spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-20 18:00:23 +00:00

History

A 02931cfa32 security: verify gh binary checksum and safe JSON parsing in github-auth.sh (#2210 ) Fixes #2209 - Replace sed-based JSON parsing with jq/bun-eval for safe tag_name extraction - Add SHA256 checksum verification before extracting gh binary tarball - Add semver format validation for parsed version strings Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-03-05 05:49:23 -05:00
..
github-auth.sh	security: verify gh binary checksum and safe JSON parsing in github-auth.sh (#2210 )	2026-03-05 05:49:23 -05:00
key-request.sh	refactor: fix stale comments referencing renamed functions (#2182 )	2026-03-04 01:35:18 -08:00

security: verify gh binary checksum and safe JSON parsing in github-auth.sh (#2210 )

Fixes #2209

- Replace sed-based JSON parsing with jq/bun-eval for safe tag_name extraction
- Add SHA256 checksum verification before extracting gh binary tarball
- Add semver format validation for parsed version strings

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-03-05 05:49:23 -05:00

github-auth.sh

security: verify gh binary checksum and safe JSON parsing in github-auth.sh (#2210 )

2026-03-05 05:49:23 -05:00

key-request.sh

refactor: fix stale comments referencing renamed functions (#2182 )

2026-03-04 01:35:18 -08:00