This release includes 1 breaking change for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+8 more
Affected surfaces
Summary
AI summaryRemoved GOOGLE_DRIVE_CLIENT_ID from relay form, changing OAuth client setup.
Full changelog
v2.19.0 (2026-04-01)
This release is published under the MIT License.
Bug Fixes
-
Correct CodeQL action SHA pin (
07fc6eb) -
Correct test mocking for relay settings and platform-specific tests (
ed98b84) -
Format relay_setup.py (
df068be) -
Prevent env var leakage in relay setup tests (
33b73fe) -
Remove GOOGLE_DRIVE_CLIENT_ID from relay form (
94ce50b) -
Send complete message AFTER GDrive OAuth, not before (
809a417) -
Trigger GDrive OAuth from default settings, not relay config (
9024faf) -
ci: Add coverage threshold fail_under=95 (
d59b080) -
ci: Replace Semgrep with CodeQL for public repo SAST compliance (
4a722e0) -
test: Update relay schema tests for flat fields structure (
cabfca0)
Chores
Continuous Integration
-
Fix Qodo vertex_ai config and VERTEXAI_LOCATION (
824bcb8) -
cd: Add plugin marketplace sync on stable release (
e203f86)
Features
-
Add GDrive OAuth client_secret for Device Code token exchange (
9ff4fcc) -
Boost test coverage to 95%+ with comprehensive unit tests (
5a04b7d) -
Ship default GDrive OAuth Client ID (
a9d9c9b)
Detailed Changes: v2.19.0-beta.1...v2.19.0
Breaking Changes
- Removed GOOGLE_DRIVE_CLIENT_ID field from relay form
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About n24q02m/wet-mcp
Web search (embedded SearXNG), content extraction, and library docs indexing with hybrid search (FTS5 + semantic). Built-in Qwen3 embedding, no API keys required.
Related context
Beta — feedback welcome: [email protected]