• Hold cacheSignal across unstable_cache foreground revalidation: #93617
• Encode non-ASCII characters in cache tags at construction: #93601

Huge thanks to @unstubbable for helping!

• [devtools] Force ANSI colors on overlay code frames regardless of TTY: #93550
• Turbopack: Match proxy matchers with webpack implementation: #93594
• Track searchParams access through a Proxy to catch missing-key reads: #93549
• Cherry-pick ghsa commits to canary: #93614

• docs: escape literal triple-backticks in contribution guide: #93584
• [test] Pin package manager to patch versions: #93592
• turbo-rcstr: replace rcstr! macro_rules with proc macro: #93551
• Turbopack: Fix middleware matcher suffix: #93590
• Turbopack: Change DynEffect::dyn_value to DynEffect::value_hash, a simple u128: #93552
• [ci] Ensure graphite_ci_optimizer fails open even if github fails to fetch the action: #93615

Huge thanks to @aurorascharff, @icyJoseph, @eps1lon, @lukesandberg, @timneutkens, @unstubbable, and @bgw for helping!

• d95cd834 chore(deps): bump rari-binaries to 0.13.3
• 4c8481e7 release: create-rari-app@0.5.6
• f139f797 chore(deps): update dependencies and improve code splitting

Full Changelog: https://github.com/rari-build/rari/compare/create-rari-app@0.5.5...create-rari-app@0.5.7

• 0d179530 release: rari@0.13.3
• 10a3951f chore(rari): downgrade version to 0.13.2

Full Changelog: https://github.com/rari-build/rari/compare/rari@0.13.3...rari@0.13.4

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

• #16646 15fbc41 Thanks @matthewp! - Fixes local images returning 404 on non-prerendered pages when using the generic image endpoint

• fb248889 chore(deps): bump rari to 0.13.3

Full Changelog: https://github.com/rari-build/rari/compare/v0.13.2...v0.13.3

If you like ReactTooltip, please give the project a star on GitHub 🌟

• docs: update react tooltip docs to use the right version for v5 and v6 docs by @danielbarion
• fix: displaying wrong content and delayed display when not needed by @danielbarion

Full Changelog: https://github.com/ReactTooltip/react-tooltip/compare/v6.0.1...v6.0.2

Added onChangeEnd callback that fires when the user finishes changing a color (on mouse up, touch end, or arrow key up). Useful for undo/redo, saving to a database, or other expensive operations. (via #230)

<HexColorPicker
  color={color}
  onChange={setColor}
  onChangeEnd={(color) => saveToDatabase(color)}
/>