Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix(security): add guard against Zip Slip vulnerability (CWE-22) #18

Merged
merged 7 commits into from
Feb 17, 2025
Merged

fix(security): add guard against Zip Slip vulnerability (CWE-22) #18

merged 7 commits into from
Feb 17, 2025

Conversation

dankeboy36
Copy link
Owner

@dankeboy36
fix(ci): pin 3rd-part GH action hash
625cb3e 
Signed-off-by: dankeboy36 <dankeboy36@gmail.com>
@dankeboy36
fix(ci): add workflow permissions
b2166c4 
Signed-off-by: dankeboy36 <dankeboy36@gmail.com>
@dankeboy36
fix: zip-slip vuln
225bdce 
Signed-off-by: dankeboy36 <dankeboy36@gmail.com>
@dankeboy36
fix: error handling in the stream
a37b68a 
Signed-off-by: dankeboy36 <dankeboy36@gmail.com>
@dankeboy36
fix(revert): no undesired changes
7b78640 
Signed-off-by: dankeboy36 <dankeboy36@gmail.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 17, 2025
View reviewed changes
@dankeboy36
fix: skip zip slip tests on windows
b3f750f 
Signed-off-by: dankeboy36 <dankeboy36@gmail.com>
@dankeboy36
fix: correct file path validation
3b0feb8 
Signed-off-by: dankeboy36 <dankeboy36@gmail.com>
@dankeboy36 dankeboy36 merged commit 9c9a422 into main Feb 17, 2025
11 checks passed
@dankeboy36 dankeboy36 deleted the fix/security-issues branch February 17, 2025 18:08
dankeboy36 pushed a commit that referenced this pull request Feb 17, 2025
@semantic-release-bot
chore(release): 1.2.3 [skip ci]
47631ef 
## [1.2.3](1.2.2...1.2.3) (2025-02-17)

### Bug Fixes

* **security:** add guard against Zip Slip vulnerability (CWE-22) ([#18](#18)) ([9c9a422](9c9a422))
@dankeboy36
Copy link
Owner Author

🎉 This PR is included in version 1.2.3 🎉

The release is available on:

Your semantic-release bot 📦🚀

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dankeboy36