Skip to content

chore(deps): bump agent-gov-core from 1.2.1 to 1.3.0#15

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/agent-gov-core-1.3.0
Closed

chore(deps): bump agent-gov-core from 1.2.1 to 1.3.0#15
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/agent-gov-core-1.3.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 29, 2026
edited
Loading

Bumps agent-gov-core from 1.2.1 to 1.3.0.

Release notes

Sourced from agent-gov-core's releases.

v1.3.0: shared diff-input safety guards

[1.3.0] — 2026-05-28

Shared diff-input safety guards. New module src/diff-inputs.ts exporting three pure helpers that every detector ingesting an untrusted diff (a PR branch, a pair of directories) should run at its input boundary. Additive — no existing API, schema, fingerprint, or canonical-string changes. Minor bump because the export surface grows.

Added — isValidGitRef(ref): boolean (src/diff-inputs.ts)

Promoted out of ScopeTrail's verifyGitRef guard. Rejects refs that git would re-parse as a CLI flag (--leading: --upload-pack=…, --help), as an object-selector re-anchor (contains :, which would change what git show <ref>:<path> reads), or that contain control characters. execFile already blocks shell-metacharacter injection, but it passes the ref to git as a positional argument that git re-parses against its own option table, so a --leading ref is an argument-injection vector. Pure string check — callers still run git rev-parse --verify (wrapped in their own error type) to confirm the ref resolves.

This closed a real gap: ScopeTrail had this guard, but TaskBound and CapabilityEcho did not — their ref handling went straight to rev-parse/git show with no flag/colon/control-char check. Consumers adopt the shared helper in their next release.

Added — resolveWithinRoot(root, relativePath): string | null (src/diff-inputs.ts)

Promoted out of TaskBound's safeJoin. Resolves relativePath against root and returns the absolute path only if it stays inside root, else null. path.resolve collapses .. without touching the filesystem, so string-level traversal (../etc/passwd, an absolute path, a sibling-prefix climb like ../repo-secrets) is caught before any readFile. Symlinks resolve at read time, not by resolve, so callers must also skip symlinked directory entries during the walk — this guard only stops string traversal.

Added — withinByteCap(byteLength, cap?): boolean + DEFAULT_MAX_INPUT_BYTES (src/diff-inputs.ts)

Pure size-cap predicate so detectors can stat a file (or measure a buffer) and skip oversized inputs without each hard-coding its own limit. Default ceiling is 10 MiB, matching the per-file maxBuffer the suite already uses for git show/git diff output, so adopting it does not change behavior on real source trees. Fails closed (returns false) on non-finite or negative sizes.

Tests

test/diff-inputs.test.mjs — 13 cases covering ordinary refs, flag/colon/control-char rejection, the trailing-space case the guard deliberately does not police, path containment (traversal, absolute, sibling-prefix), and the byte cap (default, custom, fail-closed).

Changelog

Sourced from agent-gov-core's changelog.

[1.3.0] — 2026-05-28

Shared diff-input safety guards. New module src/diff-inputs.ts exporting three pure helpers that every detector ingesting an untrusted diff (a PR branch, a pair of directories) should run at its input boundary. Additive — no existing API, schema, fingerprint, or canonical-string changes. Minor bump because the export surface grows.

Added — isValidGitRef(ref): boolean (src/diff-inputs.ts)

Promoted out of ScopeTrail's verifyGitRef guard. Rejects refs that git would re-parse as a CLI flag (--leading: --upload-pack=…, --help), as an object-selector re-anchor (contains :, which would change what git show <ref>:<path> reads), or that contain control characters. execFile already blocks shell-metacharacter injection, but it passes the ref to git as a positional argument that git re-parses against its own option table, so a --leading ref is an argument-injection vector. Pure string check — callers still run git rev-parse --verify (wrapped in their own error type) to confirm the ref resolves.

This closed a real gap: ScopeTrail had this guard, but TaskBound and CapabilityEcho did not — their ref handling went straight to rev-parse/git show with no flag/colon/control-char check. Consumers adopt the shared helper in their next release.

Added — resolveWithinRoot(root, relativePath): string | null (src/diff-inputs.ts)

Promoted out of TaskBound's safeJoin. Resolves relativePath against root and returns the absolute path only if it stays inside root, else null. path.resolve collapses .. without touching the filesystem, so string-level traversal (../etc/passwd, an absolute path, a sibling-prefix climb like ../repo-secrets) is caught before any readFile. Symlinks resolve at read time, not by resolve, so callers must also skip symlinked directory entries during the walk — this guard only stops string traversal.

Added — withinByteCap(byteLength, cap?): boolean + DEFAULT_MAX_INPUT_BYTES (src/diff-inputs.ts)

Pure size-cap predicate so detectors can stat a file (or measure a buffer) and skip oversized inputs without each hard-coding its own limit. Default ceiling is 10 MiB, matching the per-file maxBuffer the suite already uses for git show/git diff output, so adopting it does not change behavior on real source trees. Fails closed (returns false) on non-finite or negative sizes.

Tests

test/diff-inputs.test.mjs — 13 cases covering ordinary refs, flag/colon/control-char rejection, the trailing-space case the guard deliberately does not police, path containment (traversal, absolute, sibling-prefix), and the byte cap (default, custom, fail-closed).

Commits
  • 63cec95 v1.3.0: shared diff-input safety guards (git-ref, path containment, byte cap)
  • 202b77c docs: document the transcript-parser surface and clarify the closed tool enum
  • c073592 docs: standardize LICENSE copyright holder to Conal Hickey
  • ade9349 Refresh README positioning and structure
  • 831af56 ci: loosen ReDoS time budget to tolerate GitHub Actions runner jitter
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump agent-gov-core from 1.2.1 to 1.3.0
eca57a1 
Bumps [agent-gov-core](https://github.com/Conalh/agent-gov-core) from 1.2.1 to 1.3.0.
- [Release notes](https://github.com/Conalh/agent-gov-core/releases)
- [Changelog](https://github.com/Conalh/agent-gov-core/blob/main/CHANGELOG.md)
- [Commits](Conalh/agent-gov-core@v1.2.1...v1.3.0)

---
updated-dependencies:
- dependency-name: agent-gov-core
  dependency-version: 1.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 29, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github May 29, 2026

Looks like agent-gov-core is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this May 29, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/agent-gov-core-1.3.0 branch May 29, 2026 03:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants