Note
This release contains important security fixes.
High:
Low:
- GHSA-hcf7-66rw-9f5r: Login callback CSRF/session fixation
- GHSA-3qcw-2rhx-2726: Unexpected local code execution during Yarn Berry detection
What's Changed
Changelog
- release(turborepo): 2.9.12 by @github-actions[bot] in #12774
- fix: Restore docs mobile menu by @anthonyshew in #12782
- ci: Use
pull_requestfor PR title linting by @anthonyshew in #12787 - ci: Scope GitHub Actions caches by branch by @anthonyshew in #12788
- test: Validate lockfiles without dependency downloads by @anthonyshew in #12789
- Removed unneeded import form hash creation script in docs by @dancrumb in #12799
- fix: Validate auth callback state by @anthonyshew in #12802
- fix: Harden VS Code extension command execution by @anthonyshew in #12800
- fix: Avoid project-local Yarn during detection by @anthonyshew in #12801
- chore: Release 2.9.13 by @anthonyshew in #12803
New Contributors
Full Changelog: v2.9.12...v2.9.14