Merge pull request #6 from logtide-dev/fix/security-deps

chore: bump version to 0.6.1 and fix security vulnerabilities

Author: Polliog

CHANGELOG.md

@@ -5,6 +5,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.6.1] - 2026-02-28
+
+### Fixed
+- **Security Updates**: Addressed multiple security vulnerabilities across the workspace:
+  - Updated `minimatch` to `>=10.2.3` (fixes several ReDoS vulnerabilities).
+  - Updated `rollup` to `>=4.59.0` (fixes Arbitrary File Write via Path Traversal).
+  - Updated `tar` to `>=7.5.8` (fixes Hardlink Target Escape).
+  - Updated `nanotar` to `^0.2.1` (fixes Path Traversal).
+  - Updated `@angular/core` to `^19.2.19` (fixes XSS in i18n).
+  - Updated `@sveltejs/kit` to `^2.52.2` and `svelte` to `^5.53.5` (fixes XSS and Resource Exhaustion).
+  - Updated `ajv` to `>=8.18.0` (fixes ReDoS).
+  - Updated `qs` to `>=6.14.2` (fixes DoS).
+  - Updated `hono` to `^4.11.10` (Timing attack hardening).
+  - Updated `devalue` to `>=5.6.3` (fixes Prototype Pollution and Resource Exhaustion).
+
 ## [0.6.0] - 2026-02-28
 
 ### Added

package.json

@@ -1,6 +1,6 @@
 {
   "private": true,
-  "version": "0.6.0",
+  "version": "0.6.1",
   "scripts": {
     "build": "pnpm -r --filter @logtide/* build",
     "test": "pnpm -r --filter @logtide/* test",
@@ -16,10 +16,20 @@
   },
   "pnpm": {
     "overrides": {
-      "tar": ">=7.5.7",
+      "tar": ">=7.5.8",
       "esbuild": ">=0.25.0",
       "webpack": ">=5.104.1",
-      "cookie": ">=0.7.0"
+      "cookie": ">=0.7.0",
+      "minimatch": ">=10.2.3",
+      "rollup": ">=4.59.0",
+      "ajv": ">=8.18.0",
+      "qs": ">=6.14.2",
+      "devalue": ">=5.6.3",
+      "hono": "^4.11.10",
+      "@angular/core": "^19.2.19",
+      "@sveltejs/kit": "^2.52.2",
+      "svelte": "^5.53.5",
+      "nanotar": "^0.2.1"
     }
   }
 }

packages/angular/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logtide/angular",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "LogTide SDK integration for Angular — ErrorHandler, HTTP Interceptor, trace propagation",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -51,9 +51,9 @@
     "rxjs": ">=7.0.0"
   },
   "devDependencies": {
-    "@angular/common": "^19.0.0",
-    "@angular/compiler": "^21.1.3",
-    "@angular/core": "^19.0.0",
+    "@angular/common": "^19.2.19",
+    "@angular/compiler": "^19.2.19",
+    "@angular/core": "^19.2.19",
     "rxjs": "^7.8.0",
     "tsup": "^8.5.1",
     "typescript": "^5.5.4"

packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logtide/core",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "Core client, hub, scope, transports, and utilities for the LogTide SDK",
   "type": "module",
   "main": "./dist/index.cjs",

packages/elysia/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logtide/elysia",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "LogTide SDK plugin for Elysia — request tracing and error capture via lifecycle hooks",
   "type": "module",
   "main": "./dist/index.cjs",

packages/express/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logtide/express",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "LogTide SDK middleware for Express — request tracing and error capture",
   "type": "module",
   "main": "./dist/index.cjs",

packages/fastify/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logtide/fastify",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "LogTide SDK plugin for Fastify — request tracing and error capture",
   "type": "module",
   "main": "./dist/index.cjs",

packages/hono/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logtide/hono",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "LogTide SDK middleware for Hono — request tracing and error capture",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -49,7 +49,7 @@
     "hono": ">=4.0.0"
   },
   "devDependencies": {
-    "hono": "^4.6.0",
+    "hono": "^4.11.10",
     "tsup": "^8.5.1",
     "typescript": "^5.5.4"
   }

packages/nextjs/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logtide/nextjs",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "LogTide SDK integration for Next.js — auto error capture, request tracing, and performance spans",
   "type": "module",
   "main": "./dist/index.cjs",

packages/node/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@logtide/sdk-node",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "Official Node.js SDK for LogTide (logtide.dev) - Self-hosted log management with advanced features: retry logic, circuit breaker, query API, live streaming, and middleware support",
   "type": "module",
   "main": "./dist/index.cjs",