- Backported key bug fixes to the stable release.
- Fixed a linked‑list bug in LRU deleteFromLru (issue 88652).
- Corrected handling of relative same‑host redirects in Node middleware (issue 88253).
No matching updates in this bucket.
TypeScript updates in 2026-w03
- Update Turbopack's SWC core to v50.2.3, fixing crashes with MDX files containing multibyte characters
- Enable mimalloc on musl targets and upgrade it, resolving a major performance regression on Alpine/Docker Linux
- Implemented multiple CVE fixes: added TLSSocket default error handler, network checks on pipe/wrap connect, stricter symlink read/write permissions, disabled futimes under permission model, rethrown stack overflow exceptions in async hoo...
- Updated core dependencies: c‑ares upgraded to v1.34.6 and undici to 7.18.2.
- Add TLSSocket default error handler (CVE‑2025‑59465) and route TLS callback exceptions through error handlers (CVE‑2026‑21637).
- Disable futimes under the permission model, require full read/write permissions for symlink APIs, and refactor unsafe buffer creation to remove zero‑fill toggle (CVE‑2025‑55130, 55131, 55132).
- Rethrow stack‑overflow exceptions in async hooks to avoid silent failures (CVE‑2025‑59466).
- Fixed multiple CVE vulnerabilities (disabled futimes with permission model, added TLSSocket default error handler, required full read/write for symlink APIs, rethrown stack overflow in async hooks, removed zero‑fill toggle from unsafe bu...
- Updated core dependencies: c‑ares to v1.34.6 and undici to 6.23.0
- Improved error handling and security posture across lib and TLS modules
- Fixed Prisma Accelerate support issue in edge runtime configurations when the @prisma/client/edge entrypoint was not used.
- Patch release 6.19.2 resolves this edge runtime bug.