vrr/eigent
2
0
Fork 0
mirror of https://github.com/eigent-ai/eigent.git synced 2026-05-12 22:31:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
1717 commits 736 branches 71 tags 673 MiB
Commit graph

69 commits

Author SHA1 Message Date
sd416
719bf043ff
Merge pull request #1 from sd416/dependabot/github_actions/tj-actions/changed-files-47 
chore(deps): bump tj-actions/changed-files from 45 to 47
 2026-01-16 11:49:22 +05:30
sd416
0ebc769ffc
Merge pull request #2 from sd416/dependabot/github_actions/actions/download-artifact-7 
chore(deps): bump actions/download-artifact from 4 to 7
 2026-01-16 11:49:16 +05:30
sd416
cf1b75f3a4
Merge pull request #3 from sd416/dependabot/github_actions/actions/setup-python-6 
chore(deps): bump actions/setup-python from 4 to 6
 2026-01-16 11:49:10 +05:30
sd416
a3e83b4f6d
Merge pull request #4 from sd416/dependabot/github_actions/actions/setup-node-6 
chore(deps): bump actions/setup-node from 4 to 6
 2026-01-16 11:49:03 +05:30
dependabot[bot]
8a1d711bf8
chore(deps): bump actions/upload-artifact from 4 to 6 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:21 +00:00
dependabot[bot]
818b176f55
chore(deps): bump actions/setup-node from 4 to 6 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:17 +00:00
dependabot[bot]
b7faebac86
chore(deps): bump actions/setup-python from 4 to 6 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:12 +00:00
dependabot[bot]
54c5fc220c
chore(deps): bump actions/download-artifact from 4 to 7 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:08 +00:00
dependabot[bot]
d95f93ae5c
chore(deps): bump tj-actions/changed-files from 45 to 47 
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 45 to 47.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/v45...v47)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-version: '47'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:04 +00:00
sd416
ff3383ce0c
Add GitHub Actions to Dependabot configuration 
Added configuration for GitHub Actions updates to Dependabot.
 2026-01-16 11:46:53 +05:30
Wendong-Fan
f468855410 update 2026-01-16 07:31:22 +08:00
Wendong-Fan
7e7d36e2f5 release: 0.0.78 2026-01-16 05:32:28 +08:00
Wendong-Fan
9446f8aa89 cicd security 2026-01-13 21:55:29 +08:00
Cole Murray
102a864d43 fix(security): prevent arbitrary code execution in CI workflow 
SECURITY FIX: The previous CI workflow was vulnerable to arbitrary code
execution from fork PRs due to using `pull_request_target` with checkout
of untrusted PR code.

Attack vector:
- Attacker forks repo and adds malicious node_modules/.bin/markdownlint-cli
- Opens PR to trigger CI workflow
- npx executes attacker's script with repository write permissions
- Attacker can exfiltrate credentials, comment on PRs, or push code

Fix:
- Split workflow into two separate files
- ci.yml: Uses pull_request_target for commenting (no code checkout)
- lint-markdown.yml: Uses pull_request for linting (safe to checkout)

The pull_request trigger runs fork PRs with read-only permissions and
no access to repository secrets, making it safe to checkout and execute
PR code.

Additional improvements:
- Updated actions to latest versions (checkout@v4, github-script@v7, paths-filter@v3)
- Pin markdownlint-cli version to prevent supply chain attacks
- Added security comments explaining the rationale

Reference: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
 2026-01-12 23:10:48 -08:00
Wendong-Fan
da61c586b4 release: 0.0.77 2026-01-03 07:53:24 +08:00
Wendong-Fan
8d871745d5 minor fix 2026-01-03 04:36:02 +08:00
Wendong-Fan
2b07354c28 release: 0075 2026-01-03 03:48:09 +08:00
Wendong-Fan
0375d7aa66 update cicd setting in workflows 2026-01-03 03:13:40 +08:00
Wendong-Fan
cc3cc9c297 release 0074 2026-01-03 03:02:01 +08:00
罗鹏铖
19761dc23a
Add CodeQL analysis workflow configuration 2025-12-04 17:06:23 +08:00
Wendong-Fan
20af89f376 fix 2025-11-27 16:30:13 +08:00
sw3205933776
bc0267c0c3 update 2025-11-14 15:47:33 +08:00
sw3205933776
81cfacf341 update 2025-11-14 15:32:06 +08:00
Wendong-Fan
a6ec53cc49 update version number 2025-10-06 13:37:22 +08:00
Wendong-Fan
8bf5f922df udpate 2025-09-26 17:22:21 +08:00
Wendong-Fan
25bea0e0a0 release: 0.0.70 2025-09-25 17:33:44 +08:00
Wendong-Fan
dffeecc7b5 release 0068 2025-09-19 12:49:14 +08:00
Wendong-Fan
1c3675abb4 release 0066 2025-09-17 22:02:54 +08:00
sw3205933776
95e09cfc8e update 2025-09-17 15:25:12 +08:00
sw3205933776
cf6070a13f update 2025-09-17 15:23:10 +08:00
sw3205933776
4065f32607 update 2025-09-17 15:22:16 +08:00
Wendong-Fan
00665d9691 release: 0065 2025-09-03 16:14:04 +08:00
Wendong-Fan
04e32ab4cc fix: duplicated task shown in frontend 2025-09-03 15:41:59 +08:00
Wendong-Fan
3346390911 fix: package json bug 2025-09-03 08:50:34 +08:00
Wendong-Fan
b404fe9134 release: v 0.0.62 2025-09-03 08:44:57 +08:00
Wendong-Fan
3e7700d562 chore: update wording 2025-09-03 07:29:24 +08:00
Wendong-Fan
8bfced69c0 release: v 0.0.60 2025-08-29 19:46:29 +08:00
Wendong-Fan
869c9bebdb release: v 0.0.59 2025-08-29 19:42:30 +08:00
sw3205933776
defe656c28 fix: add latest-x64-mac.yml to release artifacts for auto-update (#246) 2025-08-28 10:50:08 +08:00
Wendong-Fan
ab9c6533e5 release: v0.0.58 2025-08-28 10:01:01 +08:00
Wendong-Fan
6057be8e9f fix: cd uv dependency 2025-08-28 09:59:17 +08:00
Wendong-Fan
8b9ef7fcc5 update version 2025-08-28 09:52:17 +08:00
Wendong-Fan
d6cfbec9e2 enhance: Feature GitHub actions update #229 2025-08-27 19:59:04 +08:00
sw3205933776
e12232b9ef Merge branch 'main' into feature-github-actions-update 2025-08-25 23:45:42 +08:00
Wendong-Fan
fb52b90691 release: update camel version 2025-08-25 23:27:32 +08:00
sw3205933776
9a3109682d Merge branch 'main' into feature-github-actions-update 2025-08-25 17:58:20 +08:00
Wendong-Fan
64f69f3148 new version release 2025-08-22 21:05:57 +08:00
sw3205933776
ce68dabbac edit build config 2025-08-22 11:35:06 +08:00
sw3205933776
24a699414f edit build config 2025-08-21 15:09:27 +08:00
sw3205933776
9858ba9012 edit build config 2025-08-21 14:56:08 +08:00