Skip to content

chore(main): release 1.1.6 #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 2, 2023
Merged

chore(main): release 1.1.6 #13

merged 1 commit into from
Apr 2, 2023

Conversation

Mubashwer
Copy link
Owner

🤖 I have created a release beep boop

1.1.6 (2023-04-02)

Bug Fixes

  • prepare-commit-msg: append co-author-trailers correctly when adding jira prefix (dd4775a)

This PR was generated with Release Please. See documentation.

@codecov
Copy link

codecov bot commented Apr 2, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (dd4775a) 76.42% compared to head (25e21d5) 76.42%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main      #13   +/-   ##
=======================================
  Coverage   76.42%   76.42%           
=======================================
  Files           4        4           
  Lines         509      509           
=======================================
  Hits          389      389           
  Misses        120      120

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@Mubashwer Mubashwer force-pushed the release-please--branches--main--components--release-please-action branch from 25e21d5 to 1ff5929 Compare April 2, 2023 23:31
@Mubashwer Mubashwer merged commit 4033e99 into main Apr 2, 2023
@Mubashwer Mubashwer deleted the release-please--branches--main--components--release-please-action branch April 2, 2023 23:31
@Mubashwer
Copy link
Owner Author

🤖 Release is at https://github.com/Mubashwer/git-mob/releases/tag/v1.1.6 🌻

Mubashwer added a commit that referenced this pull request Apr 3, 2023
@Mubashwer
chore(main): release 1.1.6 (#13)
0892f25
Mubashwer added a commit that referenced this pull request Jul 1, 2025
@Mubashwer
fix: resolve path injection vulnerabilities in setup command
3acf7a9 
- Add path-clean dependency to sanitize file paths
- Fix 7 CodeQL path injection vulnerabilities in src/commands/setup.rs:
  * Alert #13: hooks_dir.exists() with unsanitized path from git config
  * Alert #12: hooks_dir.exists() with unsanitized global hooks directory
  * Alert #11: fs::rename() with unsanitized backup path construction
  * Alert #10: fs::set_permissions() with unsanitized file path
  * Alert #9: fs::write() with unsanitized file path
  * Alert #8: fs::create_dir_all() with unsanitized prepare_commit_msg_path
  * Alert #7: fs::create_dir_all() with unsanitized local hooks directory

- Use PathClean::clean() to normalize paths and remove directory traversal sequences
- Ensure all file system operations use sanitized paths to prevent path injection attacks
- Maintain backward compatibility and pass all existing tests

Fixes: GitHub Security Advisory alerts #7-#13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
autorelease: tagged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Mubashwer