Skip to content

Commit 77a2351

Browse files
abhiaiyer91Mastra Code (anthropic/claude-opus-4-8)
andauthored
Security remediation: patch bump all packages (easy-day-js incident) (#18056)
Co-authored-by: Mastra Code (anthropic/claude-opus-4-8) <noreply@mastra.ai>
1 parent 9058539 commit 77a2351

1 file changed

Lines changed: 135 additions & 0 deletions

File tree

Lines changed: 135 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,135 @@
1+
---
2+
'@mastra/acp': patch
3+
'@mastra/agent-browser': patch
4+
'@mastra/agent-builder': patch
5+
'@mastra/agentcore': patch
6+
'@mastra/agentfs': patch
7+
'@mastra/ai-sdk': patch
8+
'@mastra/arize': patch
9+
'@mastra/arthur': patch
10+
'@mastra/astra': patch
11+
'@mastra/auth': patch
12+
'@mastra/auth-auth0': patch
13+
'@mastra/auth-better-auth': patch
14+
'@mastra/auth-clerk': patch
15+
'@mastra/auth-cloud': patch
16+
'@mastra/auth-firebase': patch
17+
'@mastra/auth-neon': patch
18+
'@mastra/auth-okta': patch
19+
'@mastra/auth-studio': patch
20+
'@mastra/auth-supabase': patch
21+
'@mastra/auth-workos': patch
22+
'@mastra/azure': patch
23+
'@mastra/blaxel': patch
24+
'@mastra/braintrust': patch
25+
'@mastra/brightdata': patch
26+
'@mastra/browser-firecrawl': patch
27+
'@mastra/browser-viewer': patch
28+
'@mastra/chroma': patch
29+
'@mastra/claude': patch
30+
'@mastra/clickhouse': patch
31+
'@mastra/client-js': patch
32+
'@mastra/cloudflare': patch
33+
'@mastra/cloudflare-d1': patch
34+
'@mastra/codemod': patch
35+
'@mastra/convex': patch
36+
'@mastra/core': patch
37+
'@mastra/couchbase': patch
38+
'@mastra/cursor': patch
39+
'@mastra/datadog': patch
40+
'@mastra/daytona': patch
41+
'@mastra/deployer': patch
42+
'@mastra/deployer-cloud': patch
43+
'@mastra/deployer-cloudflare': patch
44+
'@mastra/deployer-netlify': patch
45+
'@mastra/deployer-vercel': patch
46+
'@mastra/docker': patch
47+
'@mastra/dsql': patch
48+
'@mastra/duckdb': patch
49+
'@mastra/dynamodb': patch
50+
'@mastra/e2b': patch
51+
'@mastra/editor': patch
52+
'@mastra/elasticsearch': patch
53+
'@mastra/evals': patch
54+
'@mastra/express': patch
55+
'@mastra/fastembed': patch
56+
'@mastra/fastify': patch
57+
'@mastra/files-sdk': patch
58+
'@mastra/gcs': patch
59+
'@mastra/github-signals': patch
60+
'@mastra/google-cloud-pubsub': patch
61+
'@mastra/google-drive': patch
62+
'@mastra/hono': patch
63+
'@mastra/inngest': patch
64+
'@mastra/koa': patch
65+
'@mastra/laminar': patch
66+
'@mastra/lance': patch
67+
'@mastra/langfuse': patch
68+
'@mastra/langsmith': patch
69+
'@mastra/libsql': patch
70+
'@mastra/loggers': patch
71+
'@mastra/longmemeval': patch
72+
'@mastra/mcp': patch
73+
'@mastra/mcp-docs-server': patch
74+
'@mastra/mcp-registry-registry': patch
75+
'@mastra/memory': patch
76+
'@mastra/modal': patch
77+
'@mastra/mongodb': patch
78+
'@mastra/mssql': patch
79+
'@mastra/mysql': patch
80+
'@mastra/nestjs': patch
81+
'@mastra/observability': patch
82+
'@mastra/openai': patch
83+
'@mastra/opencode': patch
84+
'@mastra/opensearch': patch
85+
'@mastra/otel-bridge': patch
86+
'@mastra/otel-exporter': patch
87+
'@mastra/perplexity': patch
88+
'@mastra/pg': patch
89+
'@mastra/pinecone': patch
90+
'@mastra/playground-ui': patch
91+
'@mastra/posthog': patch
92+
'@mastra/qdrant': patch
93+
'@mastra/rag': patch
94+
'@mastra/railway': patch
95+
'@mastra/react': patch
96+
'@mastra/redis': patch
97+
'@mastra/redis-streams': patch
98+
'@mastra/s3': patch
99+
'@mastra/s3vectors': patch
100+
'@mastra/schema-compat': patch
101+
'@mastra/sentry': patch
102+
'@mastra/server': patch
103+
'@mastra/slack': patch
104+
'@mastra/spanner': patch
105+
'@mastra/stagehand': patch
106+
'@mastra/tavily': patch
107+
'@mastra/temporal': patch
108+
'@mastra/turbopuffer': patch
109+
'@mastra/upstash': patch
110+
'@mastra/vectorize': patch
111+
'@mastra/vercel': patch
112+
'@mastra/voice-aws-nova-sonic': patch
113+
'@mastra/voice-azure': patch
114+
'@mastra/voice-cloudflare': patch
115+
'@mastra/voice-deepgram': patch
116+
'@mastra/voice-elevenlabs': patch
117+
'@mastra/voice-gladia': patch
118+
'@mastra/voice-google': patch
119+
'@mastra/voice-google-gemini-live': patch
120+
'@mastra/voice-inworld': patch
121+
'@mastra/voice-modelslab': patch
122+
'@mastra/voice-murf': patch
123+
'@mastra/voice-openai': patch
124+
'@mastra/voice-openai-realtime': patch
125+
'@mastra/voice-playai': patch
126+
'@mastra/voice-sarvam': patch
127+
'@mastra/voice-speechify': patch
128+
'@mastra/voice-xai-realtime': patch
129+
'@mastra/voyageai': patch
130+
'create-mastra': patch
131+
'mastra': patch
132+
'mastracode': patch
133+
---
134+
135+
Security remediation for the 2026-06-17 "easy-day-js" supply-chain incident. Patch bump to publish clean versions and move the `latest` dist-tag forward, superseding the compromised versions that declared the malicious `easy-day-js` dependency.

0 commit comments

Comments
 (0)