This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+4 more
Affected surfaces
ReleasePort's take
Light signalRelease v0.57.1 resolves a transitive denial‑of‑service vulnerability in the qs dependency (GHSA-q8mj-m7cp-5q26).
Why it matters: The fix eliminates a high‑severity (severity 70) DoS risk affecting any surface using qs; upgrade to v0.57.1 immediately.
Summary
AI summaryFixed a transitive denial‑of‑service vulnerability in the qs dependency.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | High |
Resolved transitive denial-of-service advisory in qs dependency (GHSA-q8mj-m7cp-5q26). Resolved transitive denial-of-service advisory in qs dependency (GHSA-q8mj-m7cp-5q26). Source: llm_adapter@2026-06-02 Confidence: low |
— |
| Dependency | Low |
Updated openid-client to v6; minor bumps to googleapis and puppeteer. Updated openid-client to v6; minor bumps to googleapis and puppeteer. Source: llm_adapter@2026-06-02 Confidence: high |
— |
Full changelog
Changed
- Updated
openid-clientto v6. This is an internal rewrite of the OIDC/SSO implementation; the fourOIDC_*environment variables and the login flow are unchanged (the client-secret token-endpoint authentication method is preserved). Minor bumps togoogleapisandpuppeteer.
Security
- Resolved a transitive denial-of-service advisory in the
qsdependency (GHSA-q8mj-m7cp-5q26).
Security Fixes
- GHSA-q8mj-m7cp-5q26 — transitive denial‑of‑service advisory in qs dependency
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Beta — feedback welcome: [email protected]