deblan-mirror/wails
1
0
Fork 0
mirror of https://github.com/wailsapp/wails.git synced 2026-03-14 14:45:49 +01:00
Code Issues Projects Releases Packages Wiki Activity
wails/v3/internal
History
Lea Anthony 228e5745d7 fix(security): address multiple security vulnerabilities 
This commit bundles fixes for several security issues identified by
GitHub Advanced Security and Semgrep code scanning.

## Workflow Permissions (CodeQL)
- Add explicit permissions blocks to GitHub Actions workflows
- Restrict GITHUB_TOKEN to minimum required permissions
- Affected files: automated-releases.yml, build-and-test-v3.yml,
  publish-npm.yml, test-simple.yml

## Path Traversal (CodeQL)
- Fix directory traversal vulnerability in screen example
- Add path validation using filepath.Clean and containment checks
- Affected file: v3/examples/screen/main.go

## Rollup XSS Vulnerability (Semgrep)
- Update rollup from 3.28.0 to 3.29.5
- Fixes CVE-2024-47068 (Cross-site Scripting)
- Affected file: v3/examples/dev/frontend/package-lock.json

Note: The setup wizard command injection alert was reviewed and determined
to be a false positive - commands originate from backend package manager
detection, not user input. Added clarifying documentation.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-22 06:29:23 +11:00
..
assetserver V3/fix debug logs (#4857) 2026-01-05 08:48:29 +11:00
buildinfo [v3] Late service registration and error handling overhaul (#4066) 2025-02-19 09:27:41 +01:00
capabilities fix(v3): revert goccy/go-json to stdlib encoding/json to fix Windows panic (#4859) 2026-01-05 08:26:35 +11:00
changelog Nightly release action 2025-07-17 06:28:19 +10:00
commands fix(v3): fix macOS mkdir brace expansion when APP_NAME contains spaces (#4850) 2026-01-04 15:48:03 +11:00
dbus [V3-Linux] Systray OnClick on initial icon click (#3907) 2024-11-24 07:46:14 +11:00
debug Run go mod tidy on project creation. Use better method of relative module location. 2023-08-12 14:32:52 +10:00
defaults feat(setup): add global defaults, light/dark mode, and UI improvements 2025-12-07 17:40:53 +11:00
doctor Add desktop environment detection on linux (#4797) 2025-12-15 18:18:48 +11:00
fileexplorer perf(v3): optimize JSON processing and reduce allocations in hot paths (#4843) 2026-01-02 07:03:36 +11:00
flags feat(v3): add cross-platform build system and signing support 2025-12-06 13:53:37 +11:00
generator fix(v3): overhaul drag-and-drop for Linux reliability and simplify Windows implementation (#4848) 2026-01-04 11:08:29 +11:00
github Fix tests 2025-01-20 19:56:03 +11:00
go-common-file-dialog [V3] Windows: fix(application): handle error and type assertion in save file dialog (#4284) 2025-08-04 19:57:53 +10:00
hash [v3] Late service registration and error handling overhaul (#4066) 2025-02-19 09:27:41 +01:00
keychain feat(v3): add cross-platform build system and signing support 2025-12-06 13:53:37 +11:00
libpath feat(linux): add libpath package for finding native library paths (#4847) 2026-01-04 11:59:22 +11:00
operatingsystem feat: Add Android support for Wails v3 2025-11-28 21:06:59 +11:00
packager [V3-Linux] Support for deb,rpm,arch linux packager packaging (#3909) 2024-11-30 13:31:56 +11:00
runtime fix(v3): revert goccy/go-json to stdlib encoding/json to fix Windows panic (#4859) 2026-01-05 08:26:35 +11:00
s Support template generation 2025-01-01 20:58:49 +11:00
service Breaking Change: Service method names 2025-01-16 07:47:23 +11:00
setupwizard fix(security): address multiple security vulnerabilities 2026-01-22 06:29:23 +11:00
signal # Conflicts: 2024-09-18 05:55:49 +10:00
sliceutil perf(v3): optimize JSON processing and reduce allocations in hot paths (#4843) 2026-01-02 07:03:36 +11:00
templates Merge Android support from v3-alpha-feature/android-support 2025-12-10 18:37:24 +11:00
term [v3] Pass build flags to binding generator (#4023) 2025-01-23 10:58:35 +00:00
version chore(v3): bump to v3.0.0-alpha.61 and update changelog [skip ci] 2026-01-20 02:48:15 +00:00