low |
Refactor pnpm security and dependabot policies. Refactor pnpm security and dependabot policies. Source: granite4.1:30b@2026-05-24-audit Confidence: low |
— |
| Refactor | Low |
Cleanup Dockerfile after refactor. Cleanup Dockerfile after refactor. Source: granite4.1:30b@2026-05-24-audit Confidence: low |
— |
| Refactor | Low |
Cleanup after Yjs integration. Cleanup after Yjs integration. Source: granite4.1:30b@2026-05-24-audit Confidence: low |
— |
Full changelog
What's Changed
- build(deps): bump the production-dependencies group across 1 directory with 20 updates by @dependabot[bot] in https://github.com/b310-digital/teammapper/pull/1264
- add table to persist token usage by @JannikStreek in https://github.com/b310-digital/teammapper/pull/1280
- improve logging security by @JannikStreek in https://github.com/b310-digital/teammapper/pull/1284
- build(deps): patch pnpm audit vulnerabilities (uuid, hono, postcss, fast-uri, ip-address, babel) by @JannikStreek in https://github.com/b310-digital/teammapper/pull/1286
- build(deps): bump sanitize-html from 2.17.3 to 2.17.4 by @dependabot[bot] in https://github.com/b310-digital/teammapper/pull/1291
- Refactor docker file by @JannikStreek in https://github.com/b310-digital/teammapper/pull/1295
- refactor pnpm security and dependabot policies by @JannikStreek in https://github.com/b310-digital/teammapper/pull/1296
- cleanup dockerfile after refactor by @JannikStreek in https://github.com/b310-digital/teammapper/pull/1299
- refactor: cleanup after yjs integration by @JannikStreek in https://github.com/b310-digital/teammapper/pull/1300
- refactor: archive old specs by @JannikStreek in https://github.com/b310-digital/teammapper/pull/1301
Full Changelog: https://github.com/b310-digital/teammapper/compare/v0.2.7-1...v0.2.8-1
Security Fixes
- patch pnpm audit vulnerabilities (uuid, hono, postcss, fast-uri, ip-address, babel)
- bump sanitize-html from 2.17.3 to 2.17.4
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About TeamMapper
Host and create your own mindmaps. Share your mindmap sessions with your team and collaborate live on mindmaps.
Beta — feedback welcome: [email protected]