agentvibes 2.14.15 → 2.14.16

package/.claude/github-star-reminder.txt

@@ -1 +1 @@
-20251201
+20251202

package/README.md

@@ -11,7 +11,7 @@
 [![Publish](https://github.com/paulpreibisch/AgentVibes/actions/workflows/publish.yml/badge.svg)](https://github.com/paulpreibisch/AgentVibes/actions/workflows/publish.yml)
 [![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 
-**Author**: Paul Preibisch ([@997Fire](https://x.com/997Fire)) | **Version**: v2.14.15
+**Author**: Paul Preibisch ([@997Fire](https://x.com/997Fire)) | **Version**: v2.14.16
 
 ---
 

package/RELEASE_NOTES.md

@@ -1,3 +1,20 @@
+# Release v2.14.16 - Security Hardening & Dependency Updates
+
+**Release Date:** 2025-12-02
+**Type:** Patch Release (Security)
+
+## AI Summary
+
+AgentVibes v2.14.16 hardens repository security with Dependabot automated dependency updates, CodeQL security scanning, and fixes a moderate prototype pollution vulnerability in js-yaml. GitHub security features including Dependabot alerts and security updates are now enabled for the repository.
+
+**Key Highlights:**
+- 🔒 **Security Fix** - Updated js-yaml from 4.1.0 to 4.1.1 (fixes prototype pollution CVE)
+- 🤖 **Dependabot** - Automated weekly dependency updates for npm, pip, and GitHub Actions
+- 🔍 **CodeQL** - Security scanning for JavaScript and Python on every PR
+- ✅ **Security Updates** - Enabled Dependabot alerts and automatic security PRs
+
+---
+
 # Release v2.14.15 - CI/CD Publish Workflow Fix
 
 **Release Date:** 2025-12-01

package/package.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
   "name": "agentvibes",
-  "version": "2.14.15",
+  "version": "2.14.16",
   "description": "Now your AI Agents can finally talk back! Professional TTS voice for Claude Code and Claude Desktop (via MCP) with multi-provider support.",
   "homepage": "https://agentvibes.org",
   "keywords": [
@@ -46,7 +46,7 @@
     "commander": "^10.0.0",
     "figlet": "^1.6.0",
     "inquirer": "^12.0.0",
-    "js-yaml": "^4.1.0",
+    "js-yaml": "^4.1.1",
     "ora": "^6.0.0"
   },
   "engines": {

package/src/installer.js

@@ -128,16 +128,16 @@ function showReleaseInfo() {
   console.log(
     boxen(
       chalk.white.bold('═══════════════════════════════════════════════════════════════\n') +
-      chalk.cyan.bold('  📦 AgentVibes v2.14.15 - CI/CD Publish Workflow Fix\n') +
+      chalk.cyan.bold('  📦 AgentVibes v2.14.16 - Security Hardening & Dependency Updates\n') +
       chalk.white.bold('═══════════════════════════════════════════════════════════════\n\n') +
       chalk.green.bold('🎙️ WHAT\'S NEW:\n\n') +
-      chalk.cyan('AgentVibes v2.14.15 fixes the GitHub Actions publish workflow\n') +
-      chalk.cyan('that was failing with E403 errors. The workflow now checks if\n') +
-      chalk.cyan('a version already exists on npm before attempting to publish.\n\n') +
+      chalk.cyan('AgentVibes v2.14.16 hardens repository security with Dependabot\n') +
+      chalk.cyan('automated updates, CodeQL scanning, and fixes a prototype pollution\n') +
+      chalk.cyan('vulnerability in js-yaml. GitHub security features now enabled.\n\n') +
       chalk.green.bold('✨ KEY HIGHLIGHTS:\n\n') +
-      chalk.gray('   🔧 Workflow Fix - publish.yml checks version before publish\n') +
-      chalk.gray('   ✅ Green Badges - No more E403 "already published" errors\n') +
-      chalk.gray('   🚀 CI/CD - Graceful skip if version already on npm\n\n') +
+      chalk.gray('   🔒 Security Fix - js-yaml 4.1.1 fixes prototype pollution CVE\n') +
+      chalk.gray('   🤖 Dependabot - Weekly dependency updates for npm, pip, actions\n') +
+      chalk.gray('   🔍 CodeQL - Security scanning for JS/Python on every PR\n\n') +
       chalk.white.bold('═══════════════════════════════════════════════════════════════\n\n') +
       chalk.gray('📖 Full Release Notes: RELEASE_NOTES.md\n') +
       chalk.gray('🌐 Website: https://agentvibes.org\n') +