From 4d60f245176d17ca28cb8d078f930f216a924ed0 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Sun, 25 Jan 2026 22:49:06 +0000
Subject: [PATCH] chore(release): Update version to v1.4.394

---
 CHANGELOG.md                             |  10 ++++++++++
 cmd/fabric/version.go                    |   2 +-
 cmd/generate_changelog/changelog.db      | Bin 3813376 -> 3817472 bytes
 cmd/generate_changelog/incoming/1971.txt |   7 -------
 nix/pkgs/fabric/version.nix              |   2 +-
 5 files changed, 12 insertions(+), 9 deletions(-)
 delete mode 100644 cmd/generate_changelog/incoming/1971.txt

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5811d025..9e0333f6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,15 @@
 # Changelog
 
+## v1.4.394 (2026-01-25)
+
+### PR [#1971](https://github.com/danielmiessler/Fabric/pull/1971) by [ksylvan](https://github.com/ksylvan): Security fix high medium low priority dependabot alerts for npm dependencies
+
+- Fixed medium severity esbuild vulnerability that allowed websites to send requests to development server and read responses
+- Updated esbuild from vulnerable version 0.21.5 to secure version 0.27.2
+- Fixed low severity @eslint/plugin-kit ReDoS vulnerability through ConfigCommentParser
+- Updated @eslint/plugin-kit from vulnerable version 0.2.8 to secure version 0.5.1
+- Verified all builds and tests pass successfully after security updates
+
 ## v1.4.393 (2026-01-25)
 
 ### PR [#1969](https://github.com/danielmiessler/Fabric/pull/1969) by [ksylvan](https://github.com/ksylvan): Critical and High Impact NPM dependabot issues fixed
diff --git a/cmd/fabric/version.go b/cmd/fabric/version.go
index 9d037240..576f8d6c 100644
--- a/cmd/fabric/version.go
+++ b/cmd/fabric/version.go
@@ -1,3 +1,3 @@
 package main
 
-var version = "v1.4.393"
+var version = "v1.4.394"
diff --git a/cmd/generate_changelog/changelog.db b/cmd/generate_changelog/changelog.db
index 56dc49f93ed81fbcf1773da0570b8be77e0e58ba..4d19bf08c4ebf1cda867048b4e6d228a4505d536 100644
GIT binary patch
delta 5700
zcmcgweQXow8TZ}AvE#%^$Y&D>dE*fBY5TtH^BrRefo_8)G!0{00k@p(yWrM2JN}@c
zwsN3ltlC;=v*m?~eo*bNQE8=Bxk_zSN~LL<S{447R!vMw8P&RJlRDT`O_j=?JLmG%
zBr{Vti66Q1CC~dlzvuV-p4T@y^C>Yo`DfzfTDxeoQ9pkg^%LUx{Y>jO?<wgBa0xk+
zy+4({KXX`%vNRj?(u|i4e3xY<o|ov*p83y^@tG*mL8&9a92uGVu(hR*U*_?v=*=qP
z^3+@Yt;Ch1^aYwInJKx;cEdI`Ia7z%Rg;HY)W*^V`=9J@*q_j!uO<fxV!QtF8gd8W
zV_8}ai2@xAMHNnr(sDpiIVKY1Vj?T@L6(n1MP3wbr!M%YFol_`V%PB_wWNNemU^tB
zbSE)lb6v#)mx(&O9#K+hRXz1u`6+zzVoNhVh^RgnM=L>|R~0e(^p<-4Jw$!(Cho&w
zAJvVo`>3FgXCg61h{|e=WjT)KxqvM4Q6)e}Lkt%XXjzCvLu$-+>J4N4=_aX5Px+~z
zo}`Az3hcN@Z6e|4;6*B|pS?(>2p<z*f_yN<g+d__xD{iZ8VRtxzzBgD8x4jctRhE*
zpzYM_W<Kw}Aa?0vm#F8w&4c7=oBREWR~=6|cR1HN{#x~t<8AWS<mc4mIEBb&9Q=&h
ztv~r0^`RTc3x7%NAbNzL%F2-tt0+9rvkD&-1Xfl<v?6k`K!o8Ln&TA($kUHsxkUj=
z0CqqrzyWXq$^b4vIiLdI22=v70M&psfEqw8pbk(EXaF<<?f^6angMG8>i{kKm0RnX
z0qUx41ltE%y`<}I%nr2X?Da&O?S@%}f!3dt`HlPoMV6m9aSB&&Cj0bX>}dUg{eKjC
zPwSpzHN&>|Z1C?!)s=F|@pf6v-H+>LTAwWMaaX&)aKG=mT6wRT!c6N(1>whkKTy?$
zH*Y|W-cXUnAWodtwZFAa5B{H)+Ki@0sk_KcQ;wNVlH8>GPNH&>Gsuq=seR(avvb;?
zeg<j7Ut752)7KE74d4N^12zCU02=|F`t-FfZ8LR)s?Z&%J5G>rk!tIHmY7;MSZ3!$
zzA}HjxxE|Eqc^wr{^c!dJ9!#AW_oiZd0KyDrgtrA%1kY?D~S^r|6zja)Bka;x7z)+
z1-sE(8KwpZO}CHq{f=~&`N}%V)|J)j*GK#Or5l_SNjY8vgRw4j>*9iS@%nM$-addA
z-~;#pG=KrH01m(d0=jT-@Pl8Kd_+<<{0g(NS@$4eh;X{zbiM3)&h-@5+Jr$oblJUC
z|DsK3bP##Hwp)0Z_(mnwLLFp$ybm~qoh-i97vEl3eEYion;t>>gbEUA?3nBv$7g4#
zFY{Y|_(F3@nB<DpnB%o&#tH;!GJ+J_TJu5jY+!D7L6kd;D8+ise3ZpO8jT=DDrtRi
zr6>(X6#Vf7)ph(rO-R2`Bkug5qJ)^VmEB{HP!q(Y4*aEv{EMLzT$Sxe$4ljFx71Jc
zho8-GyOd}y9nT&{YWxs75Fa~$#+6t+H;xj?hfpdVPnr*7N=ngUawM5WazaUGGe}LQ
zk(L@qg(r#@jVqaUw0boE?S=DAwPl;J<GSeXG&bh7cGEYz#RVV8TFlrm?zk@g4F9WI
z+E-#6QS^yFic{+<N+`RnB3br?{Ssx@*L+s;PqP1*cqZ>`>326h@i1pebct4sQ%f&R
zOEkTg5d|jP-rkNzM$z7OxWi1Xk0s&f(;so({OU>HUd}F;7kw*!NQqfx$S4ODvjj>e
zl8Yx|=wL3PDQP(pPZ(9p9+2}!O(1#rn}?K0CZ1I?D4RqXC>TmB6FDUV<$@1l5Gj#N
zjVoFf9;P8IGH6RHvhiOgmDDmy2A1EQipg0BW-X|uljC!%CKLpJn29GfMEh9A7eLv(
zu@;DE(G$VP&ShdKX)cWcC6kD2S$`^#8;fh+2jf{Zs%%T{np?rjE1k@N7`G-hH9odA
zIc{uwL{7uT7i`fCHo7?4D%<si3dAhgY{17r%<losY8>(gGV$ee4UIx37mX^JjG9X%
z4kKC30%2yN2JbnOq>O8cXpCd6e#tHkHdmKAdTs7470<ZNIG=a?-qC9)uhB7jr03}Q
zkSpA>yVKwAEZ)j2kwy<B(~5-RS~NKx*T#?`#*yD{5R_S4nOE(yUU8)V=y?HF&%^3v
z#e1N&I&QnP9%0nZ*5R|$og48;PAtuvrpSdPUMRH7vI{?U_~`jydAQ}+L?Q2DebZXm
zB3?3mYN4W<&`OfRl{dtVUXe##LwA3_TY?%d^P7v>Ny6tvXI*}qqQ&I|N~+*z>4Wj8
z;zH19#R$?AA2bFit;>p>P`VA-(LT@_IvAHx3VhRVcxMt?DIJeN*SQ7@y=`g`-*Ho{
ztVUZB2?V_i&6|=l86ST4TxS#RzbOvoS&0k&2f8PYo(~vw%LTfNoG`)V>7JbkRu4PT
ztTmVf=Y=5Z8oqPe_T9rK$Chna>6`s56)Y+Pj&s;@spU)xh`wE$+GKHVn9)~BXTgb9
zWF1%B6q{FJ+QUk0P-0gTw*E|?q){+#Y&QI2wbY3pStE7SE-tSd((+<D+fx?+e}T>&
zH;gx~J)lIhhLc*_8cQT2XzS4S&J6NK{a$Z$JciVSJciG$kxs7|(*-e21C7i0o|k>K
zniVdRmZJ|US)?Vivbj#=u%RTk%kApv87@ruU9;mw>gjPqgY0dGYI?2uN@&|xXU6PE
z@mnJUUtS{(e_IH4n_0s27)#4B*pgY6{e>a1->9{54aL~MLN(?|${QxUx=sw0tUSaD
z84khN`AT}=2Fuxi1Vd;nmypxw&O<5uw&--?OOH3!IJ(T))Qzt+5xscxCu035zha)g
zkd-Dh`hL`9w0Sr38+r5Q2j;zD0CRmmpK~ANT$qD$HVb8giM_Jn=sRnq9}&2|PWmyv
zRVQuk@uF*Ij+us`<}_1Na^Z9U_F<9<M}uVgK^PcVs+Zo$3(S(a1$GiFxOWs@Fen_a
z(yAO&1tuUf0u667Vi7vVu_0CvV>}}V)ac%aJ-fcM#Upu&wH8mGXBeibJf?W?p$4hC
zafz!~qQf%04q0R>`?NVlE<Pm`>ni)SB5lQ3$vplHSOT6s<lL68?9=vXrn6Kn@o=1P
zmZlnJJ!KCN0tXs6)?_@=UXOWt=RM&^`z&IM9g%pvL0a3fa3n4_=S*>#-1_DwqLJ=@
zI}!~}SCQx(lM9Hv&7o+}XpKc&cT=ocmQHIJE}^q%RW2aB*l&ajlq`90)dQ6<me2G#
z%ySV1U!yRiQ5!LRns3L|tx}1xL*sO`WQWC;7gke4f*OnjVq!psmyYmmQ!yHmRRlR0
zQ0V}#21J!p*w8}t%zsC2S@k6(X71}jq`=^_pNe~S&%Lf)EY6~t2|pTM;w*3?#>6|~
LE&R$1^~-+)z`X#Y

delta 1216
zcmbu+UuauZ7y$5l&UbHak|s^sv~^3`<+e@Mr1^JmnkMNj)uiS@Vz<`ez!u`vT6IOb
zq;pbVB;B-O(n*_+o=wmxvKR3|JLpliLF_<=Y;Fa?mx@`PprDWyVTic-b)vq=9u&?G
z4(I#M`ObGvvG^k?R(~K1E=d&xcz;oOh^QYwrMVv*7QMYaFFt+vr33lt1BYLk8jq^c
zcu3Vk(cZ_Sn%*1NHFfNtH6<F=)tIhEb#JdWyLaiDyRE6`U&1TOc^mn1=|bdTa_y+P
zsuHm(W`!+bsaS1dt#&%Yig_v;q)(*du%EwUr-Ovd@EZ*@OIS;chMBg}=PS)RD4%t}
zF^gdj84=7IEOnhUv0V!2BAlx`#TF`UPBx=J(2`Vp)QNa3_S{6@_+q-5UsB+<m7HL?
zF!<TcFvM9T3_iorV`0d_@=o2y^AR|?0FTmsCRd=JWh#&({rueu6bKtS8Sj#X*>l^;
z?6Wg{KK}d~ydBz+rl$q#70ZhJrZH=D$v?>#>1BEwUSoNMI$5#?`$>w=*WkJpo5|e)
zY$o$N_~?APw0;+mh$Lh{GBP3)GNU?VK~_|cY{-rpP$P1nCe(~t&;w`(+KHUVg<4S?
zU%$IcOTn-(%%qe%#9}G;5jkUPChfx3y|+oZ=S`w{Lx`|L8S1BRtT6ik4e}4N?kA-G
zux-pe_PTvYxFq1%vaQ$Y@<r3LtflHcVdeGRR=f2#>lO1x{ph{gRriR6JjrgoVDqs7
zk78o^4kg5=e|DD#|L++CN_ih->Ex1Jjqv1x0+dyXR1^RH^5wEJwdZ~rrR7ZpwWAKy
zi9E=QcB3x7yy=@7fLq|?vf@8T_;kDfEwWw3&Mck&x{|lkkGi?HGw|&Nc!XYNay4*-
zzgi8r{=5wPrT{_y%VxlCy-#>6P@e+_ndH()@M~%W3i4Uu)LDLWUoc|um{NkrFe$L^
z?ZEcL|JTHaA(P>tF#l;OF&ac66h;xGA`L}R4~n5)o*0c^{apNtg1|n~b~|~8k{BZF
z<@UrN`>^QEusgM+jYCJmCX@5r@oSP3{zZ2}{~n@rj>*NY3I1LcoYa_}JJTZOXb-zl
z0AFdfG09gO`}STn0~7?)W70EF;0-l#9C+cozNJ<ZNNa-Skm<O@G{v>Zm73_0_?n~-
WI*rs)7OZJYc{_j3!plK@3jP3s-lB;B

diff --git a/cmd/generate_changelog/incoming/1971.txt b/cmd/generate_changelog/incoming/1971.txt
deleted file mode 100644
index 073e4fb0..00000000
--- a/cmd/generate_changelog/incoming/1971.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-### PR [#1971](https://github.com/danielmiessler/Fabric/pull/1971) by [ksylvan](https://github.com/ksylvan): Security fix high medium low priority dependabot alerts for npm dependencies
-
-- Fixed medium severity esbuild vulnerability that allowed websites to send requests to development server and read responses
-- Updated esbuild from vulnerable version 0.21.5 to secure version 0.27.2
-- Fixed low severity @eslint/plugin-kit ReDoS vulnerability through ConfigCommentParser
-- Updated @eslint/plugin-kit from vulnerable version 0.2.8 to secure version 0.5.1
-- Verified all builds and tests pass successfully after security updates
diff --git a/nix/pkgs/fabric/version.nix b/nix/pkgs/fabric/version.nix
index 674a768a..64a84b31 100644
--- a/nix/pkgs/fabric/version.nix
+++ b/nix/pkgs/fabric/version.nix
@@ -1 +1 @@
-"1.4.393"
+"1.4.394"