Skip to content

v3.102.0

Choose a tag to compare

@claudfuen claudfuen released this 15 Jul 19:12

3.102.0 (2026-07-15)

Bug Fixes

  • ci: pin Syft 1.46.0 in SBOM action (1.42.3 can't parse bun.lock) (#3415) (5f47024)
  • ci: scan bun.lock via file: input so the SBOM isn't empty (#3414) (e47e6fd)
  • deps: override uuid to ^11.1.1 (Dependabot #85) (#3418) (598ff8c)
  • deps: patch tmp and js-yaml in mcp-server (Dependabot #58/#59/#71) (#3412) (59a6b0f)
  • deps: remediate dependency security vulnerabilities (#3403) (7577a37)
  • deps: remediate dependency security vulnerabilities (165→16, 4 critical→0) (#3406) (d403e9c)
  • device-agent: implement the installer-cleanup fix (#3381) (0f7581b)
  • security: prevent SSRF in task-automation enterprise API calls (#3411) (dcec288), closes #116
  • security: resolve open CodeQL alerts (XSS, sanitization, workflow perms) (#3419) (32329be), closes #108 js/xss-throu#dom #95 84/#85

Features

  • framework-editor: raise requirement description limit to 100,000 chars (FRAME-2) (67c9f4a)