Thanks to visit codestin.com
Credit goes to github.com

Skip to content

2026.006

Choose a tag to compare

@github-actions github-actions released this 04 Jun 00:31
254563d

CalVer release notes

Summary

This promotion brings three commits to production since CalVer tag 2026.005: a security patch for React Router, targeted code-quality fixes in setup and mobile help flows, and restored 100% package test coverage after the Vitest 4 upgrade. The headline change for adopters is upgrading react-router-dom to 6.30.4, which addresses open-redirect vulnerability CVE-2026-40181. There are no new database migrations, required secrets, or pending npm changesets in this release.

Highlights

  • Security: Upgrade react-router-dom to 6.30.4 across web, admin, and articles packages (CVE-2026-40181) (#398)
  • Mobile: Scope lazy-loaded ProfileEditor state to the component instead of module-level mutable state (#399)
  • Setup & help: Use path-based main-module detection in setup-full.mjs; parse help markdown synchronously via marked.lexer / marked.parser (#399)
  • Testing / CI: Restore 100% package coverage under Vitest 4 with targeted tests for async cancellation, dynamic import fallbacks, and edge-case branches in billing, admin, connections, observability, kit, shared, and waitlist packages (#400)

Stats: 3 commits, +453 / −42 lines across 21 files.

Adopter notes

Area Action
Secrets None new
Database No new migrations
Likely merge conflicts package-lock.json, apps/web/package.json, packages/admin/package.json, packages/articles/package.json (react-router bump); fork-customized scripts/setup-full.mjs, apps/mobile/src/screens/ProfileScreen.tsx
npm packages None — no pending changesets

2026.006 — 2026-06-04

Fixes

  • Restore 100% package coverage after Vitest 4 upgrade (#400) (#400)

  • Address Copilot coverage test quality on #401 (#402) (#402)