deblan-mirror/wails

mirror of https://github.com/wailsapp/wails.git synced 2026-03-14 22:55:48 +01:00

History

Lea Anthony 228e5745d7 fix(security): address multiple security vulnerabilities This commit bundles fixes for several security issues identified by GitHub Advanced Security and Semgrep code scanning. ## Workflow Permissions (CodeQL) - Add explicit permissions blocks to GitHub Actions workflows - Restrict GITHUB_TOKEN to minimum required permissions - Affected files: automated-releases.yml, build-and-test-v3.yml, publish-npm.yml, test-simple.yml ## Path Traversal (CodeQL) - Fix directory traversal vulnerability in screen example - Add path validation using filepath.Clean and containment checks - Affected file: v3/examples/screen/main.go ## Rollup XSS Vulnerability (Semgrep) - Update rollup from 3.28.0 to 3.29.5 - Fixes CVE-2024-47068 (Cross-site Scripting) - Affected file: v3/examples/dev/frontend/package-lock.json Note: The setup wizard command injection alert was reviewed and determined to be a false positive - commands originate from backend package manager detection, not user input. Added clarifying documentation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>		2026-01-22 06:29:23 +11:00
..
build	[v3] Add dev example	2023-08-18 10:51:02 +10:00
frontend	fix(security): address multiple security vulnerabilities	2026-01-22 06:29:23 +11:00
.gitignore	Update contextmenus/dev example	2023-10-09 17:38:46 +11:00
go.mod	feat(linux): generate .desktop file during build (#4575 ) (#4780 )	2025-12-13 12:22:59 +11:00
go.sum	feat(linux): generate .desktop file during build (#4575 ) (#4780 )	2025-12-13 12:22:59 +11:00
main.go	Refactor Manager API to use singular naming convention (#4367 )	2025-06-22 12:19:14 +10:00
README.md	Update Task to v3.31.0. Update deps.	2023-10-09 10:39:09 +11:00
Taskfile.yml	Fix syso naming issue	2024-11-18 20:43:03 +11:00

README.md

Dev Example

NOTE: This example is currently a work in progress. It is not yet ready for use.