ulsklyc/oikos v0.7.0
v0.7.0 - Audit Remediation

on GitHub

latest releases: v0.52.37, v0.52.36, v0.52.35...

one month ago

Audit Remediation Release

Addresses all findings from the pre-release security audit (2026-04-03).

Security

Upgrade bcrypt from 5.1.1 to 6.0.0 - resolves 4 HIGH path traversal CVEs in transitive tar dependency
Remove hardcoded fallback session secret - server now always throws if SESSION_SECRET is unset

Changed

Breaking: Migrate entire server and test suite from CommonJS to ESM
Replace 40+ unstructured console.* calls with server/logger.js (supports LOG_LEVEL env var)
Translate package.json description, .env.example comments, and .gitignore comments to English

Removed

Remove internal audit documents from tracked files
Remove empty .worktrees/ leftover directory

Added

Add CODE_OF_CONDUCT.md (Contributor Covenant v2.1)
Add .gitignore patterns for audit report files

Full Changelog: v0.6.0...v0.7.0

Check out latest releases or
releases around ulsklyc/oikos v0.7.0

Don't miss a new oikos release

NewReleases is sending notifications on new releases.

Get notifications