Skip to content

v1.3.4 - Dependency updates, CI Health & Security patches#82

Merged
neverinfamous merged 7 commits intomainfrom
release/v1.3.4-fix-v3
Apr 6, 2026
Merged

v1.3.4 - Dependency updates, CI Health & Security patches#82
neverinfamous merged 7 commits intomainfrom
release/v1.3.4-fix-v3

Conversation

@neverinfamous
Copy link
Copy Markdown
Owner

@neverinfamous neverinfamous commented Apr 6, 2026

v1.3.4

Highlights

  • Dependency Updates: Secured all NPM dependencies to their latest compatible versions, resolving multiple Dependabot CVEs without manual intervention.
  • Documentation Refinements: Synched platform limits to comply with Docker Hub validation lengths and included an environment setup template.
  • CI Health Improvements: Updated Docker actions to Node 24 runtimes ahead of deprecation, pinned security actions, and added Dependabot support for Docker base images.

CI/CD

  • CI Health: Updated Docker actions (docker/build-push-action@v7, setup-buildx-action@v4, login-action@v4, metadata-action@v6) to native Node 24 runtimes to comply with the upcoming June 2026 deprecation deadline.
  • CI Health: Pinned trufflesecurity/trufflehog to exact version @v3.94.2 to avoid floating reference risks.
  • CI Health: Added docker package ecosystem to Dependabot configuration to receive base image updates.
  • Workflows: Removed failing agentic maintenance workflows (docs drift, dependency maintenance, ci health, agentics-maintenance) to prevent CI pipeline blocking.

Documentation

  • Doc Audit: Refined repository documentation, fixed Docker Hub character limits on DOCKER_README.md, and created .env.example.

Changed

  • Dependency Updates: Updated npm dependencies to their latest wanted/latest compatible versions.

Security

  • Dependabot: Fixed Prototype Pollution via parse() in NodeJS flatted.
  • Dependabot: Fixed a malicious WebSocket 64-bit length handling issue in Undici that could overflow the parser and crash the client.
  • Dependabot: Fixed an HTTP Request/Response Smuggling issue in Undici.
  • Dependabot: Fixed a CRLF injection issue in undici via the upgrade option.
  • Dependabot: Fixed incorrect glob matching in picomatch caused by method injection in POSIX character classes.

Compare: v1.3.3...v1.3.4

Copilot AI review requested due to automatic review settings April 6, 2026 12:47
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages bot commented Apr 6, 2026

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs		 do-manager 02517ff Apr 06 2026, 12:48 PM

This comment was marked as resolved.

Sign in to view

@neverinfamous neverinfamous merged commit b46e16d into main Apr 6, 2026
17 checks passed
@neverinfamous neverinfamous deleted the release/v1.3.4-fix-v3 branch April 6, 2026 12:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@neverinfamous