vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-16 11:29:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
spawn/packages/cli/src/hetzner
History
A 0fe16d3ffc
Some checks are pending
CLI Release / Build and release CLI (push) Waiting to run
Details
Lint / ShellCheck (push) Waiting to run
Details
Lint / Biome Lint (push) Waiting to run
Details
Lint / macOS Compatibility (push) Waiting to run
Details
fix(security): shell-quote package names in cloud-init scripts (#3220) 
Apply shellQuote() to package names interpolated into startup scripts
across all four cloud providers (GCP, AWS, Hetzner, DigitalOcean).
Defense-in-depth against supply chain attacks where compromised package
lists could inject shell metacharacters into root cloud-init scripts.

Fixes #3216

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-07 15:35:44 +07:00
..
agents.ts fix: standardize ESM import extensions across 35 production files (#2827) 2026-03-20 08:51:40 -07:00
billing.ts fix: standardize ESM import extensions across 35 production files (#2827) 2026-03-20 08:51:40 -07:00
hetzner.ts fix(security): shell-quote package names in cloud-init scripts (#3220) 2026-04-07 15:35:44 +07:00
main.ts fix(hetzner): remove snapshot lookup — always boot from fresh ubuntu image (#3176) 2026-04-04 17:56:33 -07:00