2026.006
CalVer release notes
Summary
This promotion brings three commits to production since CalVer tag 2026.005: a security patch for React Router, targeted code-quality fixes in setup and mobile help flows, and restored 100% package test coverage after the Vitest 4 upgrade. The headline change for adopters is upgrading react-router-dom to 6.30.4, which addresses open-redirect vulnerability CVE-2026-40181. There are no new database migrations, required secrets, or pending npm changesets in this release.
Highlights
- Security: Upgrade
react-router-domto 6.30.4 across web, admin, and articles packages (CVE-2026-40181) (#398) - Mobile: Scope lazy-loaded
ProfileEditorstate to the component instead of module-level mutable state (#399) - Setup & help: Use path-based main-module detection in
setup-full.mjs; parse help markdown synchronously viamarked.lexer/marked.parser(#399) - Testing / CI: Restore 100% package coverage under Vitest 4 with targeted tests for async cancellation, dynamic import fallbacks, and edge-case branches in billing, admin, connections, observability, kit, shared, and waitlist packages (#400)
Stats: 3 commits, +453 / −42 lines across 21 files.
Adopter notes
| Area | Action |
|---|---|
| Secrets | None new |
| Database | No new migrations |
| Likely merge conflicts | package-lock.json, apps/web/package.json, packages/admin/package.json, packages/articles/package.json (react-router bump); fork-customized scripts/setup-full.mjs, apps/mobile/src/screens/ProfileScreen.tsx |
| npm packages | None — no pending changesets |
- Landing: https://beakerstack.com
- Quick start: https://github.com/Artificer-Innovations/BeakerStack/blob/main/QUICKSTART.md
- Feedback: https://github.com/Artificer-Innovations/BeakerStack/discussions
- Upgrade guide: https://github.com/Artificer-Innovations/BeakerStack/blob/main/docs/UPGRADING.md