Skip to content

v0.0.3

Latest
Latest

Choose a tag to compare

View all tags
@peteski22 peteski22 released this 18 Nov 15:44
v0.0.3
465965b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release v0.0.3

This release includes security fixes and infrastructure improvements.

🔒 Security Fixes

Transitive Dependency Updates

  • CVE-2025-64718 (js-yaml): Fixed prototype pollution vulnerability (CVSS 5.3)
    • Updated js-yaml from 4.1.0 to 4.1.1 via dependency updates
  • CVE-2025-64756 (glob): Fixed command injection vulnerability (High severity)
    • Eliminated by upgrading @vitest/coverage-v8 to v4.0.10

SDK Update

  • Updated @mozilla-ai/mcpd from 0.0.2 to 0.0.3 (#10)
    • Incorporates the above security patches from SDK dependencies

📦 Dependency Updates

  • Bump js-yaml from 4.1.0 to 4.1.1 (#6)
  • Bump glob and @vitest/coverage-v8 (#7)
  • Bump vite from 7.1.10 to 7.1.11 (#5)

🔧 Infrastructure Changes

  • Use Node.js 22.x in CI and require >=22.10.0 in package.json (#9)
  • Improve lint commands and CI consistency (#8)

Full Changelog: v0.0.2...v0.0.3

Assets 2
Loading