oikos

openclaw/oikos

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ulas	91c2e0ad98	fix: address CodeQL security findings (v0.5.2) - Rate-limit SPA fallback route (missing rate limiting on fs access) - Add csrfMiddleware to all state-changing auth routes (logout, create user, change password, delete user) — previously bypassed global CSRF middleware due to router registration order - Fix incomplete vCard escaping: escape backslashes before other special characters to prevent injection via contact fields - Restrict CI GITHUB_TOKEN to contents: read (least privilege) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-01 18:30:03 +02:00
Ulas	f39152cf7e	ci: add GitHub Actions workflow for automated tests Runs npm test on push and pull requests to main. Matrix covers Node.js 22.x and 24.x. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-01 11:42:56 +02:00

Author

SHA1

Message

Date

Ulas

91c2e0ad98

fix: address CodeQL security findings (v0.5.2)

- Rate-limit SPA fallback route (missing rate limiting on fs access)
- Add csrfMiddleware to all state-changing auth routes (logout, create
  user, change password, delete user) — previously bypassed global CSRF
  middleware due to router registration order
- Fix incomplete vCard escaping: escape backslashes before other special
  characters to prevent injection via contact fields
- Restrict CI GITHUB_TOKEN to contents: read (least privilege)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-01 18:30:03 +02:00

Ulas

f39152cf7e

ci: add GitHub Actions workflow for automated tests

Runs npm test on push and pull requests to main.
Matrix covers Node.js 22.x and 24.x.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-01 11:42:56 +02:00

2 Commits