fix(security): pin axios to 1.15.0 and add dependency denylist for plugin installs [AI-assisted] (#63891)

mirror of https://github.com/moltbot/moltbot.git synced 2026-05-13 15:47:28 +00:00

* fix: address issue

* fix: address review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* fix: address PR review feedback

* Plugins: fix install security CI regressions

* Plugins: make manifest traversal linear

* Plugins: bound manifest security traversal

* Plugins: block denied node_modules package dirs

* Plugins: match node_modules case-insensitively

* Plugins: block denied package symlink paths

* Tests: normalize blocked symlink assertion

* Plugins: fail closed on unreadable denied paths

* Plugins: block denied node_modules file aliases

* Plugins: inspect node_modules symlink targets

* Plugins: preserve symlink target package paths

* fix: address PR review feedback

* chore(changelog): add axios pin and dependency denylist entry

---------

Co-authored-by: Devin Robison <drobison@nvidia.com>

This commit is contained in:

Michael Appel

2026-04-10 13:20:05 -04:00

committed by

GitHub

parent 9b44929f28

commit 9f97ad857a

11 changed files with 1959 additions and 2 deletions

									
										1

pnpm-workspace.yaml
									
												View File
												
				@@ -8,6 +8,7 @@ minimumReleaseAge: 2880

				minimumReleaseAgeExclude:

				  - "acpx"

				  - "axios"

				  - "basic-ftp"

				  - "hono"

				  - "openclaw"

fix(security): pin axios to 1.15.0 and add dependency denylist for plugin installs [AI-assisted] (#63891)

1 pnpm-workspace.yaml Unescape Escape View File

1

pnpm-workspace.yaml

View File