This release fixes issues for SREs watching stability and regressions.
✓ No known CVEs patched in this version
Topics
Affected surfaces
Summary
AI summaryUpdates β¬οΈ Dependency updates, deps, and π Bug fixes across a mixed release.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Dependency | Low |
Updates fastapi to v0.136.3. Updates fastapi to v0.136.3. Source: llm_adapter@2026-05-29 Confidence: high |
β |
| Dependency | Low |
Updates coverage to v7.14.1. Updates coverage to v7.14.1. Source: llm_adapter@2026-05-29 Confidence: high |
β |
| Dependency | Low |
Updates uvicorn to v0.48.0. Updates uvicorn to v0.48.0. Source: llm_adapter@2026-05-29 Confidence: high |
β |
| Dependency | Low |
Updates SQLAlchemy to v2.0.50. Updates SQLAlchemy to v2.0.50. Source: llm_adapter@2026-05-29 Confidence: high |
β |
| Dependency | Low |
Updates ingredient-parser-nlp to v2.7.0. Updates ingredient-parser-nlp to v2.7.0. Source: llm_adapter@2026-05-29 Confidence: high |
β |
| Dependency | Low |
Performs lockβfile maintenance. Performs lockβfile maintenance. Source: llm_adapter@2026-05-29 Confidence: high |
β |
| Bugfix | Medium |
Regenerates empty .secret file with valid value, invalidating existing tokens. Regenerates empty .secret file with valid value, invalidating existing tokens. Source: llm_adapter@2026-05-29 Confidence: low |
β |
Full changelog
π΄π΄π΄π΄π΄π΄
This release contains a fix for users with an empty .secret file not being able to log-in with local auth. Your .secret file will be regenerated with a valid value. Note that this will invalidate existing tokens, including API keys.
π Bug fixes
- fix: Ensure secret key is not empty @michael-genson (#7701)
π¨ Internal development
- dev: Set renovarte bot PRs to "immediate" @michael-genson (#7690)
β¬οΈ Dependency updates
6 changes- fix(deps): update dependency fastapi to v0.136.3 @renovate[bot] (#7692)
- chore(deps): update dependency coverage to v7.14.1 @renovate[bot] (#7691)
- fix(deps): update dependency uvicorn to v0.48.0 @renovate[bot] (#7696)
- fix(deps): update dependency sqlalchemy to v2.0.50 @renovate[bot] (#7693)
- fix(deps): update dependency ingredient-parser-nlp to v2.7.0 @renovate[bot] (#7695)
- chore(deps): lock file maintenance @renovate[bot] (#7697)
π΄π΄π΄π΄π΄π΄
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About mealie
Mealie is a self hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in Vue for a pleasant user experience for the whole family. Easily add recipes into your database by providing the url and mealie will automatically import the relevant data or add a family recipe with the UI editor
Beta — feedback welcome: [email protected]