vrr/eigent
2
0
Fork 0
mirror of https://github.com/eigent-ai/eigent.git synced 2026-05-22 03:07:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
1652 commits 747 branches 72 tags 630 MiB
Commit graph

56 commits

Author SHA1 Message Date
Cole Murray
102a864d43 fix(security): prevent arbitrary code execution in CI workflow 
SECURITY FIX: The previous CI workflow was vulnerable to arbitrary code
execution from fork PRs due to using `pull_request_target` with checkout
of untrusted PR code.

Attack vector:
- Attacker forks repo and adds malicious node_modules/.bin/markdownlint-cli
- Opens PR to trigger CI workflow
- npx executes attacker's script with repository write permissions
- Attacker can exfiltrate credentials, comment on PRs, or push code

Fix:
- Split workflow into two separate files
- ci.yml: Uses pull_request_target for commenting (no code checkout)
- lint-markdown.yml: Uses pull_request for linting (safe to checkout)

The pull_request trigger runs fork PRs with read-only permissions and
no access to repository secrets, making it safe to checkout and execute
PR code.

Additional improvements:
- Updated actions to latest versions (checkout@v4, github-script@v7, paths-filter@v3)
- Pin markdownlint-cli version to prevent supply chain attacks
- Added security comments explaining the rationale

Reference: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
 2026-01-12 23:10:48 -08:00
Wendong-Fan
da61c586b4 release: 0.0.77 2026-01-03 07:53:24 +08:00
Wendong-Fan
8d871745d5 minor fix 2026-01-03 04:36:02 +08:00
Wendong-Fan
2b07354c28 release: 0075 2026-01-03 03:48:09 +08:00
Wendong-Fan
0375d7aa66 update cicd setting in workflows 2026-01-03 03:13:40 +08:00
Wendong-Fan
cc3cc9c297 release 0074 2026-01-03 03:02:01 +08:00
罗鹏铖
19761dc23a
Add CodeQL analysis workflow configuration 2025-12-04 17:06:23 +08:00
Wendong-Fan
20af89f376 fix 2025-11-27 16:30:13 +08:00
sw3205933776
bc0267c0c3 update 2025-11-14 15:47:33 +08:00
sw3205933776
81cfacf341 update 2025-11-14 15:32:06 +08:00
Wendong-Fan
a6ec53cc49 update version number 2025-10-06 13:37:22 +08:00
Wendong-Fan
8bf5f922df udpate 2025-09-26 17:22:21 +08:00
Wendong-Fan
25bea0e0a0 release: 0.0.70 2025-09-25 17:33:44 +08:00
Wendong-Fan
dffeecc7b5 release 0068 2025-09-19 12:49:14 +08:00
Wendong-Fan
1c3675abb4 release 0066 2025-09-17 22:02:54 +08:00
sw3205933776
95e09cfc8e update 2025-09-17 15:25:12 +08:00
sw3205933776
cf6070a13f update 2025-09-17 15:23:10 +08:00
sw3205933776
4065f32607 update 2025-09-17 15:22:16 +08:00
Wendong-Fan
00665d9691 release: 0065 2025-09-03 16:14:04 +08:00
Wendong-Fan
04e32ab4cc fix: duplicated task shown in frontend 2025-09-03 15:41:59 +08:00
Wendong-Fan
3346390911 fix: package json bug 2025-09-03 08:50:34 +08:00
Wendong-Fan
b404fe9134 release: v 0.0.62 2025-09-03 08:44:57 +08:00
Wendong-Fan
3e7700d562 chore: update wording 2025-09-03 07:29:24 +08:00
Wendong-Fan
8bfced69c0 release: v 0.0.60 2025-08-29 19:46:29 +08:00
Wendong-Fan
869c9bebdb release: v 0.0.59 2025-08-29 19:42:30 +08:00
sw3205933776
defe656c28 fix: add latest-x64-mac.yml to release artifacts for auto-update (#246) 2025-08-28 10:50:08 +08:00
Wendong-Fan
ab9c6533e5 release: v0.0.58 2025-08-28 10:01:01 +08:00
Wendong-Fan
6057be8e9f fix: cd uv dependency 2025-08-28 09:59:17 +08:00
Wendong-Fan
8b9ef7fcc5 update version 2025-08-28 09:52:17 +08:00
Wendong-Fan
d6cfbec9e2 enhance: Feature GitHub actions update #229 2025-08-27 19:59:04 +08:00
sw3205933776
e12232b9ef Merge branch 'main' into feature-github-actions-update 2025-08-25 23:45:42 +08:00
Wendong-Fan
fb52b90691 release: update camel version 2025-08-25 23:27:32 +08:00
sw3205933776
9a3109682d Merge branch 'main' into feature-github-actions-update 2025-08-25 17:58:20 +08:00
Wendong-Fan
64f69f3148 new version release 2025-08-22 21:05:57 +08:00
sw3205933776
ce68dabbac edit build config 2025-08-22 11:35:06 +08:00
sw3205933776
24a699414f edit build config 2025-08-21 15:09:27 +08:00
sw3205933776
9858ba9012 edit build config 2025-08-21 14:56:08 +08:00
sw3205933776
768519cd16 edit build config 2025-08-21 14:31:51 +08:00
sw3205933776
a022ba3297 edit build config 2025-08-20 17:28:48 +08:00
sw3205933776
bfbd6d359f edit build config 2025-08-20 16:09:16 +08:00
sw3205933776
4ca60865c7 edit build config 2025-08-20 15:17:03 +08:00
sw3205933776
931c178dcf edit build config 2025-08-20 14:59:43 +08:00
sw3205933776
dc73404011 edit build config 2025-08-20 14:35:24 +08:00
sw3205933776
a2bc5a6e49 edit build config 2025-08-20 11:56:36 +08:00
sw3205933776
11b7edee44 edit build config 2025-08-20 11:48:24 +08:00
sw3205933776
c8a2d4f9c1 edit build config 2025-08-20 11:24:01 +08:00
sw3205933776
b68f8176c3 fix:indentation in build.yml 2025-08-20 11:09:23 +08:00
sw3205933776
424cbbb38b Change UV installation method 2025-08-20 11:06:44 +08:00
sw3205933776
c8a7184c3a Setup Python in GitHub Actions 2025-08-20 11:01:17 +08:00
sw3205933776
30a19f72b0 Update Node.js version in GitHub Actions 2025-08-20 10:50:01 +08:00