vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-20 09:31:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
spawn/packages/cli/src
History
A 2a23ebcaf2
fix(security): restrict OAuth auth code regex to alphanumeric only (#2116) 
Removes underscore and hyphen from the OAuth authorization code
validation regex, restricting it to alphanumeric characters only.
Defense in depth: if the code is ever used in logging or other
contexts, special characters won't create injection opportunities.

Fixes #2114

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-02 13:49:12 -08:00
..
__tests__ test: Remove conditional always-pass guards in manifest-integrity (#2107) 2026-03-02 11:50:12 -05:00
aws fix: add 30s fetch timeout to all cloud API client wrappers (#2110) 2026-03-02 13:55:34 -05:00
commands refactor: resolve conflicts — merge packages/shared into packages/cli/src/shared (#2092) 2026-03-01 22:05:41 -08:00
daytona refactor: Remove dead getState() exports from cloud modules (#2108) 2026-03-02 10:58:48 -08:00
digitalocean fix(digitalocean): throw on non-2xx in doApi() wrapper (#2112) 2026-03-02 12:47:00 -08:00
gcp refactor: Remove dead getState() exports from cloud modules (#2108) 2026-03-02 10:58:48 -08:00
hetzner refactor: Remove dead getState() exports from cloud modules (#2108) 2026-03-02 10:58:48 -08:00
local fix: derive agent lists dynamically in usage messages (#2089) 2026-03-01 23:21:15 -05:00
shared fix(security): restrict OAuth auth code regex to alphanumeric only (#2116) 2026-03-02 13:49:12 -08:00
sprite refactor: Remove dead getState() exports from cloud modules (#2108) 2026-03-02 10:58:48 -08:00
commands.ts refactor: split commands.ts into per-command modules (#2095) 2026-03-01 23:24:15 -05:00
flags.ts feat: Bun workspace monorepo — packages/cli + packages/shared (#1853) 2026-02-23 22:07:05 -08:00
guidance-data.ts refactor: Remove dead code and stale references (#2104) 2026-03-02 08:32:02 -05:00
history.ts refactor: resolve conflicts — merge packages/shared into packages/cli/src/shared (#2092) 2026-03-01 22:05:41 -08:00
index.ts feat: Bun workspace monorepo — packages/cli + packages/shared (#1853) 2026-02-23 22:07:05 -08:00
manifest.ts fix: reset stale cache flag, guard gcloud null, validate DO config (#2073) 2026-03-01 17:08:38 -05:00
picker.ts refactor: extract shared TTY scaffolding in picker.ts (#1999) 2026-02-27 13:17:01 -05:00
security.ts fix(security): replace validateLaunchCmd blocklist with allowlist (#2053) 2026-03-01 03:12:27 -05:00
unicode-detect.ts feat: Bun workspace monorepo — packages/cli + packages/shared (#1853) 2026-02-23 22:07:05 -08:00
update-check.ts refactor: resolve conflicts — merge packages/shared into packages/cli/src/shared (#2092) 2026-03-01 22:05:41 -08:00