spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-06 08:10:48 +00:00

History

A cbba92c3c0 fix: Validate issue param and fix Render JSON injection + Hyperstack API bug (#234 ) - Validate SPAWN_ISSUE is a positive integer in both trigger-server.ts and refactor.sh to prevent command injection via crafted issue params - Use Python json.dumps for Render _render_create_service JSON body instead of string interpolation (prevents JSON injection) - Remove erroneous "api_key" 6th argument in Hyperstack generic_cloud_api call that was being interpreted as max_retries, breaking all API calls Agent: security-auditor Co-authored-by: A <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-02-10 12:52:23 -08:00
..
common.sh	fix: Validate issue param and fix Render JSON injection + Hyperstack API bug (#234 )	2026-02-10 12:52:23 -08:00

fix: Validate issue param and fix Render JSON injection + Hyperstack API bug (#234 )

- Validate SPAWN_ISSUE is a positive integer in both trigger-server.ts
  and refactor.sh to prevent command injection via crafted issue params
- Use Python json.dumps for Render _render_create_service JSON body
  instead of string interpolation (prevents JSON injection)
- Remove erroneous "api_key" 6th argument in Hyperstack generic_cloud_api
  call that was being interpreted as max_retries, breaking all API calls

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-02-10 12:52:23 -08:00

common.sh

fix: Validate issue param and fix Render JSON injection + Hyperstack API bug (#234 )

2026-02-10 12:52:23 -08:00