mirror of
https://github.com/wailsapp/wails.git
synced 2026-03-14 14:45:49 +01:00
228e5745d7
This commit bundles fixes for several security issues identified by GitHub Advanced Security and Semgrep code scanning. ## Workflow Permissions (CodeQL) - Add explicit permissions blocks to GitHub Actions workflows - Restrict GITHUB_TOKEN to minimum required permissions - Affected files: automated-releases.yml, build-and-test-v3.yml, publish-npm.yml, test-simple.yml ## Path Traversal (CodeQL) - Fix directory traversal vulnerability in screen example - Add path validation using filepath.Clean and containment checks - Affected file: v3/examples/screen/main.go ## Rollup XSS Vulnerability (Semgrep) - Update rollup from 3.28.0 to 3.29.5 - Fixes CVE-2024-47068 (Cross-site Scripting) - Affected file: v3/examples/dev/frontend/package-lock.json Note: The setup wizard command injection alert was reviewed and determined to be a false positive - commands originate from backend package manager detection, not user input. Added clarifying documentation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| auto-label-issues.yml | ||
| automated-releases.yml | ||
| build-and-test-v3.yml | ||
| build-and-test.yml | ||
| changelog-validation-v3.yml | ||
| generate-sponsor-image.yml | ||
| issue-triage-automation.yml | ||
| nightly-release-v3.yml | ||
| pr-master.yml | ||
| projects.yml | ||
| publish-npm.yml | ||
| runtime.yml | ||
| semgrep.yml | ||
| stale-issues.yml | ||
| sync-translated-documents.yml | ||
| test-nightly-releases.yml | ||
| test-simple.yml | ||
| unreleased-changelog-trigger.yml | ||
| upload-source-documents.yml | ||
| v3-docs.yml | ||