Release history
cleanslate releases
☀ Track food without judgment
All releases
21 shown
v4.20.0
Maintenance
Minor fixes and improvements.
Full changelog
What's Changed
Security: Admins should update their instances.
- Bump @tootallnate/once from 2.0.0 to 2.0.1 in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/successible/cleanslate/pull/514
- Bump fast-uri from 3.1.1 to 3.1.2 in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/successible/cleanslate/pull/515
- Bump @babel/plugin-transform-modules-systemjs from 7.29.0 to 7.29.4 in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/successible/cleanslate/pull/516
Enhancements:
- Upgrade to pnpm v11
- Lock file maintenance by @renovate[bot] in https://github.com/successible/cleanslate/pull/513
Full Changelog: https://github.com/successible/cleanslate/compare/v4.19.0...v4.20.0
v4.19.0
Security relevant
Security fixes
- Updated uuid dependency to v14 (SECURITY)
Full changelog
What's Changed
Security: Admins should update their instances.
- Update dependency uuid to v14 [SECURITY] by @renovate[bot] in https://github.com/successible/cleanslate/pull/508
Updates:
- Update all non-major dependencies by @renovate[bot] in https://github.com/successible/cleanslate/pull/504
- Lock file maintenance by @renovate[bot] in https://github.com/successible/cleanslate/pull/505
- Update all non-major dependencies by @renovate[bot] in https://github.com/successible/cleanslate/pull/509
- Lock file maintenance by @renovate[bot] in https://github.com/successible/cleanslate/pull/510
- Update all non-major dependencies by @renovate[bot] in https://github.com/successible/cleanslate/pull/512
Full Changelog: https://github.com/successible/cleanslate/compare/v4.18.0...v4.19.0
v4.18.0
Security relevant
Security fixes
- Removed console.log that exposed API key via profile object to client
- Updated npm and yarn dependency vulnerabilities
Full changelog
What's Changed
-
Security: Admins may want to rotate their API keys. We had a call to
console.logthat was logging theprofileto a user's client.profiledoes contain the API key, amongst other things. However, the value is scoped to the user's device, asprofileis stored inlocalStorage. Hence, this only made it marginally easier for curious users, malicious browser extensions, or browser-based loggers (like Sentry, if you have one installed) to see it. However, considering all of them already have client-side access, they already could see it! Hence, the point basically moot, and debately not even an issue. However, in the interest of maximum transparency, we are reporting it anyway. @paulzakin in https://github.com/successible/cleanslate/pull/503. -
Security: Bump the npm_and_yarn group across 2 directories with 1 update by @dependabot[bot] in https://github.com/successible/cleanslate/pull/502. Admins should update Clean Slate.
-
Update all non-major dependencies by @renovate[bot] in https://github.com/successible/cleanslate/pull/500
-
Lock file maintenance by @renovate[bot] in https://github.com/successible/cleanslate/pull/501
Full Changelog: https://github.com/successible/cleanslate/compare/v4.17.1...v4.18.0
v4.17.1
Bug fix
## What's Changed * Fix bug in improvement to barcode scanning
v4.17.0
Maintenance
## What's Changed * Improve the handling of the barcode Now handles grams/mL/count properly.
v4.16.0
Security relevant
Security updates to axios and Next.js dependencies.
v4.15.0
Bug fix
Fixed issue where previous day's foods remained visible for 2-5 seconds when opening the app on a new day.
v4.14.0
Security relevant
Security patches were applied to lodash, lodash-es, and pnpm, and dependency lock files were refreshed to fix known vulnerabilities and ensure reproducible builds.
v4.13.0
Security relevant
Security patches applied to all non-major dependencies, lock file refined, and vulnerable libraries upgraded, requiring admin update.
v4.12.0
Security relevant
Security fixes address npm_and_yarn permission grouping and upgrade a Next.js dependency; dependency updates and lock file refresh improve overall stability and reduce vulnerability risk.
v4.11.0
Security relevant
The immutable library was upgraded to patch a vulnerability, requiring administrators to apply the change.
v4.10.0
Security relevant
Upgraded vulnerable packages and lock files to mitigate supply chain risks and ensure stable dependency resolution.
v4.9.0
Security relevant
Security patches for npm_and_yarn and axios were applied, non-major dependencies and lock files were updated, and administrators are urged to apply the updates.
v4.8.0
Security relevant
Critical dependency updates were applied to mitigate security vulnerabilities and maintain package lock integrity; admins should update the instance promptly.
4.7.1
Security relevant
Bumped lodash-es dependency to address a security vulnerability and updated lock files to reflect latest package versions.
v4.7.0
Maintenance
All non‑major dependencies were upgraded and the lock file was regenerated, improving security and stability of the application.
v4.6.0
Security relevant
Removed a vulnerable dependency, closing known vulnerabilities, updating the lock file and other non-major dependencies, so admins must patch for a secure deployment.
v4.5.0
Bug fix
Lock file was updated and a dependency was patched, improving stability and fixing issues without breaking existing behavior.
v4.4.0
Maintenance
Dependency packages were upgraded and the lock file was regenerated to ensure consistent builds, while the locale handling was corrected to treat commas as decimal separators, improving reliability for international users.