agent-orchestrator/.github/workflows
fireddd 23f4bd6bfe fix(ci): prevent Node.js code injection in plugin directory name
Replace `node -e` with `jq` for reading plugin package names in the
coverage workflow. The previous approach interpolated $plugin_dir
directly into a JavaScript expression, which could allow code injection
via crafted directory names.

Closes #913

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-10 02:08:01 +05:30
..
ci.yml fix: terminal servers compatible with hash-based architecture (#87) 2026-02-18 03:28:55 +05:30
coverage.yml fix(ci): prevent Node.js code injection in plugin directory name 2026-04-10 02:08:01 +05:30
deploy-vps.yml ci: harden VPS deploy workflow 2026-04-02 12:44:50 +05:30
integration-tests.yml feat: publish to npm under @composio scope (#32) 2026-02-15 04:28:57 +05:30
onboarding-test.yml fix: dashboard config discovery + CLI service layer refactoring (#70) 2026-02-18 17:08:48 +05:30
release.yml fix: disable husky in release workflow to unblock npm publish 2026-03-20 18:44:37 +05:30
security.yml fix: last 10 commits for secrets check 2026-03-27 22:38:58 +05:30