This release includes 1 security fix for security teams reviewing exposed deployments.
Affected surfaces
ReleasePort's take
Light signalUpdate the Next.js dependency to version 16.2.6 to apply the security fix.
Why it matters: Version v4.21.0 of the tool updates its Next.js dependency to v16.2.6, which addresses a reported security vulnerability; upgrading resolves that risk.
Summary
AI summaryUpdate Next.js dependency to v16.2.6 for a security fix.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Update dependency to v16.2.6 addresses security vulnerability. Update dependency to v16.2.6 addresses security vulnerability. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Dependency | Low |
Update all non-major dependencies to their latest versions. Update all non-major dependencies to their latest versions. Source: granite4.1:30b@2026-05-22-audit Confidence: low |
— |
Full changelog
What's Changed
Security: Admins should update their instance
- Update dependency next to v16.2.6 [SECURITY] by @renovate[bot] in https://github.com/successible/cleanslate/pull/518
Enhancements and Updates:
- Update all non-major dependencies by @renovate[bot] in https://github.com/successible/cleanslate/pull/517
- Lock file maintenance by @renovate[bot] in https://github.com/successible/cleanslate/pull/519
Full Changelog: https://github.com/successible/cleanslate/compare/v4.20.0...v4.21.0
Security Fixes
- Update dependency next to v16.2.6 — security patch
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]