lyonzin/knowledge-rag

v3.6.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 1mo MCP Developer Tools

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

antigravity claude claude-code claude-code-cli codex cursor-ai

+14 more

document-search hybrid-search inteligencia-artificial knowledge-base local-ai mcp mcp-server llm rag-chatbot rag-pipeline reranking retrieval-augmented-generation semantic-search vector-db

Affected surfaces

deps

Summary

AI summary

NPM packages now include SLSA provenance attestation providing cryptographic proof of build origin.

Full changelog

Security

NPM Provenance: Packages now include SLSA provenance attestation — cryptographic proof linking each npm release to its GitHub Actions build
Full README: npm page now shows the complete project documentation instead of the minimal wrapper README

Metadata

Added funding field to npm package

No code changes. Infrastructure-only release for supply chain security.

Full Changelog

https://github.com/lyonzin/knowledge-rag/compare/v3.6.1...v3.6.2

Security Fixes

NPM Provenance: SLSA provenance attestation added to packages, providing cryptographic proof linking each release to its GitHub Actions build

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track lyonzin/knowledge-rag

Get notified when new releases ship.

About lyonzin/knowledge-rag

Local RAG system for Claude Code with hybrid search (BM25 + semantic), cross-encoder reranking, markdown-aware chunking, query expansion, and 12 MCP tools. Runs entirely offline with zero external servers.

All releases →