Security + dependency-maintenance release. Resolves two undici advisories (one HIGH) and refreshes the GUI build/runtime dependencies. No functional changes — same signed + notarized macOS app as v0.5.1.
Download
| Platform | File |
|---|---|
| macOS (Apple Silicon, 11.0+) | F13.Configurator_0.5.2_aarch64.dmg |
Linux still deferred. The
.AppImage/.debbuilds need a rebuild against an older glibc before they run on common target distros — tracked for a later release. The shell wizard (bin/f13-config) works on Linux today from a checkout.
Security
undici7.25.0 → 7.28.0 — resolves:- HIGH (GHSA-vmh5-mc38-953g): TLS certificate-validation bypass via dropped
requestTlsin the SOCKS5 ProxyAgent. - MEDIUM (GHSA-pr7r-676h-xcf6): cross-user information disclosure via a shared-cache whitespace bypass.
- HIGH (GHSA-vmh5-mc38-953g): TLS certificate-validation bypass via dropped
Other dependency bumps
@sveltejs/kit2.63.0 → 2.66.0svelte5.56.2 → 5.56.3@biomejs/biome2.4.16 → 2.5.0tailwindcss+@tailwindcss/vite4.3.0 → 4.3.1vitest4.1.8 → 4.1.9
All patch/minor; CI green throughout. macOS .dmg builds, signs, notarizes, and Gatekeeper-accepts unchanged.
⚠️ AI-generated
Almost the entire codebase — and the loop that produced it — was written by Claude Code with human review at the diff level, not line-by-line. No formal security audit. See SECURITY.md. Local development use; for production-adjacent work prefer the shell wizard.
Full changelog: https://github.com/revolutionaryPhoton/f13-configurator/blob/main/CHANGELOG.md