mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-06 08:10:44 +00:00
fix: override vulnerable uuid dependency
This commit is contained in:
Peter Steinberger
@@ -30,6 +30,7 @@ Docs: https://docs.openclaw.ai
|
||||
### Fixes
|
||||
|
||||
- Providers/Moonshot: stop strict-sanitizing Kimi's native tool_call IDs (shaped like `functions.<name>:<index>`) on the OpenAI-compatible transport, so multi-turn agentic flows through Kimi K2.6 no longer break after 2-3 tool-calling rounds when the serving layer fails to match mangled IDs against the original tool definitions. Adds a `sanitizeToolCallIds` opt-out to the shared `openai-compatible` replay family helper and wires Moonshot to it. Fixes #62319. (#70030) Thanks @LeoDu0314.
|
||||
- Dependencies/security: override transitive `uuid` to `14.0.0`, clearing the runtime advisory across dependencies.
|
||||
- Codex harness: ignore dynamic tool descriptions when deciding whether to reuse a native app-server thread while still fingerprinting tool schemas, so channel-specific copy changes no longer reset otherwise compatible Codex conversations. (#69976) Thanks @chen-zhang-cs-code.
|
||||
- Codex harness: drop invalid legacy app-server `serviceTier` values such as `"priority"` before native thread and turn requests, while keeping supported Codex tiers limited to `"fast"` and `"flex"`. Fixes #64815.
|
||||
- Codex harness: show bounded, sanitized permission target samples in app-server approval prompts, so native permission requests keep their specific hosts, roots, and paths visible without leaking home usernames or URL credentials. (#70340) Thanks @Lucenx9.
|
||||
|
||||
@@ -1608,7 +1608,8 @@
|
||||
"overrides": {
|
||||
"axios": "1.15.0",
|
||||
"follow-redirects": "1.16.0",
|
||||
"node-domexception": "npm:@nolyfill/domexception@1.0.28"
|
||||
"node-domexception": "npm:@nolyfill/domexception@1.0.28",
|
||||
"uuid": "14.0.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=22.14.0"
|
||||
@@ -1636,7 +1637,8 @@
|
||||
"tar": "7.5.13",
|
||||
"tough-cookie": "4.1.3",
|
||||
"yauzl": "3.2.1",
|
||||
"protobufjs": "7.5.5"
|
||||
"protobufjs": "7.5.5",
|
||||
"uuid": "14.0.0"
|
||||
},
|
||||
"onlyBuiltDependencies": [
|
||||
"@lydell/node-pty",
|
||||
|
||||
35
pnpm-lock.yaml
generated
35
pnpm-lock.yaml
generated
@@ -26,6 +26,7 @@ overrides:
|
||||
tough-cookie: 4.1.3
|
||||
yauzl: 3.2.1
|
||||
protobufjs: 7.5.5
|
||||
uuid: 14.0.0
|
||||
|
||||
packageExtensionsChecksum: sha256-n+P/SQo4Pf+dHYpYn1Y6wL4cJEVoVzZ835N0OEp4TM8=
|
||||
|
||||
@@ -7239,20 +7240,8 @@ packages:
|
||||
util-deprecate@1.0.2:
|
||||
resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==}
|
||||
|
||||
uuid@11.1.0:
|
||||
resolution: {integrity: sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A==}
|
||||
hasBin: true
|
||||
|
||||
uuid@13.0.0:
|
||||
resolution: {integrity: sha512-XQegIaBTVUjSHliKqcnFqYypAd4S+WCYt5NIeRs6w/UAry7z8Y9j5ZwRRL4kzq9U3sD6v+85er9FvkEaBpji2w==}
|
||||
hasBin: true
|
||||
|
||||
uuid@8.3.2:
|
||||
resolution: {integrity: sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg==}
|
||||
hasBin: true
|
||||
|
||||
uuid@9.0.1:
|
||||
resolution: {integrity: sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==}
|
||||
uuid@14.0.0:
|
||||
resolution: {integrity: sha512-Qo+uWgilfSmAhXCMav1uYFynlQO7fMFiMVZsQqZRMIXp0O7rR7qjkj+cPvBHLgBqi960QCoo/PH2/6ZtVqKvrg==}
|
||||
hasBin: true
|
||||
|
||||
validate-npm-package-name@7.0.2:
|
||||
@@ -8320,13 +8309,13 @@ snapshots:
|
||||
dependencies:
|
||||
'@azure/msal-common': 15.17.0
|
||||
jsonwebtoken: 9.0.3
|
||||
uuid: 8.3.2
|
||||
uuid: 14.0.0
|
||||
|
||||
'@azure/msal-node@5.1.3':
|
||||
dependencies:
|
||||
'@azure/msal-common': 16.5.0
|
||||
jsonwebtoken: 9.0.3
|
||||
uuid: 8.3.2
|
||||
uuid: 14.0.0
|
||||
|
||||
'@babel/generator@8.0.0-rc.3':
|
||||
dependencies:
|
||||
@@ -9312,7 +9301,7 @@ snapshots:
|
||||
proper-lockfile: 4.1.2
|
||||
strip-ansi: 7.2.0
|
||||
undici: 7.25.0
|
||||
uuid: 11.1.0
|
||||
uuid: 14.0.0
|
||||
yaml: 2.8.3
|
||||
optionalDependencies:
|
||||
'@mariozechner/clipboard': 0.3.2
|
||||
@@ -11929,7 +11918,7 @@ snapshots:
|
||||
https-proxy-agent: 7.0.6
|
||||
is-stream: 2.0.1
|
||||
node-fetch: 2.7.0
|
||||
uuid: 9.0.1
|
||||
uuid: 14.0.0
|
||||
transitivePeerDependencies:
|
||||
- encoding
|
||||
- supports-color
|
||||
@@ -12731,7 +12720,7 @@ snapshots:
|
||||
p-retry: 7.1.1
|
||||
sdp-transform: 3.0.0
|
||||
unhomoglyph: 1.0.6
|
||||
uuid: 13.0.0
|
||||
uuid: 14.0.0
|
||||
|
||||
matrix-widget-api@1.17.0:
|
||||
dependencies:
|
||||
@@ -14217,13 +14206,7 @@ snapshots:
|
||||
|
||||
util-deprecate@1.0.2: {}
|
||||
|
||||
uuid@11.1.0: {}
|
||||
|
||||
uuid@13.0.0: {}
|
||||
|
||||
uuid@8.3.2: {}
|
||||
|
||||
uuid@9.0.1: {}
|
||||
uuid@14.0.0: {}
|
||||
|
||||
validate-npm-package-name@7.0.2: {}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user