April 21, 2026
Dependency maintenance across CI, app, and marketing site, including a security patch for the marketing site's email library.
Updates deployed on April 21, 2026.
Security
- Marketing site email library patched. Upgraded nodemailer to patch an SMTP command injection vulnerability (GHSA-vvjj-xcjg-gr5g) on the marketing site. (#2628)
Under the Hood
- Dependency maintenance: bumped CI workflows, app runtime deps, and marketing site deps to latest patch and minor releases.
- Specifically updated:
actions/setup-node,actions/upload-artifact,@types/node,jsdom,ai,react,vitest,@prisma/adapter-pg,@ai-sdk/react,react-dom,@tiptap/react,@tiptap/starter-kit,firebase-admin. (#2641, #2625, #2629, #2630, #2633, #2627, #2632, #2637, #2631, #2639, #2635, #2638, #2626)