@checkstack/auth-backend 0.4.25 → 0.4.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +23 -0
- package/package.json +8 -7
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,28 @@
|
|
|
1
1
|
# @checkstack/auth-backend
|
|
2
2
|
|
|
3
|
+
## 0.4.26
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 080627f: Pin `kysely` to `^0.28.17` as a direct dependency to resolve CVE-2026-44635
|
|
8
|
+
(JSON-path traversal injection via unsanitized path-leg metacharacters in
|
|
9
|
+
`JSONPathBuilder.key()` / `.at()`). better-auth lists kysely as a peer
|
|
10
|
+
dependency, and Bun was auto-resolving it through the optionalPeers
|
|
11
|
+
mechanism — pinning here keeps us inside better-auth's peer range
|
|
12
|
+
(`^0.28.5`) while picking up the fix.
|
|
13
|
+
|
|
14
|
+
Two unrelated transitive vulnerabilities (`fast-uri` 3.1.0 → 3.1.2 covering
|
|
15
|
+
CVE-2026-6321/6322, `protobufjs` 7.5.5 → 7.5.8 covering
|
|
16
|
+
CVE-2026-44289/44290/44291/44293) were resolved by a plain lockfile refresh
|
|
17
|
+
and do not require package version bumps.
|
|
18
|
+
|
|
19
|
+
- Updated dependencies [9016526]
|
|
20
|
+
- @checkstack/common@0.10.0
|
|
21
|
+
- @checkstack/auth-common@0.7.0
|
|
22
|
+
- @checkstack/notification-common@1.1.0
|
|
23
|
+
- @checkstack/backend-api@0.15.2
|
|
24
|
+
- @checkstack/command-backend@0.1.26
|
|
25
|
+
|
|
3
26
|
## 0.4.25
|
|
4
27
|
|
|
5
28
|
### Patch Changes
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@checkstack/auth-backend",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.26",
|
|
4
4
|
"license": "Elastic-2.0",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "src/index.ts",
|
|
@@ -15,21 +15,22 @@
|
|
|
15
15
|
"test": "bun test"
|
|
16
16
|
},
|
|
17
17
|
"dependencies": {
|
|
18
|
-
"@checkstack/auth-common": "0.6.
|
|
19
|
-
"@checkstack/backend-api": "0.15.
|
|
20
|
-
"@checkstack/notification-common": "1.0.
|
|
21
|
-
"@checkstack/command-backend": "0.1.
|
|
18
|
+
"@checkstack/auth-common": "0.6.6",
|
|
19
|
+
"@checkstack/backend-api": "0.15.1",
|
|
20
|
+
"@checkstack/notification-common": "1.0.2",
|
|
21
|
+
"@checkstack/command-backend": "0.1.25",
|
|
22
22
|
"better-auth": "^1.4.7",
|
|
23
23
|
"drizzle-orm": "^0.45.0",
|
|
24
24
|
"hono": "^4.12.14",
|
|
25
|
+
"kysely": "^0.28.17",
|
|
25
26
|
"jose": "^6.1.3",
|
|
26
27
|
"zod": "^4.2.1",
|
|
27
|
-
"@checkstack/common": "0.
|
|
28
|
+
"@checkstack/common": "0.9.0",
|
|
28
29
|
"@orpc/server": "^1.13.2"
|
|
29
30
|
},
|
|
30
31
|
"devDependencies": {
|
|
31
32
|
"@checkstack/drizzle-helper": "0.0.5",
|
|
32
|
-
"@checkstack/scripts": "0.3.
|
|
33
|
+
"@checkstack/scripts": "0.3.1",
|
|
33
34
|
"@checkstack/tsconfig": "0.0.7",
|
|
34
35
|
"@types/node": "^20.0.0",
|
|
35
36
|
"drizzle-kit": "^0.31.10",
|