Version 2.2.5
- remove IE support, removed all polyfills
- update tooling, added Deno for lint, format, added rolldown for build, removed eslint, rollup, plugins, and others
- updated dependencies and components
- fixed all lint issues
- updated docs
- added publish workflow
- Bump terser from 5.14.1 to 5.14.2 by @dependabot[bot] in https://github.com/thednp/kute.js/pull/112
- Bump json5 from 1.0.1 to 1.0.2 by @dependabot[bot] in https://github.com/thednp/kute.js/pull/117
- Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot[bot] in https://github.com/thednp/kute.js/pull/121
- Bump rollup from 2.75.7 to 3.29.5 by @dependabot[bot] in https://github.com/thednp/kute.js/pull/124
- Bump js-yaml, eslint and eslint-config-airbnb-base by @dependabot[bot] in https://github.com/thednp/kute.js/pull/129
- Bump lodash from 4.17.21 to 4.17.23 by @dependabot[bot] in https://github.com/thednp/kute.js/pull/130
- @dependabot[bot] made their first contribution in https://github.com/thednp/kute.js/pull/112
Full Changelog: https://github.com/thednp/kute.js/compare/2.0.16...2.2.5
v16.2.0-canary.13
- /pr-status (former /ci-failures): fetch PR reviews too: #89082
- Improve /pr-status: comments, argument, avoid full log: #89092
- chore(ci): rename 'new tests' jobs to 'new and changed tests': #89054
- Turbopack: Add postcss.config.ts support: #89049
Huge thanks to @sokra and @timneutkens for helping!
v4.11.7
This release includes security fixes for multiple vulnerabilities in Hono and related middleware. We recommend upgrading if you are using any of the affected components.
Fixed an IPv4 address validation bypass that could allow IP-based access control to be bypassed under certain configurations.
Fixed an issue where responses marked with Cache-Control: private or no-store could be cached, potentially leading to information disclosure on some runtimes.
Fixed an issue that could allow unintended access to internal asset keys when serving static files with user-controlled paths.
Fixed a reflected Cross-Site Scripting (XSS) issue in the ErrorBoundary component that could occur when untrusted strings were rendered without proper escaping.
Users are encouraged to upgrade to this release, especially if they:
- Use IP Restriction Middleware
- Use Cache Middleware on Deno, Bun, or Node.js
- Use Serve Static Middleware with user-controlled paths on Cloudflare Workers
- Render untrusted data inside
ErrorBoundarycomponents
-
IP Restriction Middleware – IPv4 address validation bypass
- Advisory: https://github.com/honojs/hono/security/advisories/GHSA-r354-f388-2fhh
- CVE: CVE-2026-24398
-
Cache Middleware ignores
Cache-Control: private- Advisory: https://github.com/honojs/hono/security/advisories/GHSA-6wqw-2p9w-4vw4
- CVE: CVE-2026-24472
-
Serve Static Middleware (Cloudflare Workers adapter) – Arbitrary key read
- Advisory: https://github.com/honojs/hono/security/advisories/GHSA-w332-q679-j88p
- CVE: CVE-2026-24473
-
hono/jsx
ErrorBoundary– Cross-Site Scripting (XSS)- Advisory: https://github.com/honojs/hono/security/advisories/GHSA-9r54-q6cx-xmh5
- CVE: Pending
Full Changelog: https://github.com/honojs/hono/compare/v4.11.6...v4.11.7
v1.7.4
- feat: support import and export string specifier by @JSerFeng in https://github.com/web-infra-dev/rspack/pull/12759
- feat(mf): add async startup promise gating for entrypoints by @ScriptedAlchemy in https://github.com/web-infra-dev/rspack/pull/11899
- fix:
require.resolve()replaced asrequire()by @intellild in https://github.com/web-infra-dev/rspack/pull/12773 - fix: handle
rs.requireActualandrs.importActualin all contexts by @9aoy in https://github.com/web-infra-dev/rspack/pull/12806 - fix(mf): filter runtime plugin invocation for used exports by @ahabhgk in https://github.com/web-infra-dev/rspack/pull/12807
- fix: fix panic caused by missing lazy dependency by @hardfist in https://github.com/web-infra-dev/rspack/pull/12820
- fix(mf): use dynamic exports type for MF modules (cherry-pick #12841) by @ahabhgk in https://github.com/web-infra-dev/rspack/pull/12848
- fix: normalize paths for extract source map (cherry-pick #12825) by @ahabhgk in https://github.com/web-infra-dev/rspack/pull/12847
- fix: enable panic backtrace for release-debug by @hardfist in https://github.com/web-infra-dev/rspack/pull/12854
- fix: should not panic when accessing slate stats for Rspack 1.x by @SyMind in https://github.com/web-infra-dev/rspack/pull/12853
- fix(mf): cherry pick mf manifest improving to v1.x by @2heal1 in https://github.com/web-infra-dev/rspack/pull/12851
- refactor: use readonly ref in runtime requirements in tree hook by @stormslowly in https://github.com/web-infra-dev/rspack/pull/12789
- refactor: introduce ArtifactExt trait by @hardfist in https://github.com/web-infra-dev/rspack/pull/12800
- refactor: to use &Compilation in AdditionalTreeRuntimeRequirementsHook by @stormslowly in https://github.com/web-infra-dev/rspack/pull/12801
- refactor: differentiate snapshot strategies by dependency type by @jerrykingxyz in https://github.com/web-infra-dev/rspack/pull/12805
- chore: update Node.js version in .nvmrc to 22 by @chenjiahan in https://github.com/web-infra-dev/rspack/pull/12797
- chore: enable fair sched for codspeed by @CPunisher in https://github.com/web-infra-dev/rspack/pull/12798
- chore: try to make wasm test more stable by @CPunisher in https://github.com/web-infra-dev/rspack/pull/12795
- chore: disable generation of wasm binding by @CPunisher in https://github.com/web-infra-dev/rspack/pull/12802
- chore(test): uniform all time to
X msby @stormslowly in https://github.com/web-infra-dev/rspack/pull/12790 - test: hideSkippedTestFiles by @9aoy in https://github.com/web-infra-dev/rspack/pull/12812
- test: skip native watcher test case for skip chunk build case by @stormslowly in https://github.com/web-infra-dev/rspack/pull/12858
- @intellild made their first contribution in https://github.com/web-infra-dev/rspack/pull/12773
Full Changelog: https://github.com/web-infra-dev/rspack/compare/v1.7.3...v1.7.4
v3.11.8
Please try Vuetify 4 alpha, we would appreciate any feedback on the changes.
v2.0.0-alpha.0
- Support trail render by @GuoLei1990 in https://github.com/galacean/engine/pull/2873
- Fix audio play when stop and pause by @GuoLei1990 in https://github.com/galacean/engine/pull/2875
- Fix audio catch error by @zhuxudong in https://github.com/galacean/engine/pull/2876
- Fix resume audio on visibilitychange after tab/background by @GuoLei1990 in https://github.com/galacean/engine/pull/2882
- Load params in resource loader by @zhuxudong in https://github.com/galacean/engine/pull/2881
- feat(physics):support MeshColliderShape by @luzhuang in https://github.com/galacean/engine/pull/2880
- Fixed some assets were not cached. by @cptbtptpbcptdtptp in https://github.com/galacean/engine/pull/2883
- fix(animation): allow anyState transitions to interrupt crossFade & fix transition bugs by @luzhuang in https://github.com/galacean/engine/pull/2885
Full Changelog: https://github.com/galacean/engine/compare/v1.6.13...v2.0.0-alpha.0
v4.57.0
2026-01-27
- Add import attributes to all plugin hooks that did not provide them yet (#5700)
- Deprecate returning import attributes from
loadortransformhooks as that will no longer be supported with rollup 5 (#5700)
- #5700: extend more hooks to include import attributes and add warnings (@TrickyPi, @lukastaegert)
- #6243: fix(deps): update swc monorepo (major) (@renovate[bot], @lukastaegert)
- #6244: fix(deps): lock file maintenance minor/patch updates (@renovate[bot], @lukastaegert)
- #6245: chore(deps): lock file maintenance (@renovate[bot])
- #6246: Refactor to reduce Rollup 5 upgrade diff (@lukastaegert)
v2.0.0-alpha.1
- feat!: revert enable verbatimModuleSyntax by @hardfist in https://github.com/web-infra-dev/rspack/pull/12846
- feat: improve external module rendering by @JSerFeng in https://github.com/web-infra-dev/rspack/pull/12813
- feat: builtin react server component by @SyMind in https://github.com/web-infra-dev/rspack/pull/12012
- feat: expose dependency loc to js by @JSerFeng in https://github.com/web-infra-dev/rspack/pull/12840
- fix(template): add @rspack/dev-server to dev dependencies by @LingyuCoder in https://github.com/web-infra-dev/rspack/pull/12821
- fix: normalize paths for extract source map by @ahabhgk in https://github.com/web-infra-dev/rspack/pull/12825
- fix(mf): use dynamic exports type for MF modules by @ahabhgk in https://github.com/web-infra-dev/rspack/pull/12841
- fix: should not panic when access slate stats by @SyMind in https://github.com/web-infra-dev/rspack/pull/12839
- fix(mf): prevent entry-specific chunks from polluting manifest assets and refactor manifest generation by @2heal1 in https://github.com/web-infra-dev/rspack/pull/12836
- refactor: align IncrementalPass with rspack hooks naming by @hardfist in https://github.com/web-infra-dev/rspack/pull/12817
- refactor: remove misleadning naming and adjust cache call place by @hardfist in https://github.com/web-infra-dev/rspack/pull/12818
- refactor: unify persistent_cache and memory_cache recover logic by @hardfist in https://github.com/web-infra-dev/rspack/pull/12829
- refactor: additional chunk runtime requirements hook use readonly compilation ref by @stormslowly in https://github.com/web-infra-dev/rspack/pull/12828
- refactor: move recover build_chunk_graph into artifact by @hardfist in https://github.com/web-infra-dev/rspack/pull/12835
- docs: update externals function callback about
booleantype by @9aoy in https://github.com/web-infra-dev/rspack/pull/12824 - docs: add tip for devtool's cheap modifier in production build by @SyMind in https://github.com/web-infra-dev/rspack/pull/12849
- release: version 2.0.0-alpha.0 by @LingyuCoder in https://github.com/web-infra-dev/rspack/pull/12815
- chore(ci): read size limit threshold from env variable by @stormslowly in https://github.com/web-infra-dev/rspack/pull/12822
- chore(deps): update dependency lodash-es to v4.17.23 [security] by @renovate[bot] in https://github.com/web-infra-dev/rspack/pull/12833
- chore(test): exclude flaky native watch test case by @stormslowly in https://github.com/web-infra-dev/rspack/pull/12837
Full Changelog: https://github.com/web-infra-dev/rspack/compare/v2.0.0-alpha.0...v2.0.0-alpha.1
@fluentui/react-focus v8.10.4
- Bump @fluentui/style-utilities to v8.14.0 (PR #35643 by Anush2303)