This release includes 2 security fixes for security teams reviewing exposed deployments.
Topics
ReleasePort's take
Moderate signalVersion v0.19.5 patches a high‑severity GHSA (GHSA-rqrh-8wpv-x7hh) and a moderate‑severity GHSA (GHSA-588f-fvcv-xhvf).
Why it matters: The release fixes two security vulnerabilities – one High severity (GHSA-rqrh-8wpv-x7hh) and one Moderate severity (GHSA-588f-fvcv-xhvf) – affecting the runtime/dependency surface.
Summary
AI summaryUpdates ⛔ Security Fixes ⛔, https://github.com/tonghuaroot, and https://github.com/Yunkaiwjs across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | High |
Fixes security vulnerability GHSA-rqrh-8wpv-x7hh (High) Fixes security vulnerability GHSA-rqrh-8wpv-x7hh (High) Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Security | Medium |
Fixes security vulnerability GHSA-588f-fvcv-xhvf (Moderate) Fixes security vulnerability GHSA-588f-fvcv-xhvf (Moderate) Source: llm_adapter@2026-06-01 Confidence: high |
— |
| Dependency | Low |
Bumps dependencies Bumps dependencies Source: llm_adapter@2026-06-01 Confidence: high |
— |
Full changelog
⛔ Security Fixes ⛔
- security vulnerability GHSA-rqrh-8wpv-x7hh - High
- security vulnerability GHSA-588f-fvcv-xhvf - Moderate
Thanks to:
Changes
Fixed
- security vulnerability GHSA-rqrh-8wpv-x7hh
- security vulnerability GHSA-588f-fvcv-xhvf
Changed
- bump deps
Full Changelog: https://github.com/enchant97/note-mark/compare/v0.19.4...v0.19.5
Security Fixes
- GHSA-rqrh-8wpv-x7hh — High severity security vulnerability fixed.
- GHSA-588f-fvcv-xhvf — Moderate severity security vulnerability fixed.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Beta — feedback welcome: [email protected]