emdash

v@emdash-cms/[email protected] Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 14d Productivity & Wikis

✓ No known CVEs patched

✓ No known CVEs patched in this version

Topics

astro cms emdash typescript

Summary

AI summary

Deprecates --license, --author-, and --security- flags in favor of emdash-plugin.jsonc manifest.

Type	Severity	Summary	CVE
Feature	Medium	Publishes full profile block from emdash-plugin.jsonc, including name, description, keywords, multiple authors, and security contacts to package profile record. Publishes full profile block from emdash-plugin.jsonc, including name, description, keywords, multiple authors, and security contacts to package profile record. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—
Dependency	Medium	Updated dependency @emdash-cms/registry-client to version 0.1.0. Updated dependency @emdash-cms/registry-client to version 0.1.0. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: low	—
Deprecation	Medium	Deprecates --license, --author-, and --security- flags in favor of manifest declarations; flags still work with deprecation warning when used. Deprecates --license, --author-, and --security- flags in favor of manifest declarations; flags still work with deprecation warning when used. Source: granite4.1:8b-q6_K@2026-05-20 Confidence: high	—

Full changelog

#1112 3756168 Thanks @ascorbic! - Publishes the full profile block from emdash-plugin.jsonc. First publish now writes name, description, keywords, multiple authors, and multiple security contacts to the package profile record, plus the source repo URL to the release record — previously only license and a single author/security contact were sent.

Deprecates the --license, --author-*, and --security-* flags in favour of declaring these in emdash-plugin.jsonc. The flags still work and override the manifest when both are present; a deprecation warning is printed when they are used.

Deprecates the `--license`, `--author-*`, and `--security-*` CLI flags; they will be removed in a future release.

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track emdash

Get notified when new releases ship.

About emdash

[email protected] Schema migration adds `locale` and `translation_group` columns to `_emdash_bylines`.
[email protected] Byline hydration now strictly per-locale, suppressing cross‑locale fallback.
v@emdash-cms/[email protected] Changes `_emdash_content_bylines.byline_id` to store translation_group instead of row id, enforcing strict per-locale credit hydration.
v@emdash-cms/[email protected] Registry install handler fails closed on non-conforming aggregator release records.
v@emdash-cms/[email protected] Menu and menu-item API responses now camelCase, breaking clients expecting snake_case keys.