Skip to content

goklab/guardvibe

v3.17.0 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 4d MCP Security & Auth
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-security claude clerk cursor cve drizzle
+14 more
hono mcp mcp-server nextjs owasp prisma prompt-injection static-analysis security stripe supabase typescript vercel vibe-coding

ReleasePort's take

Light signal
editorial:auto 4d

Version v3.17.0 of GuardVibe fixes bug VG126 by preventing the rule from triggering on provably constant arguments such as string literals, const-list iterations, or RegExp.clone calls.

Why it matters: Affects developers using the VG126 rule engine; eliminates false positives for constant inputs, improving reliability without altering behavior.

Summary

AI summary

Dynamic RegExp rule VG126 no longer fires on provably constant arguments.

Changes in this release

Bugfix Medium

No longer fires VG126 when argument is provably constant (string literal, const-list iteration, RegExp.clone).

No longer fires VG126 when argument is provably constant (string literal, const-list iteration, RegExp.clone).

Source: llm_adapter@2026-06-09

Confidence: high
Full changelog
  • VG126 (Dynamic RegExp from user input) no longer fires when the argument is provably constant: a string literal, a const-list iteration (incl. imported SCREAMING_SNAKE lists), or someRegExp.source/.flags (cloning a compiled RegExp); minified bundles skipped
  • Validated: 29 to 21, all 8 removed are confirmed non-user-input (bot-pattern lists, a minified vendor bundle, RegExp clones), 0 true positives lost
  • No rule or tool changes (442 / 37); gate green (PASS/A/0)

Breaking Changes

  • Rule VG126 (Dynamic RegExp from user input) is disabled for provably constant arguments such as string literals, const-list iterations (including imported SCREAMING_SNAKE lists), and clones via someRegExp.source/.flags; minified bundles are also skipped.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track goklab/guardvibe

Get notified when new releases ship.

Sign up free

About goklab/guardvibe

Security MCP for vibe coding with 330 rules and 29 tools. Purpose-built for AI-generated code — scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 25+ modules. Cross-file taint analysis, host security audit, auto-fix, SARIF export, pre-commit hook, and CVE version detection. Zero config, runs locally.

All releases →

Related context

Beta — feedback welcome: [email protected]