vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-14 10:41:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9f97ad857a890cd5254defc33c69e81e570f7725
openclaw/src
History
Michael Appel 9f97ad857a fix(security): pin axios to 1.15.0 and add dependency denylist for plugin installs [AI-assisted] (#63891) 
* fix: address issue

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* Plugins: fix install security CI regressions

* Plugins: make manifest traversal linear

* Plugins: bound manifest security traversal

* Plugins: block denied node_modules package dirs

* Plugins: match node_modules case-insensitively

* Plugins: block denied package symlink paths

* Tests: normalize blocked symlink assertion

* Plugins: fail closed on unreadable denied paths

* Plugins: block denied node_modules file aliases

* Plugins: inspect node_modules symlink targets

* Plugins: preserve symlink target package paths

* fix: address PR review feedback

* chore(changelog): add axios pin and dependency denylist entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>
2026-04-10 11:20:05 -06:00
..
acp
fix(acp): classify gateway chat error kinds
2026-04-10 10:12:07 +01:00
agents
fix: align channel owner context test types
2026-04-10 18:14:14 +01:00
auto-reply
fix: align channel owner context test types
2026-04-10 18:14:14 +01:00
bindings
bootstrap
canvas-host
refactor: dedupe gateway memory trimmed readers
2026-04-08 01:36:39 +01:00
channels
Gate Matrix profile updates for non-owner message tool runs (#62662)
2026-04-10 12:56:17 -04:00
chat
refactor: dedupe misc lowercase helpers
2026-04-07 22:24:32 +01:00
cli
refactor: split manifest command alias helpers
2026-04-10 17:37:31 +01:00
commands
test: narrow doctor config matrix helper import
2026-04-10 18:05:02 +01:00
compat
config
fix: preserve canonical restart sentinel routes (#64391)
2026-04-10 12:44:07 -04:00
context-engine
feat: expose prompt-cache runtime context to context engines (#62179)
2026-04-07 09:29:57 -07:00
cron
Gate Matrix profile updates for non-owner message tool runs (#62662)
2026-04-10 12:56:17 -04:00
daemon
fix(daemon): prevent systemd restart storm on config validation failure
2026-04-10 16:23:46 +01:00
docs
flows
test: keep command setup hook tests narrow
2026-04-10 17:08:38 +01:00
gateway
fix(gateway): preserve restart sentinel account routing
2026-04-10 13:16:19 -04:00
hooks
fix(gateway): restore dreaming startup reconciliation (#64258)
2026-04-10 15:02:19 +02:00
i18n
image-generation
test: move image generation live sweep out of src
2026-04-10 09:47:57 +01:00
infra
fix(security): pin axios to 1.15.0 and add dependency denylist for plugin installs [AI-assisted] (#63891)
2026-04-10 11:20:05 -06:00
interactive
refactor: dedupe reply lowercase helpers
2026-04-07 10:37:39 +01:00
link-understanding
logging
refactor: remove type-only import cycles
2026-04-10 15:14:27 +01:00
markdown
mcp
refactor: dedupe core lowercase helpers
2026-04-07 20:58:01 +01:00
media
refactor: dedupe gateway memory trimmed readers
2026-04-08 01:36:39 +01:00
media-generation
test(boundary): route helper imports through bundled plugin surfaces
2026-04-10 08:05:56 +01:00
media-understanding
refactor: remove type-only import cycles
2026-04-10 15:14:27 +01:00
memory-host-sdk
test: align Vitest config path assertions
2026-04-10 15:49:37 +01:00
music-generation
test: keep media runtime tests on same-directory provider mocks
2026-04-08 17:15:56 +01:00
node-host
refactor: dedupe core trimmed readers
2026-04-08 01:36:39 +01:00
pairing
refactor: dedupe core trimmed readers
2026-04-08 01:36:39 +01:00
plugin-sdk
perf: add narrow inbound roots sdk surface
2026-04-10 17:34:41 +01:00
plugins
fix(security): pin axios to 1.15.0 and add dependency denylist for plugin installs [AI-assisted] (#63891)
2026-04-10 11:20:05 -06:00
process
fix(ci): repair main type drift
2026-04-10 08:13:02 +01:00
realtime-transcription
refactor: dedupe provider registry normalizers
2026-04-07 10:37:38 +01:00
realtime-voice
refactor: dedupe provider registry normalizers
2026-04-07 10:37:38 +01:00
routing
refactor: dedupe misc lowercase helpers
2026-04-07 22:24:32 +01:00
scripts
test: align shard path expectations
2026-04-10 13:44:51 +01:00
secrets
test: isolate agent runtime mocks
2026-04-10 18:06:49 +01:00
security
refactor: dedupe core trimmed readers
2026-04-08 01:36:39 +01:00
sessions
fix(gateway): clear auto-fallback model override on session reset (#63155)
2026-04-09 00:31:05 +08:00
shared
fix(text): strip Qwen-style XML tool call payloads from visible text (#63999)
2026-04-10 15:36:25 +01:00
tasks
fix: allow CLI task cancel for stuck background tasks (#62506) (thanks @neeravmakwana)
2026-04-09 17:16:07 +05:30
terminal
refactor: dedupe infra lowercase helpers
2026-04-07 15:53:50 +01:00
test-helpers
refactor: dedupe extension lowercase helpers
2026-04-07 15:12:32 +01:00
test-utils
test: reduce media contract import cost
2026-04-10 17:31:08 +01:00
tts
refactor: dedupe misc lowercase helpers
2026-04-07 22:24:32 +01:00
tui
fix: reset TUI footer activity on session switch (#63988) (thanks @neeravmakwana)
2026-04-10 13:32:01 +05:30
types
utils
refactor: remove type-only import cycles
2026-04-10 15:14:27 +01:00
video-generation
test: keep media runtime tests on same-directory provider mocks
2026-04-08 17:15:56 +01:00
web
web-fetch
refactor: dedupe repeated test helpers
2026-04-08 09:58:22 +01:00
web-search
refactor: dedupe repeated test helpers
2026-04-08 09:58:22 +01:00
wizard
fix(cycles): remove browser cli and tlon runtime seams
2026-04-10 11:45:28 +01:00
browser-lifecycle-cleanup.test.ts
browser-lifecycle-cleanup.ts
channel-web.ts
docker-build-cache.test.ts
test: restore moved Vitest config discovery
2026-04-10 14:20:39 +01:00
docker-image-digests.test.ts
docker-setup.e2e.test.ts
dockerfile.test.ts
fix: make qa lab docker boot resilient
2026-04-07 09:04:18 +01:00
entry.respawn.test.ts
entry.respawn.ts
entry.test.ts
entry.ts
entry.version-fast-path.test.ts
extensionAPI.ts
global-state.ts
globals.ts
index.test.ts
index.ts
install-sh-version.test.ts
library.test.ts
library.ts
logger.test.ts
logger.ts
logging.ts
param-key.ts
refactor: dedupe remaining lowercase helpers
2026-04-07 22:57:52 +01:00
plugin-activation-boundary.test.ts
Config: split static channel configured helper
2026-04-07 13:07:40 +08:00
poll-params.test.ts
poll-params.ts
refactor: dedupe daemon lowercase helpers
2026-04-07 13:44:42 +01:00
polls.test.ts
polls.ts
runtime.ts
ui-app-settings.agents-files-refresh.test.ts
UI: remove redundant cron refresh wrapper
2026-04-09 22:59:22 -05:00
utils.test.ts
feat: Add first-class infer CLI for inference workflows (#62129)
2026-04-07 07:11:19 -05:00
utils.ts
feat: Add first-class infer CLI for inference workflows (#62129)
2026-04-07 07:11:19 -05:00
version.test.ts
fix: stabilize live qa scenario suite
2026-04-08 08:17:59 +01:00
version.ts
fix: stabilize live qa scenario suite
2026-04-08 08:17:59 +01:00