Branches performance
Pull requests
last run
3 days ago
fix: Format code
3 days ago
51b5304
shew/clean-up-logs
N/A
last run
3 days ago
fix: Validate turbo version from lockfile for all package managers
Extends the semver validation fix from #11546 to Berry (Yarn 2+), Bun,
pnpm, and Yarn 1 lockfiles. The original fix only covered npm, but the
same vulnerability existed in all other package manager lockfile parsers.
When TURBO_DOWNLOAD_LOCAL_ENABLED=1 is set, the turbo version extracted
from lockfiles is passed to package manager commands. Without validation,
malicious version strings could potentially be used for RCE.
This change validates that the version is a valid semver string before
returning it from turbo_version() for all lockfile types.
3 days ago
dd6cf48
anthonyshew/fix-turbo-version-validation-all-lockfiles
N/A
fix: Add allowComments and allowTrailingCommas to schema generator
The Rust schema generator now adds these JSONC properties so CI
regeneration won't overwrite manually-added entries.
3 days ago
cf34ec9
ddmoney420:fix/allow-comments-trailing-commas-in-schema
N/A
last run
5 days ago
chore: Simplify trailing commas fixture
5 days ago
3874c11
fix/microfrontends-trailing-commas
N/A