Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions packages/qvac-lib-decoder-audio/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [0.3.5]

Security hardening release from comprehensive security audit.

### Changed
- Replace deprecated `istanbul` with `nyc` for code coverage (#1082)

### Fixed
- Fix coverage script to use `.nyc_output` directory for correct HTML report generation (#1082)

## [0.3.4]

### Added
Expand Down
2 changes: 1 addition & 1 deletion packages/qvac-lib-decoder-audio/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@qvac/decoder-audio",
"version": "0.3.4",
"version": "0.3.5",
"description": "",
"license": "Apache-2.0",
"author": "Tether",
Expand Down
9 changes: 9 additions & 0 deletions packages/qvac-lib-infer-onnx-tts/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [0.6.6]

Security hardening release from comprehensive security audit.

### Fixed
- Add 1 MB request body size limit to benchmark server to prevent DoS via memory exhaustion (#1102)
- Validate `modelDir` path in benchmark server to prevent directory traversal outside allowed directories (#1103)
- Remove filesystem paths from C++ error messages in `FileUtils.hpp` to prevent path leakage (#1105)

## [0.6.5]

This release improves TypeScript support for consumers of the ONNX TTS package. Runtime statistics that the native addon already exposes when `opts.stats` is enabled are now described in `index.d.ts`, and `run()` is typed so inference responses carry structured output chunks.
Expand Down
2 changes: 1 addition & 1 deletion packages/qvac-lib-infer-onnx-tts/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@qvac/tts-onnx",
"version": "0.6.5",
"version": "0.6.6",
"description": "Text to Speech (TTS) addon for qvac",
"addon": true,
"engines": {
Expand Down
11 changes: 11 additions & 0 deletions packages/qvac-lib-infer-parakeet/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,17 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [0.2.4]

Security hardening release from comprehensive security audit.

### Fixed
- Add 500 MB buffer limit to audio accumulation to prevent OOM from unbounded buffering (#1080)
- Add SHA-256 integrity verification to model download scripts using HuggingFace LFS checksums (#1081)
- Sanitize error messages to remove filesystem paths from thrown errors (#1084)
- Wrap job ID counter at `Number.MAX_SAFE_INTEGER` to prevent precision loss (#1085)
- Harden benchmark server: add library allowlist, restrict file paths to allowed directories, remove dynamic `npm install`, add body size limit, restrict CORS to localhost (#1086)

## [0.2.3]

### Added
Expand Down
2 changes: 1 addition & 1 deletion packages/qvac-lib-infer-parakeet/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@qvac/transcription-parakeet",
"version": "0.2.3",
"version": "0.2.4",
"description": "High-performance speech-to-text inference addon using NVIDIA Parakeet models for Bare runtime",
"addon": true,
"engines": {
Expand Down
13 changes: 13 additions & 0 deletions packages/qvac-lib-infer-whispercpp/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,19 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [0.5.2]

Security hardening release from comprehensive security audit.

### Fixed
- Replace global streaming state with per-instance map to eliminate race condition and dangling pointer risk (#1079)
- Add 500 MB buffer limit to audio accumulation to prevent OOM from unbounded buffering (#1080)
- Add SHA-256 integrity verification to model download scripts using HuggingFace LFS checksums (#1081)
- Validate `suppress_regex` parameter — ban grouping constructs (parentheses) and enforce 512-char length limit to prevent ReDoS (#1083)
- Sanitize error messages to remove filesystem paths from thrown errors (#1084)
- Wrap job ID counter at `Number.MAX_SAFE_INTEGER` to prevent precision loss (#1085)
- Harden benchmark server: add library allowlist, restrict file paths to allowed directories, remove dynamic `npm install`, add body size limit, restrict CORS to localhost (#1086)

## [0.5.1]

This release documents runtime statistics and transcription output shapes in TypeScript so consumers can type `response.stats` and `run()` results against the native addon.
Expand Down
2 changes: 1 addition & 1 deletion packages/qvac-lib-infer-whispercpp/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@qvac/transcription-whispercpp",
"version": "0.5.1",
"version": "0.5.2",
"description": "transcription addon for qvac",
"addon": true,
"engines": {
Expand Down
Loading