This release includes 1 security fix for security teams reviewing exposed deployments.
Published 2mo
AI Agents & Assistants
✓ No known CVEs patched
This release patches 1 known CVE
Topics
ai-agent
anthropic
claude-code
claude-code-plugin
cli
contribution-tracker
+6 more
developer-tools
github
github-automation
issue-discovery
pr-management
typescript
Affected surfaces
deps
rce_ssrf
Summary
AI summaryResolve a flatted prototype pollution vulnerability.
Full changelog
1.5.0 (2026-03-21)
Features
- add /setup-automation command for optional headless cron jobs (#801) (7f1d876)
- add daily PR status cron workflow and SessionStart hook integration (#800) (44c7888)
- add headless cron workflow for automated issue list curation (#797) (90a036b), closes #784
- add headless cron workflow for dependabot PR auto-triage (#783) (#798) (0a2e848)
- add weekly cron workflow for shelved/waiting PR audit (#785) (#799) (7c8a79c)
- default to skipping PR comments when code speaks for itself (#795) (dcd88e1)
- include full clickable repo URLs in search results (#796) (a3ec8e8), closes #789
- make review-fix convergence loop mandatory before PR readiness (#794) (fb054f0)
- strengthen claim verification in PR comment drafting (#788) (#793) (f6bc2f7)
- work on issues before claiming them (#803) (9301411)
Bug Fixes
Security Fixes
- Resolve flatted prototype pollution vulnerability
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About costajohnt/oss-autopilot
Open source contribution manager with PR tracking across repos, issue discovery, CI failure diagnosis, and maintainer response drafting. Available as CLI, MCP server, and Claude Code plugin.
Related context
Related tools
Beta — feedback welcome: [email protected]