Skip to content

Comments

Up 2.0.1#9

Merged
NullSablex merged 2 commits intomasterfrom
up-2.0.1
Feb 5, 2026
Merged

Up 2.0.1#9
NullSablex merged 2 commits intomasterfrom
up-2.0.1

Conversation

@NullSablex
Copy link
Owner

@NullSablex NullSablex commented Feb 5, 2026

No description provided.

@NullSablex
Correção de falhas e vulnerabilidades em pacotes atingidos por CVE.
0ad14c3
@NullSablex
fix(security): corrige vulnerabilidades CWE identificadas
dc1d738 
- CWE-915: Adiciona proteção contra prototype pollution em config.setKey()
  bloqueando __proto__, constructor e prototype

- CWE-471: Implementa defensive copying em state.ts usando structuredClone()
  para getAll(), get() e update()

- CWE-400: Adiciona limites maxDepth=10 e maxFiles=500 em listIncFilesRecursive()
  para prevenir consumo excessivo de recursos

- CWE-79: Sanitiza atributo title no webview com escapeAttr() para prevenir XSS

- Atualiza dependências vulneráveis (lodash, jws, qs, undici, brace-expansion)
  via npm audit fix
@NullSablex NullSablex merged commit e379002 into master Feb 5, 2026
4 checks passed
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 5, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dc1d738a38

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

src/core/includes.ts
Comment on lines +158 to +161
export async function listIncFilesRecursive(root: string, maxDepth = 10, maxFiles = 500): Promise<string[]> {
const out: string[] = [];
async function walk(dir: string) {
async function walk(dir: string, depth: number) {
if (depth > maxDepth || out.length >= maxFiles) return;
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Feb 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve full include scan by default

The new defaults in listIncFilesRecursive cap traversal to maxDepth = 10 and maxFiles = 500, and the Includes tree still calls it with no overrides (src/vscode/includeTree.ts, listIncFilesRecursive(root)), so larger or deeply nested include layouts now get silently truncated. In those workspaces, .inc files beyond the cap disappear from the tree and their natives are no longer discoverable, which is a functional regression rather than a performance-only change because there is no warning or fallback path.

Useful? React with 👍 / 👎.

@NullSablex NullSablex deleted the up-2.0.1 branch February 5, 2026 23:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@NullSablex