Michael Appel
|
9f97ad857a
|
fix(security): pin axios to 1.15.0 and add dependency denylist for plugin installs [AI-assisted] (#63891)
* fix: address issue
* fix: address review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* fix: address PR review feedback
* Plugins: fix install security CI regressions
* Plugins: make manifest traversal linear
* Plugins: bound manifest security traversal
* Plugins: block denied node_modules package dirs
* Plugins: match node_modules case-insensitively
* Plugins: block denied package symlink paths
* Tests: normalize blocked symlink assertion
* Plugins: fail closed on unreadable denied paths
* Plugins: block denied node_modules file aliases
* Plugins: inspect node_modules symlink targets
* Plugins: preserve symlink target package paths
* fix: address PR review feedback
* chore(changelog): add axios pin and dependency denylist entry
---------
Co-authored-by: Devin Robison <drobison@nvidia.com>
|
2026-04-10 11:20:05 -06:00 |
|