A patch release focused on dependency security, a small TypeDoc cleanup, and clearer package docs. No breaking changes and no user-facing behavior change.
Security
Cleared all open Socket and Dependabot advisories:
esbuild(dwar, production dependency) →^0.28.1— resolves the dev-server request / arbitrary-file-read advisories.- Dev/build toolchain:
happy-dom→^20,vitest→^4.1.10,vite→^8.1.3,turbo→^2.10.4. - Transitive overrides for
markdown-it,linkify-it,shell-quote,fast-uri,brace-expansion, andjs-yaml(CVE-2026-53550).
The remaining Socket "obfuscated code" flags on preact / underscore / brace-expansion / es-module-lexer are false positives on minified dist output, not vulnerabilities.
Changed
- setu / typedoc — removed the inert
sectionOrder/clubSidebarItemshandling under the TypeDoc flavor. Under TypeDoc the module hierarchy owns the API sidebar and doc groups order viadocGroups; these options were accepted but had no effect. No behavior change.
Docs
- Corrected the TypeDoc sidebar-lever documentation (getting-started, structure-your-sidebar, configuration) across all locales.
- Made the
clean-jsdoc-themeand@clean-jsdoc-theme/typedocpackage READMEs standalone, each centered on its own toolchain.
Full changelog: v5.0.6...v5.0.7