dirtydishes/islandflow
1
0
Fork 0
Code Issues 3 Pull requests 4 Projects Releases Packages Wiki Activity Actions 2

fix tmp audit finding #20

Merged
dirtydishes merged 1 commit from lavender/resolve-forgejo-security-issues into main 2026-06-13 06:41:25 +00:00
Conversation 0 Commits 1 Files changed 3 +369 -3
dirtydishes commented 2026-06-12 23:12:28 +00:00
Owner
Copy link

summary

this fixes the active tmp <0.2.6 audit finding on current main by raising the root tmp override to ^0.2.6 and refreshing bun.lock to resolve tmp@0.2.7.

validation

  • bun audit passes with no vulnerabilities found
  • bun test passes, 250 tests across 41 files
  • git diff --check -- docs/turns/ package.json bun.lock passes
  • bun run check still fails on existing biome import-order diagnostics in unrelated source/test files; i left those alone to keep this security pr focused

intended effect for end users

no user-facing behavior should change. the practical effect is a cleaner desktop packaging/tooling dependency graph with the known tmp path traversal advisory removed from the audit output.

notes

this supersedes the older noisy tmp cve branch/pr by rebuilding the fix from current forgejo main in a clean worktree.

summary this fixes the active `tmp <0.2.6` audit finding on current `main` by raising the root `tmp` override to `^0.2.6` and refreshing `bun.lock` to resolve `tmp@0.2.7`. validation - `bun audit` passes with no vulnerabilities found - `bun test` passes, 250 tests across 41 files - `git diff --check -- docs/turns/ package.json bun.lock` passes - `bun run check` still fails on existing biome import-order diagnostics in unrelated source/test files; i left those alone to keep this security pr focused intended effect for end users no user-facing behavior should change. the practical effect is a cleaner desktop packaging/tooling dependency graph with the known `tmp` path traversal advisory removed from the audit output. notes this supersedes the older noisy tmp cve branch/pr by rebuilding the fix from current forgejo `main` in a clean worktree.
dirtydishes added 1 commit 2026-06-12 23:12:29 +00:00
fix tmp audit finding
Some checks are pending
CI / Validate (pull_request) Waiting to run
Details
429b3424f2
dirtydishes merged commit a03d637119 into main 2026-06-13 06:41:25 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: dirtydishes/islandflow#20
No description provided.
Delete branch "lavender/resolve-forgejo-security-issues"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?