stack.pulse
#stacks/turborepo/tooling

Turborepo release notes, breaking changes, and upgrade notes.

High-performance build system for JavaScript and TypeScript monorepos StackPulse turns upstream changelogs into scannable summaries with risky changes, deprecations, migration notes, and source links.

source repo$track this stackplan upgraderss
releases
20
breaking
0
security
3
deprecated
3
migrations
0

Get source-linked upgrade notes and occasional sponsor recommendations. No GitHub login required.

what stackpulse tracks

Turborepo releases from GitHub

StackPulse watches Turborepo release notes and keeps the original source link close to every summary.

upgrade risk

Breaking changes and deprecations

Risky changes are separated from normal feature notes so you can scan upgrade impact before changing production dependencies.

migration notes

Source-backed next steps

Migration steps and recommended actions are only shown when the upstream release notes support them.

# latest_releases

source-backed
allbreakingdeprecationmigrationsecurity
v2.10.0highfeaturesecurityJun 24, 2026

Turborepo v2.10.0

This release introduces incremental task caching, circular package dependency detection, and local cache eviction settings. It also includes numerous fixes for package manager support and performance improvements.

affected

Users relying on cache management, task filtering, or working with circular dependencies will benefit from new features and improvements.

action

Update to v2.10.0 to take advantage of new features and security fixes.

release_signals
!Upgrade dependencies to resolve known vulnerabilities
!Load custom CA certificates in fast webpki-only HTTP client
+Add `cacheMaxAge` and `cacheMaxSize` for local cache eviction
+Add incremental task caching
+Add circular package dependency detection to boundaries
+Allow `--affected` and `--filter` to be combined
+Graceful shutdown feature
view source on github->
v2.9.19-canary.1criticaldeprecationsecurityprereleaseJun 11, 2026

Turborepo v2.9.19-canary.1

This release focuses on hardening security and fixing bugs, particularly around cache handling, Windows PTY tasks, and authentication flows. Several vulnerabilities related to cache restoration, file access, and Git argument injection have been addressed.

affected

Users relying on cache restoration, Git integrations, or self-hosted login URLs may be affected by security fixes.

action

Upgrade to this version to benefit from security improvements and bug fixes.

release_signals
!Prevent Git argument injection in SCM refs
!Harden cache archive symlink restore
!Block self-hosted login URLs from attempting to use Vercel's SSO
!Validate OidHash hex buffers
!Separate artifact signature fields
!Removed web UI mode
view source on github->
v2.9.18mediumdeprecationsecurityJun 10, 2026

Turborepo v2.9.18

This release focuses on hardening security and fixing bugs related to cache handling, file access, and Git argument injection. Several improvements were made to ensure safer symlink restoration, artifact signature validation, and path normalization.

affected

Users relying on the web UI mode or self-hosted login URLs may be affected.

action

Update to this version to benefit from security fixes and deprecation changes.

release_signals
!Prevent Git argument injection in SCM refs
!Block self-hosted login URLs from attempting to use Vercel's SSO
!Harden cache archive symlink restore
!Validate OidHash hex buffers
!Separate artifact signature fields
!Remove web UI mode
view source on github->
Turborepo release notes, breaking changes, and upgrade notes · StackPulse