spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-20 01:11:18 +00:00

History

A 02931cfa32 security: verify gh binary checksum and safe JSON parsing in github-auth.sh (#2210 ) Fixes #2209 - Replace sed-based JSON parsing with jq/bun-eval for safe tag_name extraction - Add SHA256 checksum verification before extracting gh binary tarball - Add semver format validation for parsed version strings Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>		2026-03-05 05:49:23 -05:00
..
aws	fix(security): add --proto '=https' to all curl executable downloads (#2160 )	2026-03-03 23:38:03 -05:00
cli	feat: migrate to openrouter.ai/labs/spawn CDN + release artifact version checks (#2178 )	2026-03-03 23:34:58 -08:00
daytona	fix(security): add --proto '=https' to all curl executable downloads (#2160 )	2026-03-03 23:38:03 -05:00
digitalocean	refactor: convert hermes scripts to thin-wrapper pattern (#2094 )	2026-03-01 20:27:59 -08:00
docker	fix(security): add --proto '=https' to all curl bun installer calls (#2138 )	2026-03-03 11:52:54 -08:00
e2e	fix(e2e): pass env_b64 via printf stdin to eliminate interpolation risk (#2159 )	2026-03-03 19:34:31 -08:00
gcp	fix(security): add --proto '=https' to all curl executable downloads (#2160 )	2026-03-03 23:38:03 -05:00
hetzner	fix(security): add --proto '=https' to all curl executable downloads (#2160 )	2026-03-03 23:38:03 -05:00
local	fix(security): add --proto '=https' to all curl executable downloads (#2160 )	2026-03-03 23:38:03 -05:00
shared	security: verify gh binary checksum and safe JSON parsing in github-auth.sh (#2210 )	2026-03-05 05:49:23 -05:00
sprite	fix(security): add --proto '=https' to all curl executable downloads (#2160 )	2026-03-03 23:38:03 -05:00
test	refactor: Remove dead code and stale references (#2062 )	2026-03-01 11:45:24 -05:00