deblan-mirror/wails
1
0
Fork 0
mirror of https://github.com/wailsapp/wails.git synced 2026-03-17 16:10:09 +01:00
Code Issues Projects Releases Packages Wiki Activity
5,461 commits 218 branches 389 tags 476 MiB
Commit graph

5 commits

Author SHA1 Message Date
Lea Anthony
228e5745d7 fix(security): address multiple security vulnerabilities 
This commit bundles fixes for several security issues identified by
GitHub Advanced Security and Semgrep code scanning.

## Workflow Permissions (CodeQL)
- Add explicit permissions blocks to GitHub Actions workflows
- Restrict GITHUB_TOKEN to minimum required permissions
- Affected files: automated-releases.yml, build-and-test-v3.yml,
  publish-npm.yml, test-simple.yml

## Path Traversal (CodeQL)
- Fix directory traversal vulnerability in screen example
- Add path validation using filepath.Clean and containment checks
- Affected file: v3/examples/screen/main.go

## Rollup XSS Vulnerability (Semgrep)
- Update rollup from 3.28.0 to 3.29.5
- Fixes CVE-2024-47068 (Cross-site Scripting)
- Affected file: v3/examples/dev/frontend/package-lock.json

Note: The setup wizard command injection alert was reviewed and determined
to be a false positive - commands originate from backend package manager
detection, not user input. Added clarifying documentation.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-22 06:29:23 +11:00
Lea Anthony
e31296fe5d
 		Revert "Vite 6" 
This reverts commit 939e2daff0.
 2025-01-31 07:27:16 +11:00
Lea Anthony
939e2daff0
 		Vite 6 2025-01-27 11:05:29 +11:00
Lea Anthony
99d538ea97
 		V3 alpha feature/3659 support webview options (#3766) 
* [windows] Add GeneralAutofillEnabled and PasswordAutosaveEnabled options

* Use latest go-webview2

* Updates

* Fix changelog
 2024-11-16 12:30:33 +11:00
Lea Anthony
25e58edf28 [v3] Add dev example 2023-08-18 10:51:02 +10:00