Conversation
- Install vitest, add test/test:ci scripts and vitest.config.ts - 125 tests across 17 files covering core modules, CLI, and MCP - Add test step to CI workflow - Create update-homebrew.yml to auto-update I4cTime/homebrew-tap on release Made-with: Cursor
Made-with: Cursor
* feat: add Cursor marketplace plugin and update README/web with Homebrew + plugin info - Create cursor-plugin/ with plugin.json manifest, 3 rules, 4 skills, 2 agents, 5 commands, hooks.json, .mcp.json, and README - Add .cursor-plugin/marketplace.json at repo root for monorepo discovery - Update README.md with Homebrew install option and Cursor Plugin section - Add Homebrew tab to web Hero and docs install commands - Create CursorPlugin.tsx homepage section component - Add Plugin nav link, update Footer version to v0.9.4 - Add Cursor Plugin step to docs page - Remove beforeShellExecution hook (causes circular block with Cursor metadata) Made-with: Cursor * fix: resolve picomatch audit + update changelogs for v0.9.5 - Add pnpm override for picomatch >=4.0.4 (ReDoS + method injection) - Add v0.9.5 entry to CHANGELOG.md (Cursor plugin, Homebrew docs, audit fix) - Sync web changelog with v0.9.2–v0.9.5 entries Made-with: Cursor
Made-with: Cursor
- Single-pass regex replacer in parseDotenv() prevents double-unescape of backslash sequences (CodeQL js/double-escaping alert #14) - Add picomatch >=4.0.4 override to web/package.json (Dependabot #3, #5) - Remove stale package-lock.json + add to .gitignore (Dependabot #2) - Add 8 parseDotenv unit tests covering escape edge cases Made-with: Cursor
Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release v0.9.6 — Security
Security
parseDotenv()escape-sequence chain replaced with single-pass regex to prevent double-unescape of backslash sequences (CodeQLjs/double-escapingalert Align CI workflows with gitflow branching model #14, severity: high)web/package.jsonresolving ReDoS (GHSA-c2c7-rcm5-vvqj) and method injection (GHSA-3v7f-55p6-f55p)package-lock.jsonremoved — eliminated false-positive Dependabot alerts from unused npm lockfile; added to.gitignoreAdded
parseDotenvunit tests covering escape edge cases (133 total tests, all passing)Version consistency
package.json:0.9.6server.json:0.9.6(both root and packages[0])CHANGELOG.md: entry addedSquash-merge recommended.
Made with Cursor