vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-12 17:51:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
29,457 Commits 1,241 Branches 104 Tags
40c5edb5b1ca4ffe01583bc29dc79d3dc9ebf2dc
Commit Graph

1418 Commits

Author SHA1 Message Date
Davanum Srinivas
08ae021d1f fix(qqbot): guard image-size probe against SSRF (#63495) 
* fix(qqbot): replace raw fetch in image-size probe with SSRF-guarded fetchRemoteMedia

Replace the bare fetch() in getImageSizeFromUrl() with fetchRemoteMedia()
from the plugin SDK, closing the blind SSRF via markdown image dimension
probing (GHSA-2767-2q9v-9326).

fetchRemoteMedia options: maxBytes 65536, maxRedirects 0, generic
public-network-only SSRF policy (no hostname allowlist, blocks
private/reserved/loopback/link-local/metadata IPs after DNS resolution).

Also fixes the repo-root resolution in scripts/lib/ts-guard-utils.mjs
which caused lint:tmp:no-raw-channel-fetch to miss extension files
entirely. The guard now walks up to .git instead of hardcoding two parent
traversals, and the allowlist is refreshed with all pre-existing raw
fetch callsites that became visible.

* fix(qqbot): guard image-size probe against SSRF (#63495) (thanks @dims)

---------

Co-authored-by: sliverp <870080352@qq.com>
 2026-04-09 16:48:04 +08:00
Vincent Koc
89acb92011 test(boundary): guard src imports from bundled plugin paths 2026-04-09 09:30:45 +01:00
Vincent Koc
62eca3770f test(boundary): guard sdk and package imports from bundled plugin paths 2026-04-09 09:10:05 +01:00
Peter Steinberger
15ab29b4a9 test: harden macOS npm update smoke fallback 2026-04-09 04:07:45 +01:00
Peter Steinberger
d41188b65e ci: add runtime import cycle guard 2026-04-09 03:56:22 +01:00
Peter Steinberger
b5c3c15dcf test: keep local full suite serial by default 2026-04-09 03:23:00 +01:00
Peter Steinberger
5b28ab83ef test: run local full suite project shards in parallel 2026-04-09 02:26:22 +01:00
Mason Huang
edc6c13f1f plugin-sdk: drop investigative weixin repro harness 2026-04-09 01:35:15 +01:00
Mason Huang
ba636d1206 plugin-sdk: keep command status compatibility path light 2026-04-09 01:35:15 +01:00
Mason Huang
aa15de8fdc plugin-sdk: split command status surface 2026-04-09 01:35:15 +01:00
Peter Steinberger
a8c47db668 fix: repair Windows dev-channel updater 2026-04-09 01:26:28 +01:00
Peter Steinberger
aa79b9fb7d test(docker): quiet success-path e2e logs 2026-04-09 00:29:24 +01:00
Peter Steinberger
b76681f28d test(docker): reduce e2e log noise 2026-04-08 23:27:43 +01:00
Peter Steinberger
f4704184f6 build: narrow plugin SDK declaration build 2026-04-08 20:00:51 +01:00
Peter Steinberger
757fc49506 test: harden Parallels macOS smoke fallback 2026-04-08 20:00:51 +01:00
Peter Steinberger
a3d21539ef test: stabilize full-suite execution 2026-04-08 19:40:57 +01:00
Ayaan Zaidi
17e6ef4076 fix(build): keep tsdown prune best-effort 2026-04-08 21:16:49 +05:30
Ayaan Zaidi
f4ec59c431 fix(build): honor postinstall disable flag 2026-04-08 21:01:53 +05:30
Ayaan Zaidi
66ec8909bd fix(build): address bundled plugin prune review 2026-04-08 21:01:53 +05:30
Ayaan Zaidi
b28fe1b92f fix(build): prune stale bundled plugin node_modules 2026-04-08 21:01:53 +05:30
Peter Steinberger
3dd19a1705 refactor: dedupe test helpers and script warning filter 2026-04-08 15:58:45 +01:00
Peter Steinberger
edf6b490a6 fix: harden bundled plugin dependency release checks 2026-04-08 15:15:44 +01:00
Peter Steinberger
e673efe537 ci: split parallel full suite into leaf shards 2026-04-08 13:20:05 +01:00
Peter Steinberger
4d2ea434d2 ci: skip duplicate full extension shard 2026-04-08 13:03:51 +01:00
Peter Steinberger
d35c46d6c7 test: fix postpublish verifier sidecar handling 2026-04-08 12:51:15 +01:00
scoootscooob
d52d5ad6ff release: mirror bundled channel deps at root (#63065) 
Merged via squash.

Prepared head SHA: ac26799a54
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Co-authored-by: scoootscooob <167050519+scoootscooob@users.noreply.github.com>
Reviewed-by: @scoootscooob
 2026-04-08 04:00:17 -07:00
Peter Steinberger
928a9e4915 fix: keep installer doctor non-interactive 2026-04-08 11:47:59 +01:00
Nimrod Gutman
6681878339 feat(ios): pin calver release versioning (#63001) 
* feat(ios): decouple app versioning from gateway

* feat(ios): pin calver release versioning

* refactor(ios): drop prerelease version helper fields

* docs(changelog): note pinned ios release versioning (#63001) (thanks @ngutman)
 2026-04-08 11:25:35 +03:00
Vincent Koc
45542fa726 fix(test): stabilize windows tooling assertions 2026-04-08 09:12:08 +01:00
Vincent Koc
be530f085d refactor(plugin-sdk): share tool payload extraction 2026-04-08 09:07:28 +01:00
Vincent Koc
490c9c80ef perf(plugin-sdk): split web search config contract 2026-04-08 09:03:07 +01:00
Vincent Koc
2e7a0fc7fb perf(plugins): report slow boundary compiles 2026-04-08 08:52:51 +01:00
Peter Steinberger
2f5b5b7e35 test: remove gpt 4.1 install e2e fallbacks 2026-04-08 07:41:00 +01:00
Peter Steinberger
4f5c137f88 fix: unblock windows update build 2026-04-08 07:18:31 +01:00
Peter Steinberger
0a5aefefbd test: harden Docker install e2e agent lane 2026-04-08 07:15:51 +01:00
Peter Steinberger
f4c64168e7 test: route gateway HTTP history and startup wiring to e2e 2026-04-08 06:17:52 +01:00
Peter Steinberger
75fe554db7 test: smoke packed bundled channel entries 2026-04-08 05:58:29 +01:00
Peter Steinberger
993abc1fb9 test: move gateway e2e fixture out of unit lane 2026-04-08 05:57:51 +01:00
Peter Steinberger
5eab61b45d test: add opt-in leaf project scheduler 2026-04-08 05:28:55 +01:00
Tak Hoffman
8069b990a6 add bundled channel prepack smoke 2026-04-07 23:09:26 -05:00
Peter Steinberger
f180474c2d ci: prepare extension lint artifacts 2026-04-08 03:54:03 +01:00
Peter Steinberger
5f6ea077af fix: harden tahoe version check 2026-04-08 03:51:53 +01:00
Peter Steinberger
c4efdeddd5 fix: harden parallels upgrade flows 2026-04-08 03:51:53 +01:00
Peter Steinberger
da858c326b build: exclude plugin sdk build info from npm pack 2026-04-08 02:47:43 +01:00
Peter Steinberger
c5392f3640 fix: escape tahoe update trap vars 2026-04-08 02:29:03 +01:00
Peter Steinberger
3c9371ec60 fix: repair tahoe update done trap 2026-04-08 02:25:06 +01:00
Peter Steinberger
0cb7168bc4 fix: stabilize parallels upgrade preflight 2026-04-08 02:18:29 +01:00
Peter Steinberger
8f30a6c4ec fix: force cmd shell for windows smoke update 2026-04-08 02:06:16 +01:00
Peter Steinberger
a9e17db938 fix: harden parallels upgrade launchers 2026-04-08 02:05:07 +01:00
Peter Steinberger
ca8685d5f2 fix: harden parallels upgrade checks 2026-04-08 01:34:35 +01:00