mirror of
https://github.com/openclaw/openclaw.git
synced 2026-03-12 07:20:45 +00:00
382873fa7b
- fix(security): add prototype pollution protection to setPathValue/removePathValue - Block __proto__, prototype, constructor keys in config map paths - Prevents user-controlled map keys from polluting Object.prototype - Addresses CWE-1321 (Medium severity) flagged by Aisle Security Bot - fix(test): document translate.test.ts fallback behavior - Add explicit comment that fallback path may mask auto-detection regressions - Track and warn when fallback setLocale is used - Addresses Greptile concern about test coverage gaps - docs(test): coverage gap explanations - loadToolsCatalog tests removed: function was already deleted in earlier PR - lastErrorCode test removed: field no longer populated in production - Both test deletions are intentional cleanup, not coverage regressions