Sourced from getsentry/craft's releases.

2.26.2

Security 🔒

• (deps) Bump uuid to ^14.0.0 (fix GHSA-w5hq-g745-h8pq) by @​BYK in #810

Bug Fixes 🐛

• (prepare) Remove --allow-remote-config gate by @​BYK in #809

Internal Changes 🔧

• (deps) Bump astro from 5.18.1 to 6.1.6 in /docs by @​dependabot in #806
• (deps-dev) Bump fast-xml-parser from 5.5.7 to 5.7.0 by @​dependabot in #808

2.26.1

Security 🔒

• (release-env) Allowlist GITHUB_* and RUNNER_* by prefix by @​BYK in #807

Bug Fixes 🐛

• (npm) Tolerate workspace:* deps in version bump and bun.lock patching by @​BYK in #805

Internal Changes 🔧

• Fix Node 20 + app-id deprecation warnings, refresh Node matrix by @​BYK in #803

2.26.0

Security 🔒

• (ci) Pin third-party GitHub Actions to commit SHAs by @​BYK in #801
• (commit-repo) Replace execSync tar with node-tar by @​BYK in #799
• (gpg) Pipe private key via stdin instead of writing to /tmp by @​BYK in #798
• (publish) Move publish-state file out of repo cwd by @​BYK in #797
• (spawn) Strip dynamic-linker env vars from subprocess env by @​BYK in #800

New Features ✨

• Recognize security: commit prefix for changelog and versioning by @​BYK in #802

2.25.5

Bug Fixes 🐛

Security

• Move workflow to pull_request and do not persist creds by @​geoffg-sentry in #796
• Disable .craft.env reading and harden release subprocess env by @​BYK in #794

Sourced from getsentry/craft's changelog.

Changelog

2.26.2

Security 🔒

• (deps) Bump uuid to ^14.0.0 (fix GHSA-w5hq-g745-h8pq) by @​BYK in #810

Bug Fixes 🐛

• (prepare) Remove --allow-remote-config gate by @​BYK in #809

Internal Changes 🔧

• (deps) Bump astro from 5.18.1 to 6.1.6 in /docs by @​dependabot in #806
• (deps-dev) Bump fast-xml-parser from 5.5.7 to 5.7.0 by @​dependabot in #808

2.26.1

Security 🔒

• (release-env) Allowlist GITHUB_* and RUNNER_* by prefix by @​BYK in #807

Bug Fixes 🐛

• (npm) Tolerate workspace:* deps in version bump and bun.lock patching by @​BYK in #805

Internal Changes 🔧

• Fix Node 20 + app-id deprecation warnings, refresh Node matrix by @​BYK in #803

2.26.0

Security 🔒

• (ci) Pin third-party GitHub Actions to commit SHAs by @​BYK in #801
• (commit-repo) Replace execSync tar with node-tar by @​BYK in #799
• (gpg) Pipe private key via stdin instead of writing to /tmp by @​BYK in #798
• (publish) Move publish-state file out of repo cwd by @​BYK in #797
• (spawn) Strip dynamic-linker env vars from subprocess env by @​BYK in #800

New Features ✨

• Recognize security: commit prefix for changelog and versioning by @​BYK in #802

2.25.5

Bug Fixes 🐛

Security

... (truncated)

• 3dc647f release: 2.26.2
• 3739fa1 security(deps): bump uuid to ^14.0.0 (fix GHSA-w5hq-g745-h8pq) (#810)
• 86fd3da fix(prepare): remove --allow-remote-config gate (#809)
• 3294203 build(deps): bump astro from 5.18.1 to 6.1.6 in /docs (#806)
• ad5568e build(deps-dev): bump fast-xml-parser from 5.5.7 to 5.7.0 (#808)
• 19b7281 meta: Bump new development version
• a8d2fd6 Merge branch 'release/2.26.1'
• c248b38 release: 2.26.1
• c5c5d7a security(release-env): allowlist GITHUB_* and RUNNER_* by prefix (#807)
• 2ec39c0 fix(npm): tolerate workspace:* deps in version bump and bun.lock patching (#805)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)