JavaGolangJavaScriptSwiftAndroidRustMiddleware
12 hours ago
axios
axios

v0.31.0

This release backports security fixes from v1.x, hardens the CI/CD supply chain with OIDC publishing and zizmor scanning, resolves TypeScript typing issues in AxiosInstance, and fixes a performance regression in isEmptyObject().

🔒 Security Fixes

  • Header Injection & Proxy Bypass: Backports v1 security hardening — sanitizes outgoing header values to strip invalid bytes, CRLF sequences, and boundary whitespace (including array values); adds proper NO_PROXY/no_proxy enforcement covering wildcards, explicit ports, loopback aliases (localhost, 127.0.0.1, ::1), bracketed IPv6, and trailing-dot hostnames. Proxy bypass is now checked before the proxy URL is parsed, and parsed.host is used for correct port and IPv6 handling. (#10688)

  • CI Security: SHA-pins all actions and disables credential persistence in v0.x CI, introduces zizmor security scanning with SARIF upload to code scanning, adds an OIDC Trusted Publishing workflow with npm provenance attestations, and gates all publishes behind a required npm-publish GitHub Environment with configurable reviewer protections. (#10638, #10639, #10667)

🐛 Bug Fixes

  • TypeScript — AxiosInstance Return Types: Fixes return types in AxiosInstance methods to correctly resolve to Promise<R> (matching AxiosPromise<T> semantics), and corrects the generic call signature so TypeScript properly enforces the response data type. TypeScript-only changes; no runtime impact. (#6253, #7328)

  • Performance: Fixes a performance regression in isEmptyObject() that caused excessive computation when the argument was a large string. (#6484)

🔧 Maintenance & Chores

  • Versioning & CI Workflow: Adds an automated versioning flow for v0.x, renames the CI workflow for consistency with the v1.x naming convention, and corrects the branch name reference in CI config. (#10690, #10691, #10692)

🌟 New Contributors

We are thrilled to welcome our new contributors. Thank you for helping improve axios:

  • @nakataki17 (#6253)
  • @gmasclet (#6484)
  • @shaanmajid (#10638, #10639, #10667)
  • @ivan-churakov (#7328)

Full Changelog

21 hours ago
formatjs
formatjs

formatjs_cli_v1.1.1

FormatJS Rust CLI Release

Binaries

  • macOS Apple Silicon: formatjs_cli-darwin-arm64
  • Linux x86_64: formatjs_cli-linux-x64

Installation

# macOS (Apple Silicon)
curl -LO https://github.com/formatjs/formatjs/releases/download/formatjs_cli_v1.1.1/formatjs_cli-darwin-arm64
chmod +x formatjs_cli-darwin-arm64
sudo mv formatjs_cli-darwin-arm64 /usr/local/bin/formatjs

# Linux
curl -LO https://github.com/formatjs/formatjs/releases/download/formatjs_cli_v1.1.1/formatjs_cli-linux-x64
chmod +x formatjs_cli-linux-x64
sudo mv formatjs_cli-linux-x64 /usr/local/bin/formatjs

Verification

Verify the checksums:

curl -LO https://github.com/formatjs/formatjs/releases/download/formatjs_cli_v1.1.1/checksums.txt
shasum -a 256 -c checksums.txt
21 hours ago
router
TanStack

Release 2026-04-12 00:35

Release 2026-04-12 00:35

Changes

Chore

  • add vite 8 to peer deps (#7160) (656a2a040e) by @schiller-manuel
  • stabilize tests (#7159) (55201ad69d) by @schiller-manuel

Packages

  • @tanstack/react-start@1.167.32
  • @tanstack/react-start-rsc@0.0.12
  • @tanstack/router-plugin@1.167.18
  • @tanstack/router-vite-plugin@1.166.33
  • @tanstack/solid-start@1.167.30
  • @tanstack/start-plugin-core@1.167.29
  • @tanstack/vue-start@1.167.30
22 hours ago
next.js
vercel

v16.2.1-canary.33

Core Changes

  • feat(turbopack): add LocalPathOrProjectPath PostCSS config resolution: #91338
  • Fix segment explorer file pill accessibility: #92608
  • Perf: Only instrument clientComponentLoadTimes when used: #91385

Misc Changes

  • Remove a ton of turbo task functions from Issue trait items: #92623
  • feat(turbopack): change DiskFileSystem root to Vc for portable cache: #92603
  • Turbopack: remove unused ChunkableModules struct: #92606
  • Disable sccache temporarily: #92657

Credits

Huge thanks to @lukesandberg, @sokra, @mischnic, @timneutkens, and @mmastrac for helping!

1 days ago
router
TanStack

Release 2026-04-11 21:35

Release 2026-04-11 21:35

Changes

Chore

  • bump to h3 v2 rc.20 (#7140) (0e2c9003c1) by @birkskyum

Packages

  • @tanstack/react-router@1.168.18
  • @tanstack/react-start@1.167.31
  • @tanstack/react-start-client@1.166.35
  • @tanstack/react-start-rsc@0.0.11
  • @tanstack/react-start-server@1.166.36
  • @tanstack/router-cli@1.166.30
  • @tanstack/router-core@1.168.14
  • @tanstack/router-generator@1.166.29
  • @tanstack/router-plugin@1.167.17
  • @tanstack/router-vite-plugin@1.166.32
  • @tanstack/solid-router@1.168.17
  • @tanstack/solid-start@1.167.29
  • @tanstack/solid-start-client@1.166.33
  • @tanstack/solid-start-server@1.166.34
  • @tanstack/start-client-core@1.167.16
  • @tanstack/start-plugin-core@1.167.28
  • @tanstack/start-server-core@1.167.18
  • @tanstack/start-static-server-functions@1.166.32
  • @tanstack/start-storage-context@1.166.28
  • @tanstack/vue-router@1.168.17
  • @tanstack/vue-start@1.167.29
  • @tanstack/vue-start-client@1.166.33
  • @tanstack/vue-start-server@1.166.34
1 days ago
router
TanStack

Release 2026-04-11 18:18

Release 2026-04-11 18:18

Changes

Fix

  • reduce start SSR manifest asset duplication (#7157) (812792fbda) by @schiller-manuel

Packages

  • @tanstack/react-router@1.168.17
  • @tanstack/react-start@1.167.30
  • @tanstack/react-start-client@1.166.34
  • @tanstack/react-start-rsc@0.0.10
  • @tanstack/react-start-server@1.166.35
  • @tanstack/router-cli@1.166.29
  • @tanstack/router-core@1.168.13
  • @tanstack/router-generator@1.166.28
  • @tanstack/router-plugin@1.167.16
  • @tanstack/router-vite-plugin@1.166.31
  • @tanstack/solid-router@1.168.16
  • @tanstack/solid-start@1.167.28
  • @tanstack/solid-start-client@1.166.32
  • @tanstack/solid-start-server@1.166.33
  • @tanstack/start-client-core@1.167.15
  • @tanstack/start-plugin-core@1.167.27
  • @tanstack/start-server-core@1.167.17
  • @tanstack/start-static-server-functions@1.166.31
  • @tanstack/start-storage-context@1.166.27
  • @tanstack/vue-router@1.168.16
  • @tanstack/vue-start@1.167.28
  • @tanstack/vue-start-client@1.166.32
  • @tanstack/vue-start-server@1.166.33
1 days ago
slate
ianstormtaylor

slate-dom@0.124.1

Patch Changes

  • #6040 20a1a937 Thanks @12joan! - - Harden property accessors against untrusted keys
    • Fix incorrect argument types for the compare and merge options of Transforms.setNodes
1 days ago
slate
ianstormtaylor

slate@0.124.1

Patch Changes

  • #6040 20a1a937 Thanks @12joan! - - Harden property accessors against untrusted keys
    • Fix incorrect argument types for the compare and merge options of Transforms.setNodes
1 days ago
query
TanStack

Release 2026-04-11 17:58

Release 2026-04-11 17:58

Changes

Features

  • vue-query: add 'mutationOptions' (#10381) (f279ad248) by @sukvvon

Packages

  • @tanstack/angular-query-experimental@5.99.0
  • @tanstack/eslint-plugin-query@5.99.0
  • @tanstack/preact-query@5.99.0
  • @tanstack/preact-query-devtools@5.99.0
  • @tanstack/preact-query-persist-client@5.99.0
  • @tanstack/query-async-storage-persister@5.99.0
  • @tanstack/query-broadcast-client-experimental@5.99.0
  • @tanstack/query-core@5.99.0
  • @tanstack/query-devtools@5.99.0
  • @tanstack/query-persist-client-core@5.99.0
  • @tanstack/query-sync-storage-persister@5.99.0
  • @tanstack/react-query@5.99.0
  • @tanstack/react-query-devtools@5.99.0
  • @tanstack/react-query-next-experimental@5.99.0
  • @tanstack/react-query-persist-client@5.99.0
  • @tanstack/solid-query@5.99.0
  • @tanstack/solid-query-devtools@5.99.0
  • @tanstack/solid-query-persist-client@5.99.0
  • @tanstack/svelte-query@6.1.16
  • @tanstack/svelte-query-devtools@6.1.16
  • @tanstack/svelte-query-persist-client@6.1.16
  • @tanstack/vue-query@5.99.0
  • @tanstack/vue-query-devtools@6.1.16
1 days ago
query
TanStack

@tanstack/vue-query-devtools@6.1.16

Patch Changes

  • Updated dependencies [f279ad2]:
    • @tanstack/vue-query@5.99.0
    • @tanstack/query-devtools@5.99.0