Skip to content

5.0.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 16 Jun 11:35
· 1 commit to main since this release
v5.0.0
756bde1

Important

This release includes a fix for a known security vulnerability.

BREAKING Changes

  • Reworked npm handling – npm is now executed explicitly rather than through a subshell.
    The behavior when npm_execpath is present remains unchanged.

Fixed

  • Eliminated a potential shell‑injection vulnerability in the --workspace argument (via #1476)
    See GHSA-v75r-vx73-82pj

What's Changed

  • chore(deps-dev): bump jest from 30.2.0 to 30.3.0 in the jest group across 1 directory by @dependabot[bot] in #1430
  • chore(ci): fix dogfooding tests by @jkowalleck in #1443
  • Pin GitHub Actions to immutable SHAs while preserving tag-based update flow by @Copilot in #1442
  • chore(ci): node26 by @jkowalleck in #1461
  • fix: eliminate possible shell-injection in --workspace argument by @jkowalleck in #1476

New Contributors

  • @Copilot made their first contribution in #1442

Full Changelog: v4.2.1...v5.0.0

Contributors

jkowalleck and dependabot
Assets 3
Loading