github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 20:14:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,313 Commits 702 Branches 79 Tags
8af676edb391aeaaa0f8576698923aab0a869552
Commit Graph

8234 Commits

Author SHA1 Message Date
Coy Geek
8ae2d5110f fix(docker): pin base images to SHA256 digests (#7734) 
* fix(docker): pin base images to SHA256 digests for supply chain security

Pin all 9 Dockerfiles to immutable SHA256 digests to prevent supply chain
attacks where a compromised upstream image could be silently pulled into
production builds.

Also add Docker ecosystem to Dependabot configuration for automated
digest updates.

Images pinned:
- node:22-bookworm@sha256:cd7bcd2e7a1e6f72052feb023c7f6b722205d3fcab7bbcbd2d1bfdab10b1e935
- node:22-bookworm-slim@sha256:3cfe526ec8dd62013b8843e8e5d4877e297b886e5aace4a59fec25dc20736e45
- debian:bookworm-slim@sha256:98f4b71de414932439ac6ac690d7060df1f27161073c5036a7553723881bffbe
- ubuntu:24.04@sha256:cd1dba651b3080c3686ecf4e3c4220f026b521fb76978881737d24f200828b2b

Fixes #7731

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* test(docker): add digest pinning regression coverage

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
 2026-02-19 12:42:07 -08:00
Mariano
e98ccc8e17 iOS/Gateway: stabilize background wake and reconnect behavior (#21226) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 7705a7741e
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 20:20:28 +00:00
Shadow
f7a8c2df2c Discord: handle gateway 4014 close 2026-02-19 13:47:28 -06:00
George Pickett
802f043e53 Net: expand cross-origin sensitive header regression test 2026-02-19 11:42:25 -08:00
Andrii Furmanets
c0cd5a7265 Net: strip sensitive headers on cross-origin redirects 2026-02-19 11:42:25 -08:00
Shakker
7579e9511e Auto-reply: delay onAgentRunStart until real activity 2026-02-19 19:15:09 +00:00
Isis Anisoptera
4b7d89100e fix(auto-reply): restore prompt cache stability by moving per-turn ids to user context (#20597) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 175919afb6
Co-authored-by: anisoptera <768771+anisoptera@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-19 19:11:47 +00:00
Peter Steinberger
bf8117ad32 fix(update): silence npm deprecation/funding noise 2026-02-19 18:19:16 +01:00
Peter Steinberger
03d7aad0a4 fix(test): mock runDaemonInstall with vi.mocked 2026-02-19 17:43:29 +01:00
Vincent Koc
45d9b20692 fix(cli): refresh gateway service env during update (#21071) 
* changelog: add security deepMerge prototype-pollution fix entry

* update: refresh gateway service env during update restart

* test(cli): fix daemon install mock assertion

* test(cli): guard update restart false path
 2026-02-19 08:32:56 -08:00
Peter Steinberger
3077c35831 fix(ui): unblock docker onboarding build 2026-02-19 16:32:33 +01:00
Peter Steinberger
30e36c30d4 fix(ci): tighten test typing for browser and cron cli 2026-02-19 15:29:57 +00:00
Peter Steinberger
018370e827 fix(ci): normalize path assertions across platforms 2026-02-19 15:28:14 +00:00
Peter Steinberger
035832b4c5 refactor(daemon): extract windows cmd argv helpers 2026-02-19 16:22:28 +01:00
Peter Steinberger
a1cb700a05 test: dedupe and optimize test suites 2026-02-19 15:19:38 +00:00
Peter Steinberger
280c6b117b fix(daemon): harden windows schtasks script quoting 2026-02-19 16:16:51 +01:00
Peter Steinberger
3a258e7ca8 fix(ci): add explicit mock export types for harnesses 2026-02-19 15:16:09 +00:00
Peter Steinberger
e96c6a7a3e fix(ci): format cron tool imports 2026-02-19 15:13:02 +00:00
Peter Steinberger
bc6f983f85 fix(ci): resolve format drift and acp mock typing 2026-02-19 15:11:27 +00:00
Peter Steinberger
cc9be84b9c refactor(runtime): split runtime builders and stabilize cron tool seam 2026-02-19 16:09:56 +01:00
Peter Steinberger
e1e91bdb4a test: cover plugin status helper branches 2026-02-19 15:09:19 +00:00
Peter Steinberger
d3bf6e1b90 test: harden mock order and shell path coverage 2026-02-19 15:09:19 +00:00
Peter Steinberger
4574f3279b test: cover npm pack install drift branches 2026-02-19 15:08:54 +00:00
Peter Steinberger
dcd592a601 refactor: eliminate jscpd clones and boost tests 2026-02-19 15:08:54 +00:00
Peter Steinberger
71983716ff test: share channels command mock harness 2026-02-19 15:08:14 +00:00
Peter Steinberger
0213a09211 test: share temp home env harness 2026-02-19 15:08:14 +00:00
Peter Steinberger
edf92f1cb0 refactor: share npm integrity drift handling 2026-02-19 15:08:14 +00:00
Peter Steinberger
72e426be60 test: reuse isolated agent mock module 2026-02-19 15:08:14 +00:00
Peter Steinberger
e1059e95aa refactor(daemon): extract schtasks cmd-set codec helpers 2026-02-19 16:07:15 +01:00
Peter Steinberger
a688ccf24a refactor(security): unify safe-bin argv parsing and harden regressions 2026-02-19 16:04:58 +01:00
Peter Steinberger
2e421f32df fix(security): restore trusted plugin runtime exec default 2026-02-19 16:01:29 +01:00
Peter Steinberger
dafe52e8cf fix(daemon): escape schtasks environment assignments 2026-02-19 15:52:13 +01:00
Peter Steinberger
c45f3c5b00 fix(gateway): harden canvas auth with session capabilities 2026-02-19 15:51:22 +01:00
Peter Steinberger
f76f98b268 chore: fix formatting drift and stabilize cron tool mocks 2026-02-19 15:41:38 +01:00
Peter Steinberger
63e39d7f57 fix(security): harden ACP prompt size guardrails 2026-02-19 15:41:01 +01:00
Aether AI Agent
ebcf19746f fix(security): OC-53 validate prompt size before string concatenation to prevent memory exhaustion — Aether AI Agent 2026-02-19 15:41:01 +01:00
Aether AI Agent
732e53151e fix(security): OC-53 enforce 2MB prompt size limit to prevent ACP DoS — Aether AI Agent 2026-02-19 15:41:01 +01:00
Peter Steinberger
c9dee59266 refactor(security): centralize trusted sender checks for discord moderation 2026-02-19 15:39:56 +01:00
Peter Steinberger
81b19aaa1a fix(security): enforce plugin and hook path containment 2026-02-19 15:37:29 +01:00
Peter Steinberger
b40821b068 fix: harden ACP secret handling and exec preflight boundaries 2026-02-19 15:34:20 +01:00
Peter Steinberger
3d7ad1cfca fix(security): centralize owner-only tool gating and scope maps 2026-02-19 15:29:23 +01:00
Peter Steinberger
efca61e3ac test: share cron tool mock harness 2026-02-19 14:27:37 +00:00
Peter Steinberger
eb9861b20a test: share memory manager bootstrap helper 2026-02-19 14:27:37 +00:00
Peter Steinberger
2581b67cdb refactor: share exec approval request helper 2026-02-19 14:27:37 +00:00
Peter Steinberger
3179097a1f refactor: dedupe redact snapshot restore prelude 2026-02-19 14:27:37 +00:00
Peter Steinberger
ffd4e85873 refactor: share allow-from merge and sender-id checks 2026-02-19 14:27:37 +00:00
Peter Steinberger
ba538c98c7 refactor: share plain object guard across config and utils 2026-02-19 14:27:36 +00:00
Peter Steinberger
397f243ded refactor: dedupe gateway session guards and agent test fixtures 2026-02-19 14:27:36 +00:00
Peter Steinberger
a99fd8f2dd refactor: reuse daemon action response type in lifecycle core 2026-02-19 14:27:36 +00:00
Peter Steinberger
672b1c5084 refactor: dedupe slack monitor mrkdwn and modal event base 2026-02-19 14:27:36 +00:00