[TT-16075] Pump 1.13.1 RNs.mdx

[JoanCamosTyk]

PR Type

Documentation

---

Description

• Add 1.13.1 release notes section

• List security CVEs fixed

• Update dependencies compatibility matrix

• Add downloads and upgrade guidance

---

Diagram Walkthrough

flowchart LR
  RN["Pump release notes (pump.mdx)"]
  V1131["Section: 1.13.1"]
  Sec["Security fixes (CVE list)"]
  Deps["Dependencies & tools matrix"]
  Upg["Upgrade instructions"]
  Dls["Downloads (Docker, source)"]

  RN -- "adds" --> V1131
  V1131 -- "includes" --> Sec
  V1131 -- "includes" --> Deps
  V1131 -- "includes" --> Upg
  V1131 -- "includes" --> Dls

Loading

File Walkthrough

	Relevant files
Documentation	pump.mdx Add Pump v1.13.1 release notes content                                      developer-support/release-notes/pump.mdx Add new "1.13.1 Release Notes" section. Include CVE list under Security Fixes accordion. Add dependencies compatibility table and deprecations. Provide upgrade instructions and download links. +68/-0

---

[github-actions]

PR Reviewer Guide 🔍

(Review updated until commit 99046bd)

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Placeholder Date The release date is marked as 'xx 2025'. Confirm and replace with the actual release date to avoid publishing placeholders. #### Release Date xx 2025 Anchor Consistency The internal link '#Changelog-v1.13.1' uses a capitalized anchor; ensure the generated heading id matches this exact case, or adjust to a lowercase anchor to prevent broken links. In this patch release, we fixed high-priority CVEs. For a comprehensive list of changes, please refer to the detailed [changelog](#Changelog-v1.13.1). CVE Verification Validate the listed CVE IDs and links are correct and relevant to Pump 1.13.1 before publishing; several CVEs are 2025 identifiers—confirm they are fixed in this release. - <a href="https://www.cve.org/CVERecord?id=CVE-2025-47912" target="_blank">CVE-2025-47912</a> - <a href="https://www.cve.org/CVERecord?id=CVE-2025-58183" target="_blank">CVE-2025-58183</a> - <a href="https://www.cve.org/CVERecord?id=CVE-2025-58185" target="_blank">CVE-2025-58185</a> - <a href="https://www.cve.org/CVERecord?id=CVE-2025-58186" target="_blank">CVE-2025-58186</a> - <a href="https://www.cve.org/CVERecord?id=CVE-2025-58187" target="_blank">CVE-2025-58187</a> - <a href="https://www.cve.org/CVERecord?id=CVE-2025-58188" target="_blank">CVE-2025-58188</a> - <a href="https://www.cve.org/CVERecord?id=CVE-2025-58189" target="_blank">CVE-2025-58189</a> - <a href="https://www.cve.org/CVERecord?id=CVE-2025-61723" target="_blank">CVE-2025-61723</a> - <a href="https://www.cve.org/CVERecord?id=CVE-2025-61724" target="_blank">CVE-2025-61724</a> - <a href="https://www.cve.org/CVERecord?id=CVE-2025-61725" target="_blank">CVE-2025-61725</a>

[github-actions]

PR Code Suggestions ✨

Latest suggestions up to 99046bd
Explore these optional code suggestions:

Category	Suggestion	Impact
General	Replace placeholder release date Replace the placeholder date with the actual release date to avoid publishing incorrect information. This ensures consistency with other release entries and prevents confusion for users. developer-support/release-notes/pump.mdx [23] -#### Release Date xx 2025 +#### Release Date 21 November 2025 Suggestion importance[1-10]: 6 __ Why: Replacing the placeholder date on line #### Release Date xx 2025 with the real date prevents publishing inaccurate info; it's correct and low-risk but minor in impact.	Low
Possible issue	Normalize anchor ID casing Standardize the anchor ID to lowercase to align with typical markdown/MDX slug conventions and to match the in-text link. This avoids broken links and inconsistent behavior across renderers. developer-support/release-notes/pump.mdx [64] -<a id="Changelog-v1.13.1"></a> +<a id="changelog-v1.13.1"></a> Suggestion importance[1-10]: 4 __ Why: Lowercasing the anchor ID could improve consistency but would mismatch the existing in-text link which uses #Changelog-v1.13.1; without updating both, it risks breaking navigation.	Low
	Fix case of anchor link The anchor link is case-sensitive in many static site generators; use a lowercase anchor to match typical auto-generated IDs. This prevents broken in-page navigation. developer-support/release-notes/pump.mdx [27] -In this patch release, we fixed high-priority CVEs. For a comprehensive list of changes, please refer to the detailed [changelog](#Changelog-v1.13.1). +In this patch release, we fixed high-priority CVEs. For a comprehensive list of changes, please refer to the detailed [changelog](#changelog-v1.13.1). Suggestion importance[1-10]: 3 __ Why: The link currently points to #Changelog-v1.13.1 which matches the defined anchor ID and works; changing to lowercase could break it, so impact is low and rationale is questionable.	Low

---

Previous suggestions

Suggestions up to commit d7c3c29

Category	Suggestion	Impact
Possible issue	Replace placeholder release date Replace the placeholder date with the actual release date to avoid publishing with incorrect metadata. This prevents confusion for users and downstream automation scraping release dates. developer-support/release-notes/pump.mdx [23] -#### Release Date xx 2025 +#### Release Date 29 October 2025 Suggestion importance[1-10]: 7 __ Why: The placeholder #### Release Date xx 2025 appears in the new hunk and should be replaced with the actual date to avoid releasing inaccurate metadata; the proposed replacement matches the known date used later in the file.	Medium
General	Remove duplicated section heading The "1.13.0 Release Notes" section is duplicated in the file, which will confuse readers and break navigation anchors. Remove the unintended duplicate or adjust headings so each version appears only once. developer-support/release-notes/pump.mdx [66-70] -### 1.13.0 Release Notes +<!-- Removed duplicate heading block to avoid confusion --> -#### Release Date 29 October 2025 - Suggestion importance[1-10]: 6 __ Why: The heading ### 1.13.0 Release Notes appears earlier and again at lines 66-70, creating duplication that can confuse readers; removing the duplicate improves clarity, though it's a content cleanup rather than a critical fix.	Low
	Populate empty security section Provide at least one bullet detailing the security fixes or add a note if none; an empty "Security Fixes" subsection is misleading. This also helps compliance and users assessing impact. developer-support/release-notes/pump.mdx [61-65] #### Changelog <a id="Changelog-v1.13.1"></a> ##### Security Fixes +- Addressed multiple CVEs in dependencies. See release changelog for details. Suggestion importance[1-10]: 5 __ Why: The "Security Fixes" subsection is empty in the new hunk; adding at least a placeholder bullet improves completeness and user guidance, but the suggested content is generic and may require verification.	Low

[github-actions]

Persistent review updated to latest commit 99046bd

[buger]

/release to release-5.10

[github-actions]

✅ Cherry-pick successful. A PR was created and auto-merged (if allowed): #1063