What's Changed
- chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 in the everything group by @dependabot[bot] in #1656
Security hardening
- http-response-serializer — caps media-type length at 128 chars and validates against a media-type grammar before reflecting into Content-Type. Stops ReDoS via attacker-supplied media types and prevents echoing
Bug fixes / edge cases
- fix: add in missing defaults, plus small fixes across http-header-normalizer, http-multipart-body-parser, glue-schema-registry, validator, http-content-negotiation, event-batch-response, http-x402.
Performance
- core/index.js reworked (~73 lines) across the standard/durable/streamify execution modes, plus two perf commits (fix: perf optimization, fix: small perf boost).
Tooling / CI (not user-facing)
- Biome bumped to 2.5.0 + config migration (the lint fix from earlier in our session — preset: "recommended", SVG/proto/test overrides).
- Fuzz-test fixes (event-normalizer), mutation-coverage improvements, provenance-attestation source fix.
Docs
- Added a WAF alternative note; typo fixes.
Full Changelog: 7.6.7...7.6.8