Nhost

v@nhost/[email protected] Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 16d API Development

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 3 known CVEs

Topics

authentication backend backend-as-a-service database firebase flutter

+12 more

graphql hasura javascript nextjs nhost postgresql react serverless serverless-functions storage typescript vue

Affected surfaces

auth deps

Summary

AI summary

Rename session.Session to StoredSession, requiring code updates.

Full changelog

[@nhost/[email protected]] - 2026-05-18

🐛 Bug Fixes

(deps) Bump up uuid, Astro and xmldom due to CVEs (#4187)
(deps) Fix postcss XSS advisory (GHSA-qx2v-qp2m-jg93) (#4197)
(nhost-js) Rename session.Session to StoredSession to disambiguate from auth.Session (#4194)
(auth) Revoke all sessions on password change (#4192)
(ci) Make build and check work on NixOS (#4234)
(deps) Fix fast-uri advisory (GHSA-v39h-62p7-jpjc) (#4265)
(deps) Update biome to 2.4.15 (#4270)

⚙️ Miscellaneous Tasks

(nixops) Bump nhost cli (#4173)

Chore

(deps) Update pnpm to v11 (#4275)

Breaking Changes

Rename session.Session to StoredSession

Security Fixes

deps: Bump uuid, Astro and xmldom due to CVEs
deps: Fix postcss XSS advisory (GHSA-qx2v-qp2m-jg93)
deps: Fix fast-uri advisory (GHSA-v39h-62p7-jpjc)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Nhost

Get notified when new releases ship.

About Nhost

The Open Source Firebase Alternative with GraphQL.

All releases →