v0.1.3

Compare Source

Patch Changes

• #​12 ad0ec98 Thanks @​renovate! - Bump oxc toolchain: oxlint/@oxlint/plugins 1.58.0 → 1.63.0, oxfmt 0.43.0 → 0.48.0, oxlint-tailwindcss 0.6.1 → 0.7.0. Also bump vite-plus 0.1.16 → 0.1.21 since oxfmt ≥ 0.44.0 restricted its package exports and older vite-plus could no longer resolve the oxfmt binary.

• #​18 b2e48cc Thanks @​renovate! - Bump oxc toolchain: oxlint/@oxlint/plugins 1.63.0 → 1.66.0, oxfmt 0.48.0 → 0.51.0, oxlint-tailwindcss 0.7.0 → 0.8.0. New rules now enabled via existing category settings: no-implied-eval, react/no-object-type-as-default-prop, react/no-unstable-nested-components, jsx-a11y/control-has-associated-label, jsx-a11y/no-interactive-element-to-noninteractive-role, jsx-a11y/no-noninteractive-element-interactions, jsx-a11y/no-noninteractive-element-to-interactive-role.

v2.8.1

Compare Source

• Revert "fix(ext/node): polyfill module.enableCompileCache and companions"
  (#​34190) (#​34348)
• feat(bundle): support browser field map in package.json (#​34407)
• fix(bundle): read package.json sideEffects field (#​34406)
• fix(cli): clearer error when importing .node addon via ESM (#​34361)
• fix(config): don't panic when --config path can't be converted to URL (#​34351)
• fix(core): allow host objects to round-trip through core.deserialize (#​34380)
• fix(core): keep lazy_loaded_esm sources across concurrent loads (#​34353)
• fix(ext/fetch,ext/websocket): check resolved IPs against net deny list
  (#​34236)
• fix(ext/node): TLSSocket.authorized=false when client presents no cert
  (#​34381)
• fix(ext/node): accept array forms of cert/key/pfx in createSecureContext
  (#​34379)
• fix(ext/node): add missing node:util APIs getSystemErrorMap,
  transferableAbortSignal, transferableAbortController (#​34372)
• fix(ext/node): allow omitting arguments in base64Slice (#​34318)
• fix(ext/node): attach register as static on Module (#​34305)
• fix(ext/node): do not throw NotFound for fs.exists (#​34244)
• fix(ext/node): drop extra positional args in promisified fs.promises.*
  (#​34347)
• fix(ext/node): emit 'error' event for fs.watch open failures (#​34398)
• fix(ext/node): enforce minimum Miller-Rabin rounds in checkPrime (#​34391)
• fix(ext/node): extract cert/key from pfx in tls SecureContext (#​34383)
• fix(ext/node): prevent panic on node:sqlite aggregate method (#​34385)
• fix(ext/node): require env permission for process.loadEnvFile (#​34350)
• fix(ext/node): reset req.reusedSocket on transparent retry (#​34376)
• fix(ext/node): support PKCS#12 MACs other than SHA-1 (#​34342)
• fix(ext/node): tolerate non-AsyncWrap handles in _getNewAsyncId (#​34413)
• fix(http): wake runtime after direct serve dispatch (#​34387)
• fix(inspector): emit NodeWorker.attachedToWorker for late workers (#​34377)
• fix(node/util): don't invoke Proxy traps in util.inspect (#​34373)
• fix(pack): remove automatic @​deno/shim-deno injection (#​34411)
• fix(runtime): lazy-loaded globals should shadow on inherited [[Set]] (#​34405)
• fix(task): walk ancestor node_modules/.bin in BYONM mode (#​34364)
• fix(transpile): preserve newlines after multi-line block comments (#​34357)
• fix(types): restore brotli in CompressionFormat for dom/webworker libs
  (#​34349)
• fix(upgrade): zstd-compress bsdiff delta patches (#​34354)
• fix: allow --inspect=localhost:0 to resolve hostnames (#​34230)
• fix: panic in deno test --parallel (#​34378)
• fix: support npm: specifiers in --preload and --import (#​34346)
• perf(ext/node): reuse keep-alive timer in node:http server (#​34302)

v2.93.0: GitHub CLI 2.93.0

Compare Source

Security

A security vulnerability has been identified, and fixed, that would incorrectly include authorization header in API requests to TUF repository mirrors via gh attestation, gh release verify, and gh release verify-asset commands.

Users are advised to update gh to version v2.93.0 as soon as possible.

For more information see: GHSA-8xvp-7hj6-mcj9

Support agents in gh secret command set

The gh secret command set can now set agent secrets. For more information, see "Configuring secrets and variables for Copilot cloud agent".

What's Changed

✨ Features

• Allow agents as application for secrets by @​tenjaa in #​13421

🐛 Fixes

• fix(pr): remove numberFieldOnly optimization that skips API validation by @​williammartin in #​13327
• Print gh auth refresh for 401 returns by @​333fred in #​13068
• Derive digest algorithm from ref length in release verify commands by @​bdehamer in #​13430

📚 Docs & Chores

• Add missing //go:build integration tag to verify_integration_test.go by @​pdostal in #​13303
• Fix flaky accessible prompter Password test timeout by @​pdostal in #​13304
• Enable extended PR screening for external PRs by @​tidy-dev in #​13312
• Grammar fixes by @​scop in #​13326
• Bump gh copilot telemetry sampling to 100% by @​williammartin in #​13362
• Record accessibility feature state in telemetry by @​williammartin in #​13363
• Poll TTY echo mode instead of sleeping in password tests by @​pdostal in #​13305
• Switch from actions/attest-build-provenance to actions/attest by @​scop in #​13325
• Fix skills acceptance tests by @​williammartin in #​13365
• Bump Go toolchain to 1.26.3 by @​Copilot in #​13367
• Trigger triage check-requirements on ready_for_review by @​BagToad in #​13383
• fix(copilot): hint to run copilot directly when exec fails by @​babakks in #​13393
• Update installation commands for GitHub CLI by @​sassdawe in #​13126
• Update CODEOWNERS for skills directory ownership by @​williammartin in #​13416
• fix(telemetry): prevent tzutil console flash on Windows by @​adehad in #​13353
• Fix bump-go.sh to tolerate missing toolchain directive by @​Copilot in #​12581
• docs: drop --repo gh-cli from dnf install lines by @​c-tonneslan in #​13444
• Remove third-party license debris by @​williammartin in #​13470
• Remove dependency on persistent token by @​williammartin in #​13474
• Remove discussion workflow by @​williammartin in #​13476
• Stop bumping homebrew on release by @​williammartin in #​13479
• build: update golang.org/x/crypto by @​tommaso-moro in #​13486
• Add 3 day dependabot cooldown period by @​williammartin in #​13488
• Run govulncheck daily instead of weekly by @​williammartin in #​13487
• SHA pin first-party GitHub Actions by @​williammartin in #​13491
• Link to Accessibility category for community discussions instead of ACR by @​mxie in #​13481
• docs: fix duplicated "of" in release-process-deep-dive by @​vip892766gma in #​13425
• chore(deps): bump golang.org/x/net from 0.54.0 to 0.55.0 by @​BagToad in #​13510
• docs: note immutable releases starting v2.93.0 by @​BagToad in #​13518
• fix CI attestation integration tests after rename by @​BagToad in #​13536

Dependencies

• chore(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 by @​dependabot[bot] in #​13297
• chore(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6 by @​dependabot[bot] in #​13328
• chore(deps): bump golang.org/x/sys from 0.43.0 to 0.44.0 by @​dependabot[bot] in #​13381
• chore(deps): bump golang.org/x/term from 0.42.0 to 0.43.0 by @​dependabot[bot] in #​13396
• chore(deps): bump google.golang.org/grpc from 1.80.0 to 1.81.0 by @​dependabot[bot] in #​13346
• chore(deps): bump golang.org/x/text from 0.36.0 to 0.37.0 by @​dependabot[bot] in #​13397
• chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0 by @​dependabot[bot] in #​13420
• chore(deps): bump google.golang.org/grpc from 1.81.0 to 1.81.1 by @​dependabot[bot] in #​13436
• chore(deps): bump goreleaser/goreleaser-action from 7.2.1 to 7.2.2 by @​dependabot[bot] in #​13461
• chore(deps): bump github/codeql-action from 4 to 4.35.5 by @​dependabot[bot] in #​13489
• chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.4.1 to 2.4.2 by @​dependabot[bot] in #​13462
• chore(deps): bump github.com/google/go-containerregistry from 0.21.5 to 0.21.6 by @​dependabot[bot] in #​13457

New Contributors

• @​pdostal made their first contribution in #​13303
• @​333fred made their first contribution in #​13068
• @​scop made their first contribution in #​13326
• @​sassdawe made their first contribution in #​13126
• @​adehad made their first contribution in #​13353
• @​c-tonneslan made their first contribution in #​13444
• @​tenjaa made their first contribution in #​13421
• @​mxie made their first contribution in #​13481
• @​vip892766gma made their first contribution in #​13425

Full Changelog: cli/cli@v2.92.0...v2.93.0

v0.134.0

v1.12.1

Compare Source

SECURITY ADVISORIES:

• Previous releases in the v1.12 series could be affected by several vulnerabilities:

  • ssh usage through OpenTofu generate hangs or panics.
  • Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.

  This is fixed now by (#​4145)

BUG FIXES:

• Address a bug introduced in v1.12.0 causing excessive memory usage by providers. (#​4126)
• Address a bug introduced in v1.12.0 where replace_triggered_by was validated incorrectly. (#​4133
• The Azure key provider will now accept the tenant_id, subscription_id, environment, and metadata_host variables; a bug previously only allowed these to be set through environment variables. (#​4091)

Full Changelog: https://github.com/opentofu/opentofu/blob/v1.12/CHANGELOG.md

v11.4.0

Compare Source

Minor Changes

• Treat tarball-integrity mismatches against the lockfile as a hard failure by default. Previously, pnpm install (non-frozen) would log ERR_PNPM_TARBALL_INTEGRITY, silently re-resolve from the registry, and overwrite the locked integrity — which meant a compromised registry, proxy, or republished version could substitute attacker-controlled content on a clean machine even though the project shipped a committed lockfile.

  pnpm install now exits with ERR_PNPM_TARBALL_INTEGRITY and a hint pointing at the new opt-in flag.

  The only opt-in is pnpm install --update-checksums — narrowly scoped to refreshing the locked integrity values from what the registry currently serves. Mirrors yarn's flag of the same name. A warning still prints when the bypass takes effect so the operation is auditable.

  --force and pnpm update deliberately do not bypass the integrity check. They are routine refresh operations; silently overwriting a locked integrity in those flows would erase the protection a committed lockfile is supposed to provide. --frozen-lockfile behavior is unchanged. --fix-lockfile keeps its documented purpose (filling in missing lockfile entries) and is also not a bypass.

• pnpm runtime set <name> <version> now saves the runtime to devEngines.runtime by default instead of engines.runtime. Pass --save-prod (or -P) to save it to engines.runtime instead #​11948.

Patch Changes

• Fix a credential disclosure issue where an unscoped _authToken (or _auth, or username + _password, or tokenHelper) defined in one source — ~/.npmrc, ~/.config/pnpm/auth.ini, a workspace .npmrc, CLI flags, etc. — would be sent as an Authorization header to whichever registry a different (potentially untrusted) source named. The same fix extends to client TLS credentials (cert, key) so they aren't presented to a registry their author didn't choose.

  pnpm now rewrites each unscoped per-registry setting (_authToken, _auth, username, _password, tokenHelper, cert, key) to its URL-scoped form at load time, using the registry= value declared in the same source (or the npmjs default registry if the source declares none). A later layer overriding registry= therefore cannot pull an unscoped credential along, because it is already pinned to the URL its author intended. ca/cafile are intentionally not rescoped — they're trust anchors, not credentials, and corporate MITM-proxy setups rely on them applying globally.

  Every rescope emits a deprecation warning telling the user where the setting was pinned and how to write it directly. npm has rejected unscoped credentials outright since npm@9, and pnpm intends to remove support in a future major release. To target a specific registry, write the setting URL-scoped (e.g. //registry.example.com/:_authToken=... or //registry.example.com/:cert=...).

  @pnpm/network.auth-header: removed the defaultRegistry parameter from createGetAuthHeaderByURI and getAuthHeadersFromCreds. Now that credentials are URL-scoped at load time, the merged configByUri never contains the empty-string "default registry" placeholder slot, so re-keying it onto the merged default registry is no longer needed.

• Fix pnpm deploy crashing with ENOENT: ... lstat '<deployDir>/node_modules' when configDependencies declares pacquet (pacquet or @pnpm/pacquet). The deploy directory never installs config dependencies, so the install engine they designate isn't on disk to invoke; the nested install now skips them.

• Reject git resolutions whose commit field is not a 40-character hexadecimal SHA before invoking git. A malicious lockfile could otherwise smuggle a value such as --upload-pack=<command> through git fetch / git checkout, which on SSH or local-file transports executes the supplied command.

• Limit concurrent project manifest reads while listing large workspaces to avoid EMFILE errors.

• Reject patch files whose diff --git headers reference paths outside the patched package directory. Previously a malicious .patch file added via a pull request could write, delete, or rename arbitrary files reachable by the user running pnpm install.

• Improve the log message that pnpm prints after auto-adding entries to minimumReleaseAgeExclude when minimumReleaseAge is set without minimumReleaseAgeStrict. The message previously referred to the internal "loose mode" terminology, which wasn't searchable in the docs; it now tells the user to set minimumReleaseAgeStrict to true if they want these updates gated behind a prompt instead #​11747.

• Reject dependency aliases that contain path-traversal segments (such as @x/../../../../../.git/hooks) when reading them from a package manifest or symlinking them into node_modules. A malicious registry package could otherwise use a transitive dependency key to make pnpm install create symlinks at attacker-chosen paths outside the intended node_modules directory.

• Reject pnpm-lock.yaml entries whose remote tarball resolution: block is missing the integrity field. Previously the worker that extracts a downloaded tarball skipped hash verification when no integrity was supplied and minted a fresh one from the unverified bytes, so an attacker who could both alter the lockfile (e.g. via a pull request that strips integrity:) and serve modified content at the referenced tarball URL could install a tampered package without any error — including under --frozen-lockfile. pnpm now fails closed at lockfile-read time with ERR_PNPM_MISSING_TARBALL_INTEGRITY. Git-hosted tarballs (gitHosted: true or a URL on codeload.github.com / bitbucket.org / gitlab.com) and file: tarballs are exempt — the commit SHA in a git-host URL and the user-controlled local path already anchor the bytes.

• Validate devEngines.runtime and engines.runtime version ranges for node, deno, and bun when onFail is set to error or warn. Previously these settings only had an effect with onFail: 'download' — the error and warn modes silently did nothing #​11818. Violations now throw ERR_PNPM_BAD_RUNTIME_VERSION.

• Require provenance before treating trusted publisher metadata as the strongest trust evidence.

v54.5.1

Compare Source

Patch Changes

• 57ea4ba: Reduce duplicate user and team lookups during CLI scope resolution.
• b66bd3e: Fix prebuilt deployments failing with "invalid relative path" when using the --standalone flag in pnpm monorepos by skipping external node_modules symlinks and copying traced files at their logical paths instead.
• 9ad632d: Handle CLI update flows safely for native binary installs.
• Updated dependencies [b66bd3e]
• Updated dependencies [0e04bc5]
• Updated dependencies [eecd10d]
  • @​vercel/build-utils@​13.26.3
  • @​vercel/python@​6.43.3
  • @​vercel/node@​5.8.6
  • @​vercel/backends@​0.8.1
  • @​vercel/elysia@​0.1.82
  • @​vercel/express@​0.1.92
  • @​vercel/fastify@​0.1.85
  • @​vercel/go@​3.8.0
  • @​vercel/h3@​0.1.91
  • @​vercel/hono@​0.2.85
  • @​vercel/hydrogen@​1.3.8
  • @​vercel/koa@​0.1.65
  • @​vercel/nestjs@​0.2.86
  • @​vercel/next@​4.17.4
  • @​vercel/redwood@​2.4.14
  • @​vercel/remix-builder@​5.8.3
  • @​vercel/ruby@​2.4.0
  • @​vercel/rust@​1.3.0
  • @​vercel/static-build@​2.9.32

v54.5.0

Compare Source

Minor Changes

• 6860c32: Add project manifest to rust builder.
• 2c17a12: Added --open and --view flags to vercel traces get. --open opens the trace in the Vercel Dashboard instead of printing the markdown summary. --view <timeline|tree|gantt> selects the dashboard view and is only valid with --open.

Patch Changes

• 620bcfa: Add --type, --service, and --search filter flags to vercel connect list.
• ff2a980: Add a vercel domains check subcommand for registrar availability and extend
  vercel domains price to support bulk price lookups for multiple domains.
• Updated dependencies [1318682]
• Updated dependencies [6860c32]
• Updated dependencies [e917989]
• Updated dependencies [baac149]
• Updated dependencies [ecf5033]
• Updated dependencies [73dbbe6]
• Updated dependencies [647c1e8]
• Updated dependencies [b1f766a]
  • @​vercel/python@​6.43.2
  • @​vercel/rust@​1.3.0
  • @​vercel/backends@​0.8.0
  • @​vercel/go@​3.8.0
  • @​vercel/node@​5.8.5
  • @​vercel/ruby@​2.4.0
  • @​vercel/build-utils@​13.26.2
  • @​vercel/elysia@​0.1.81
  • @​vercel/express@​0.1.91
  • @​vercel/fastify@​0.1.84
  • @​vercel/h3@​0.1.90
  • @​vercel/hono@​0.2.84
  • @​vercel/koa@​0.1.64
  • @​vercel/nestjs@​0.2.85
  • @​vercel/hydrogen@​1.3.7
  • @​vercel/next@​4.17.4
  • @​vercel/redwood@​2.4.13
  • @​vercel/remix-builder@​5.8.2
  • @​vercel/static-build@​2.9.31

v4.95.0

Compare Source

Minor Changes

• #​14009 ca5b604 Thanks @​dario-piotrowicz! - Add telemetry for detecting whether AI coding agents have Cloudflare skills installed

  Wrangler now includes a currentAgentSkillsInstalled property in telemetry events that reports whether the current AI coding agent has Cloudflare skills present on disk. The value distinguishes between skills installed automatically by Wrangler ("automatic"), skills installed manually by the user ("manual"), no skills present (false), or no supported agent detected (null). Skill names are fetched from the GitHub Contents API with a 24-hour disk cache to avoid rate limits.

• #​14014 d042705 Thanks @​emily-shen! - Add --x-deploy-helpers to gate an upcoming deploy path refactor.

Patch Changes

• #​14003 c1fd2fd Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260521.1	1.20260526.1

• #​13728 49c1a59 Thanks @​penalosa! - Reject remote: false on always-remote bindings (AI, AI Search, Media, Artifacts, Flagship, VPC Service, VPC Network)

  These binding types have no local simulator and the resource is fundamentally remote-only. Setting remote: false was previously silently accepted but produced a non-functional binding. wrangler dev now fails with a clear error directing users to either remove the remote field or set it to true.

• #​14039 fee1ce4 Thanks @​dario-piotrowicz! - Preserve --compatibility-flags in the interactive deploy config flow

  When running wrangler deploy without a config file and going through the interactive setup flow, any --compatibility-flags passed on the command line (e.g. --compatibility-flags=nodejs_compat) were lost in two places:

  1. The generated wrangler.jsonc file did not include compatibility_flags.
  2. The suggested CLI command shown when declining the config file write did not include --compatibility-flags.

  Both are now fixed. Compatibility flags are persisted to the generated config and included in the suggested command.

• #​14010 b3962ff Thanks @​dario-piotrowicz! - Improve error messages for Pages CLI commands

  Error messages across wrangler pages subcommands (deploy, dev, secret, project, etc.) now provide clearer descriptions and actionable guidance. For example, instead of "Must specify a project name.", you'll now see "Missing Pages project name. Use --project-name or set the name in your wrangler.jsonc configuration file."

• #​14011 420e457 Thanks @​petebacondarwin! - Warn when a remote-bindings request is blocked by Cloudflare Access

  When wrangler dev is used with remote bindings and a request from the local remote-bindings proxy client to the remote workers.dev proxy server is blocked by Cloudflare Access (HTTP 403 with the Cloudflare Access block page), Wrangler now:

  • Logs a single, visually striking warning per dev session explaining how to set CLOUDFLARE_ACCESS_CLIENT_ID / CLOUDFLARE_ACCESS_CLIENT_SECRET (Service Token credentials) or run cloudflared access login to authenticate.
  • Replaces the original Access HTML block page with a readable plain-text body containing the same guidance, so the message also reaches the user via binding error messages (e.g. InferenceUpstreamError from env.AI.run()) and any browser response piped back via a service binding .fetch().

  Previously the 403 was returned to user code with the full Access HTML, which both drowned out other logs and made it hard to tell that the failure was due to Cloudflare Access on workers.dev rather than a problem in the binding itself or the deployed proxy server. The detection runs inside the proxy client worker (which only ever talks to the remote-bindings proxy URL), so it does not trigger false positives on user-worker 403s.

• #​14044 8b1467e Thanks @​pombosilva! - Rename Workflow binding schedule property to schedules

  The schedule property on Workflow bindings introduced in #​13467 has been renamed to schedules to match the control plane API.

  Note: This remains a configuration-only change. Scheduled triggering of Workflow instances is not yet available — adding schedules to a Workflow binding will not result in scheduled invocations at this time.

• Updated dependencies [c1fd2fd, 420e457]:

  • miniflare@​4.20260526.0