{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":205435205,"defaultBranch":"master","name":"specter-desktop","ownerLogin":"cryptoadvance","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2019-08-30T18:18:02.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/52270008?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1714662915.0","currentOid":""},"activityList":{"items":[{"before":"e9dc494d22d89666ea78273c081c9e8f998a814a","after":"c56eff5816d3b6f0fb0ea1dd9323bae6f8f5b190","ref":"refs/heads/master","pushedAt":"2024-05-02T15:13:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"updating dependencies (#2434)","shortMessageHtmlLink":"updating dependencies (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2273671094\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2434\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2434/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2434\">#2434</a>)"}},{"before":"7970c3d8abc4748420c3750674e54da03813f96c","after":"e9dc494d22d89666ea78273c081c9e8f998a814a","ref":"refs/heads/master","pushedAt":"2024-05-01T10:31:32.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"Kn/macos signing (#2432)\n\n* chore: migrate from altool to notarytool\r\n\r\n* fix litte things in build-common\r\n\r\n* add pyenv install in build-osx\r\n\r\n* add pyinstaller/electron/signing_logs to gitignore\r\n\r\n* chore: migrate from altool to notarytool\r\n\r\n* fix little things in build.common\r\n\r\n* add pyenv install in build osx\r\n\r\n* add pyinatsller electron signing logs to gitignore\r\n\r\n* updated build-osx.sh\r\n\r\n* fix entitlement\r\n\r\n* heavily refactoring the electron app\r\n\r\n* polish and improve\r\n\r\n* further bugfixing and polishing\r\n\r\n* tiny change to improve support of MacOS\r\n\r\n* Fix dependency issues\r\n\r\n---------\r\n\r\nCo-authored-by: Manolis <moneymanolis@protonmail.com>","shortMessageHtmlLink":"Kn/macos signing (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2246188773\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2432\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2432/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2432\">#2432</a>)"}},{"before":"a0523732aa4f7255a835a34f56d6c9afb859b72d","after":"7970c3d8abc4748420c3750674e54da03813f96c","ref":"refs/heads/master","pushedAt":"2024-03-27T19:19:25.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"moneymanolis","name":"Manolis Mandrapilias","path":"/moneymanolis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/70536101?s=80&v=4"},"commit":{"message":"Fix Jade signing issues with Swan Vault (#2421)\n\n* update jade api to version 2.0.2 and update jade hwi client to the latest hwi code (version\r\n\r\n* change chain default for initialising the jade client back to MAIN\r\n\r\n* add \"unlock\" to jade's enumerate method and its hwi client\r\n\r\n* use is_startup property to prevent jade unlocking on startup + change to skip_hwi_initialisation + some simplifications\r\n\r\n* pass chain param on every request for enumerate call as well + some changes to be on the safe side (avoid name collusion with built-in fetch + random id)\r\n\r\n* always use timeout when calling enumerate from hwi.jinja\r\n\r\n* add ui to register multisigs for multisig wallets using a jade\r\n\r\n* updated requirements.txt\r\n\r\n* rename myFetch to requestToHwiBridge\r\n\r\n* address jamie's comments: change logic to skip_unlocking + move early return up in jade client","shortMessageHtmlLink":"Fix Jade signing issues with Swan Vault (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2184593314\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2421\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2421/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2421\">#2421</a>)"}},{"before":"655e9153b68f240a6bba56e2196197903a440785","after":"a0523732aa4f7255a835a34f56d6c9afb859b72d","ref":"refs/heads/master","pushedAt":"2024-02-27T12:51:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"New documentations #1885 (#2409)\n\n* Added install guide 1884\r\n\r\nhttps://github.com/cryptoadvance/specter-desktop/issues/1884\r\n\r\n* chore: remove empty file\r\n\r\n* adding to the menu anr referencing in readme\r\n\r\n* changing heading levels to enable submenu\r\n\r\n* adding symlink\r\n\r\n* Reposition 'OS-Specific Apps' section and update Electrum integration info\r\n\r\n- Moved 'OS-Specific Apps for Specter Desktop' section to immediately follow 'Installation Methods' for better logical flow and prominence.\r\n- Added information about Electrum connection availability since version 2.0.0 in the 'Future Developments of Specter Desktop' section for up-to-date and accurate documentation.\r\n-Changed Title to \"Installation Method Decision Guide\" instead of \"Installation Guide\"\r\n\r\n* Create WalletCreationGuide.md\r\n\r\n* Create DeviceCreationGuide.md\r\n\r\n* Update docs/DeviceCreationGuide.md\r\n\r\ncommit suggestion from k9ert\r\n\r\nCo-authored-by: k9ert <k9ert@gmx.de>\r\n\r\n* Update mkdocs.yml\r\n\r\nLinked new WalletCreationGuide and DeviceCreationGuide in the Menue\r\n\r\n* Update WalletCreationGuide.md\r\n\r\nAdded Link to install guide\r\n\r\n* Update WalletCreationGuide.md\r\n\r\nAdded Link to Node connection guide\r\n\r\n* Update WalletCreationGuide.md\r\n\r\nCreating wallet: Reference to import device first\r\nBackup wallet: Improved explenation about steel backup\r\n\r\n* Update DeviceCreationGuide.md\r\n\r\nAdded real world examples for wallets and derivation paths.\r\nLinked readme with pictured Step by Step guide.\r\nAdded Some basic Common Issues, maybe link faq?\r\n\r\n* Update WalletCreationGuide.md\r\n\r\nAdded examples for Single/Multisig wallets\r\n\r\n* Update DeviceCreationGuide.md\r\n\r\nsmall fix in hierarchy\r\n\r\n* Update mkdocs.yml\r\n\r\nswapped device and wallet creation guide.\r\n\r\n* Update DeviceCreationGuide.md\r\n\r\nFixed various comments\r\n\r\n* Update WalletCreationGuide.md\r\n\r\nvar. fixes\r\n\r\n* Added feedback from 02/15\r\n\r\n* Added feedback from 02/15\r\nfix double space and no new line.\r\n\r\n* - removed the word cryptocurrency and placed Bitcoin instead.\r\n- Pointed out that hardware wallets with shitcoin support are less secure.\r\n\r\n* - fixed links to other docs\r\n- adjusted link integration\r\n- removed picture reference in the wallets overview\r\n\r\n---------\r\n\r\nCo-authored-by: Kim Neunert <kim@swanbitcoin.com>\r\nCo-authored-by: k9ert <k9ert@gmx.de>","shortMessageHtmlLink":"New documentations <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1371020616\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/1885\" data-hovercard-type=\"issue\" data-hovercard-url=\"/cryptoadvance/specter-desktop/issues/1885/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/issues/1885\">#1885</a> (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2079680082\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2409\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2409/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2409\">#2409</a>)"}},{"before":"1f0bc602c782728c2637cb55856b0901adbebd06","after":"655e9153b68f240a6bba56e2196197903a440785","ref":"refs/heads/master","pushedAt":"2024-01-15T13:00:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"Enforce hwi init (#2386)\n\n* adding release_notes for v2.0.2\r\n\r\n* add --enforcehwiinitialisation as click option\r\n\r\n* chore: ENFORCE_HWI_INITIALISATION_AT_STARTUP via","shortMessageHtmlLink":"Enforce hwi init (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1913384034\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2386\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2386/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2386\">#2386</a>)"}},{"before":"0d22f8d570a877a70f7e9debbfbf4206d61c00a6","after":"1f0bc602c782728c2637cb55856b0901adbebd06","ref":"refs/heads/master","pushedAt":"2024-01-15T10:31:20.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"chore: upgrade dependencies (#2399)\n\n* chore: upgrade dependencies\r\n\r\n* workaround for weird greenlet error\r\n\r\n* chore: remove empty file","shortMessageHtmlLink":"chore: upgrade dependencies (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1996865968\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2399\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2399/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2399\">#2399</a>)"}},{"before":"3b1003941c64f4c1b3160e184ec5dae029b9e8b6","after":"0d22f8d570a877a70f7e9debbfbf4206d61c00a6","ref":"refs/heads/master","pushedAt":"2024-01-13T15:28:12.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"Docs: fix small typos and grammatical errors (#2406)","shortMessageHtmlLink":"Docs: fix small typos and grammatical errors (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2060867891\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2406\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2406/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2406\">#2406</a>)"}},{"before":null,"after":"cd5f0022a276614159372c508f6bba1eddaa0476","ref":"refs/heads/dependabot/npm_and_yarn/axios-and-wait-on-1.6.2","pushedAt":"2023-11-16T16:29:53.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Chore(deps): Bump axios and wait-on\n\nBumps [axios](https://github.com/axios/axios) to 1.6.2 and updates ancestor dependency [wait-on](https://github.com/jeffbski/wait-on). These dependencies need to be updated together.\n\n\nUpdates `axios` from 0.21.4 to 1.6.2\n- [Release notes](https://github.com/axios/axios/releases)\n- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)\n- [Commits](https://github.com/axios/axios/compare/v0.21.4...v1.6.2)\n\nUpdates `wait-on` from 5.3.0 to 7.2.0\n- [Release notes](https://github.com/jeffbski/wait-on/releases)\n- [Commits](https://github.com/jeffbski/wait-on/compare/v5.3.0...v7.2.0)\n\n---\nupdated-dependencies:\n- dependency-name: axios\n  dependency-type: indirect\n- dependency-name: wait-on\n  dependency-type: direct:production\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Chore(deps): Bump axios and wait-on"}},{"before":"b85cf745f8dfa814eb8e9b6f67d941620713198e","after":"3b1003941c64f4c1b3160e184ec5dae029b9e8b6","ref":"refs/heads/master","pushedAt":"2023-11-16T16:28:57.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"Patched Fix Improperly Controlled Modification of Prototype Pollution in specter-desktop (#2385)\n\nA constructed payload sent to validate will lead to prototype pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as `__proto__`, constructor and prototype. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. Properties on the Object.prototype are then inherited by all the JavaScript objects through the prototype chain. When that happens, this leads to either denial of service by triggering JavaScript exceptions, or it tampers with the application source code to force the code path that the attacker injects, thereby leading to remote code execution.\r\n\r\n```js\r\n\tfunction checkObj(instance,objTypeDef,path,additionalProp){\r\n\r\n\t\tif(typeof objTypeDef =='object'){\r\n\t\t\tif(typeof instance != 'object' || instance instanceof Array){\r\n\t\t\t\terrors.push({property:path,message:\"an object is required\"});\r\n\t\t\t}\r\n\t\t\t\r\n\t\t\tfor(var i in objTypeDef){ \r\n\t\t\t\tif(Object.prototype.hasOwnProperty.call(objTypeDef, i) && i != '__proto__' && i != 'constructor'){\r\n\t\t\t\t\tvar value = Object.prototype.hasOwnProperty.call(instance, i) ? instance[i] : undefined;\r\n\t\t\t\t\t// skip _not_ specified properties\r\n\t\t\t\t\tif (value === undefined && options.existingOnly) continue;\r\n\t\t\t\t\tvar propDef = objTypeDef[i];\r\n\t\t\t\t\t// set default\r\n\t\t\t\t\tif(value === undefined && propDef[\"default\"]){\r\n\t\t\t\t\t\tvalue = instance[i] = propDef[\"default\"];\r\n\t\t\t\t\t}\r\n\t\t\t\t\tif(options.coerce && i in instance){\r\n\t\t\t\t\t\tvalue = instance[i] = options.coerce(value, propDef);\r\n\t\t\t\t\t}\r\n\t\t\t\t\tcheckProp(value,propDef,path,i);\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t}\r\n\t\tfor(i in instance){\r\n\t\t\tif(Object.prototype.hasOwnProperty.call(instance, i) && !(i.charAt(0) == '_' && i.charAt(1) == '_') && objTypeDef && !objTypeDef[i] && additionalProp===false){\r\n\t\t\t\tif (options.filter) {\r\n\t\t\t\t\tdelete instance[i];\r\n\t\t\t\t\tcontinue;\r\n\t\t\t\t} else {\r\n\t\t\t\t\terrors.push({property:path,message:\"The property \" + i +\r\n\t\t\t\t\t\t\" is not defined in the schema and the schema does not allow additional properties\"});\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t\tvar requires = objTypeDef && objTypeDef[i] && objTypeDef[i].requires;\r\n\t\t\tif(requires && !(requires in instance)){\r\n\t\t\t\terrors.push({property:path,message:\"the presence of the property \" + i + \" requires that \" + requires + \" also be present\"});\r\n\t\t\t}\r\n\t\t\tvalue = instance[i];\r\n\t\t\tif(additionalProp && (!(objTypeDef && typeof objTypeDef == 'object') || !(i in objTypeDef))){\r\n\t\t\t\tif(options.coerce){\r\n\t\t\t\t\tvalue = instance[i] = options.coerce(value, additionalProp);\r\n\t\t\t\t}\r\n\t\t\t\tcheckProp(value,additionalProp,path,i);\r\n\t\t\t}\r\n\t\t\tif(!_changing && value && value.$schema){\r\n\t\t\t\terrors = errors.concat(checkProp(value,value.$schema,path,i));\r\n\t\t\t}\r\n\t\t}\r\n\t\treturn errors;\r\n\t}\r\n```\r\n\r\n## Proof of Concept\r\n```js\r\n// PoC.js\r\nconst { validate } = require(\"json-schema\");\r\nconst instance = JSON.parse(`\r\n{\r\n  \"$schema\":{\r\n    \"type\": \"object\",\r\n    \"properties\":{\r\n      \"__proto__\": {\r\n        \"type\": \"object\",\r\n        \r\n        \"properties\":{\r\n          \"polluted\": {\r\n              \"type\": \"string\",\r\n              \"default\": \"polluted\"\r\n          }\r\n        }\r\n      }\r\n    },\r\n    \"__proto__\": {}\r\n  }\r\n}`);\r\n\r\nconst a = {};\r\nconsole.log(a.polluted);\r\nvalidate(instance);\r\nconsole.log(a.polluted);\r\n```\r\n**Impact**\r\nThis vulnerability is capable of make prototype pollution\r\nCWE-915\r\nCWE-1321\r\nCVE-2021-3918\r\n**`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`**\r\n\r\nCo-authored-by: k9ert <k9ert@gmx.de>","shortMessageHtmlLink":"Patched Fix Improperly Controlled Modification of Prototype Pollution…"}},{"before":"3301accc5be3438b2c4e6dea4e34a673500176c0","after":"b85cf745f8dfa814eb8e9b6f67d941620713198e","ref":"refs/heads/master","pushedAt":"2023-11-14T13:16:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"moneymanolis","name":"Manolis Mandrapilias","path":"/moneymanolis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/70536101?s=80&v=4"},"commit":{"message":"Fix testnet path when deleting wallet on node (#2395)","shortMessageHtmlLink":"Fix testnet path when deleting wallet on node (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1984346539\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2395\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2395/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2395\">#2395</a>)"}},{"before":null,"after":"fb6c4f6c93c05ecd93178544b88d75bd2cdc26de","ref":"refs/heads/dependabot/pip/werkzeug-3.0.1","pushedAt":"2023-10-25T19:25:19.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Chore(deps): Bump werkzeug from 2.2.3 to 3.0.1\n\nBumps [werkzeug](https://github.com/pallets/werkzeug) from 2.2.3 to 3.0.1.\n- [Release notes](https://github.com/pallets/werkzeug/releases)\n- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)\n- [Commits](https://github.com/pallets/werkzeug/compare/2.2.3...3.0.1)\n\n---\nupdated-dependencies:\n- dependency-name: werkzeug\n  dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Chore(deps): Bump werkzeug from 2.2.3 to 3.0.1"}},{"before":"88a1f81ffaf6a71fe8d25ed9151066838afd25d9","after":null,"ref":"refs/heads/dependabot/pip/urllib3-1.26.17","pushedAt":"2023-10-18T00:00:02.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"e6d41b94eb768eb64a668b6dfeed9ef0cd4cf4c5","ref":"refs/heads/dependabot/pip/urllib3-1.26.18","pushedAt":"2023-10-17T23:59:57.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Chore(deps): Bump urllib3 from 1.26.14 to 1.26.18\n\nBumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.14 to 1.26.18.\n- [Release notes](https://github.com/urllib3/urllib3/releases)\n- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)\n- [Commits](https://github.com/urllib3/urllib3/compare/1.26.14...1.26.18)\n\n---\nupdated-dependencies:\n- dependency-name: urllib3\n  dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Chore(deps): Bump urllib3 from 1.26.14 to 1.26.18"}},{"before":"abba11c79f9c7ce9782c60a4402c76a0fbc587d4","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/pyinstaller/electron/electron-22.3.24","pushedAt":"2023-10-05T18:38:31.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"8e8ce28c6ea7dc1ba7fffc195ca52b6a1b779c1e","ref":"refs/heads/dependabot/npm_and_yarn/pyinstaller/electron/electron-22.3.25","pushedAt":"2023-10-05T18:38:26.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Chore(deps-dev): Bump electron in /pyinstaller/electron\n\nBumps [electron](https://github.com/electron/electron) from 22.1.0 to 22.3.25.\n- [Release notes](https://github.com/electron/electron/releases)\n- [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md)\n- [Commits](https://github.com/electron/electron/compare/v22.1.0...v22.3.25)\n\n---\nupdated-dependencies:\n- dependency-name: electron\n  dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Chore(deps-dev): Bump electron in /pyinstaller/electron"}},{"before":null,"after":"88a1f81ffaf6a71fe8d25ed9151066838afd25d9","ref":"refs/heads/dependabot/pip/urllib3-1.26.17","pushedAt":"2023-10-03T02:57:18.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Chore(deps): Bump urllib3 from 1.26.14 to 1.26.17\n\nBumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.14 to 1.26.17.\n- [Release notes](https://github.com/urllib3/urllib3/releases)\n- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)\n- [Commits](https://github.com/urllib3/urllib3/compare/1.26.14...1.26.17)\n\n---\nupdated-dependencies:\n- dependency-name: urllib3\n  dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Chore(deps): Bump urllib3 from 1.26.14 to 1.26.17"}},{"before":"6a51d31bbe55ea8edf4d789e0221d3abbc496817","after":"3301accc5be3438b2c4e6dea4e34a673500176c0","ref":"refs/heads/master","pushedAt":"2023-09-21T18:15:46.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"moneymanolis","name":"Manolis Mandrapilias","path":"/moneymanolis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/70536101?s=80&v=4"},"commit":{"message":"adding release_notes for v2.0.2 (#2384)","shortMessageHtmlLink":"adding release_notes for v2.0.2 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1907506523\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2384\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2384/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2384\">#2384</a>)"}},{"before":"8a06e9b7166bf430a23a291c1881a2ae49b428c1","after":"6a51d31bbe55ea8edf4d789e0221d3abbc496817","ref":"refs/heads/master","pushedAt":"2023-09-20T12:00:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"Update spotbit api url and path (#2372)\n\n* Update spotbit api url and path\r\n\r\n* Update src/cryptoadvance/specter/util/price_providers.py\r\n\r\nCo-authored-by: Benjamin B <7598058+BBlackwo@users.noreply.github.com>\r\n\r\n* removed non-existent price-provider and added gemini\r\n\r\n* fixed history API\r\n\r\n---------\r\n\r\nCo-authored-by: k9ert <k9ert@gmx.de>\r\nCo-authored-by: Kim Neunert <kim@swanbitcoin.com>","shortMessageHtmlLink":"Update spotbit api url and path (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1871509269\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2372\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2372/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2372\">#2372</a>)"}},{"before":"2c8e5533a0450322c90014a7cb15d0d27b854163","after":"8a06e9b7166bf430a23a291c1881a2ae49b428c1","ref":"refs/heads/master","pushedAt":"2023-09-20T09:40:41.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"Optional ENFORCE_HWI_INITIALISATION_AT_STARTUP (#2383)\n\n* Revert \"revert removal of enumerate (#2378)\"\r\n\r\nThis reverts commit 23ad11975bb45a67a676c4771043fd51ac3a39f5.\r\n\r\n* Make HWI initialisation not default but enforcable","shortMessageHtmlLink":"Optional ENFORCE_HWI_INITIALISATION_AT_STARTUP (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1903073588\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2383\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2383/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2383\">#2383</a>)"}},{"before":"a2be0ab716b07388569607e5aa03c52466f23f50","after":"6afe5b173362f52abdc43fdb88e425b707401a49","ref":"refs/heads/revert-2378-revert-remove-enumerate","pushedAt":"2023-09-19T14:13:49.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"Make HWI initialisation not default but enforcable","shortMessageHtmlLink":"Make HWI initialisation not default but enforcable"}},{"before":null,"after":"a2be0ab716b07388569607e5aa03c52466f23f50","ref":"refs/heads/revert-2378-revert-remove-enumerate","pushedAt":"2023-09-19T14:04:50.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"Revert \"revert removal of enumerate (#2378)\"\n\nThis reverts commit 23ad11975bb45a67a676c4771043fd51ac3a39f5.","shortMessageHtmlLink":"Revert \"revert removal of enumerate (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1887771310\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2378\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2378/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2378\">#2378</a>)\""}},{"before":"3a5567b60fd68ffb83c4093347f8554052de893e","after":"846170e8da8ffdc73d1ae30a54abdf1302db71f3","ref":"refs/heads/dependabot/npm_and_yarn/cypress/request-and-cypress-3.0.1","pushedAt":"2023-09-19T11:49:30.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Chore(deps): Bump @cypress/request and cypress\n\nBumps [@cypress/request](https://github.com/cypress-io/request) to 3.0.1 and updates ancestor dependency [cypress](https://github.com/cypress-io/cypress). These dependencies need to be updated together.\n\n\nUpdates `@cypress/request` from 2.88.10 to 3.0.1\n- [Release notes](https://github.com/cypress-io/request/releases)\n- [Changelog](https://github.com/cypress-io/request/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/cypress-io/request/compare/v2.88.10...v3.0.1)\n\nUpdates `cypress` from 9.7.0 to 13.1.0\n- [Release notes](https://github.com/cypress-io/cypress/releases)\n- [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md)\n- [Commits](https://github.com/cypress-io/cypress/compare/v9.7.0...v13.1.0)\n\n---\nupdated-dependencies:\n- dependency-name: \"@cypress/request\"\n  dependency-type: indirect\n- dependency-name: cypress\n  dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Chore(deps): Bump @cypress/request and cypress"}},{"before":"690210c6e7bf740e113f211be56e85eb9d9605a5","after":"4d15dc04f21067cd1cf1fb955c3caa5e02226d21","ref":"refs/heads/dependabot/npm_and_yarn/tough-cookie-and-cypress/request-4.1.3","pushedAt":"2023-09-19T11:49:17.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Chore(deps): Bump tough-cookie and @cypress/request\n\nBumps [tough-cookie](https://github.com/salesforce/tough-cookie) and [@cypress/request](https://github.com/cypress-io/request). These dependencies needed to be updated together.\n\nUpdates `tough-cookie` from 2.5.0 to 4.1.3\n- [Release notes](https://github.com/salesforce/tough-cookie/releases)\n- [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/salesforce/tough-cookie/compare/v2.5.0...v4.1.3)\n\nUpdates `@cypress/request` from 2.88.10 to 2.88.12\n- [Release notes](https://github.com/cypress-io/request/releases)\n- [Changelog](https://github.com/cypress-io/request/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/cypress-io/request/compare/v2.88.10...v2.88.12)\n\n---\nupdated-dependencies:\n- dependency-name: tough-cookie\n  dependency-type: indirect\n- dependency-name: \"@cypress/request\"\n  dependency-type: indirect\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Chore(deps): Bump tough-cookie and @cypress/request"}},{"before":"2a58ccc6489d3034dce62c374676a0d1c940df90","after":"abba11c79f9c7ce9782c60a4402c76a0fbc587d4","ref":"refs/heads/dependabot/npm_and_yarn/pyinstaller/electron/electron-22.3.24","pushedAt":"2023-09-19T11:49:10.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Chore(deps-dev): Bump electron in /pyinstaller/electron\n\nBumps [electron](https://github.com/electron/electron) from 22.1.0 to 22.3.24.\n- [Release notes](https://github.com/electron/electron/releases)\n- [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md)\n- [Commits](https://github.com/electron/electron/compare/v22.1.0...v22.3.24)\n\n---\nupdated-dependencies:\n- dependency-name: electron\n  dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Chore(deps-dev): Bump electron in /pyinstaller/electron"}},{"before":"1f40a3b0609a32db711448f14a9a5e784cd049b2","after":"2c8e5533a0450322c90014a7cb15d0d27b854163","ref":"refs/heads/master","pushedAt":"2023-09-19T11:48:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"Patched Fix Electron vulnerable to out-of-package code execution when launched with arbitrary cwd (#2380)\n\nThis project used electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected of this project are vulnerable to Arbitrary Code Execution allowing out-of-package code execution when apps are launched as command-line executables.\r\n\r\n```diff\r\ndiff --git a/lib/internal/modules/run_main.js b/lib/internal/modules/run_main.js\r\n- index 5a50d5d6afab6e6648f72a1c0efa1df4cd80bcd9..0be45309028b00a6957ee473322a9452a7fa7d67 100644\r\n--- a/lib/internal/modules/run_main.js\r\n+ +++ b/lib/internal/modules/run_main.js\r\n@@ -13,6 +13,12 @@ const {\r\n```\r\nCWE-94\r\n`CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:L`\r\nCVE-2023-39956\r\n\r\nCo-authored-by: k9ert <k9ert@gmx.de>","shortMessageHtmlLink":"Patched Fix Electron vulnerable to out-of-package code execution when…"}},{"before":"2c752b1ebf326a82b1b4041e312e0e5fc3458f6c","after":null,"ref":"refs/heads/dependabot/npm_and_yarn/pyinstaller/electron/electron-22.3.21","pushedAt":"2023-09-18T18:44:26.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"}},{"before":null,"after":"2a58ccc6489d3034dce62c374676a0d1c940df90","ref":"refs/heads/dependabot/npm_and_yarn/pyinstaller/electron/electron-22.3.24","pushedAt":"2023-09-18T18:44:20.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Chore(deps-dev): Bump electron in /pyinstaller/electron\n\nBumps [electron](https://github.com/electron/electron) from 22.1.0 to 22.3.24.\n- [Release notes](https://github.com/electron/electron/releases)\n- [Changelog](https://github.com/electron/electron/blob/main/docs/breaking-changes.md)\n- [Commits](https://github.com/electron/electron/compare/v22.1.0...v22.3.24)\n\n---\nupdated-dependencies:\n- dependency-name: electron\n  dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Chore(deps-dev): Bump electron in /pyinstaller/electron"}},{"before":"23ad11975bb45a67a676c4771043fd51ac3a39f5","after":"1f40a3b0609a32db711448f14a9a5e784cd049b2","ref":"refs/heads/master","pushedAt":"2023-09-16T08:32:42.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"moneymanolis","name":"Manolis Mandrapilias","path":"/moneymanolis","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/70536101?s=80&v=4"},"commit":{"message":"Bugfix: Jade displaying wrong multisig addresses for descriptors using multi() (#2366)\n\n* condition on is_sorted in jade's display_multisig_address\r\n\r\n* fix overlay for address confirmation\r\n\r\n---------\r\n\r\nCo-authored-by: k9ert <k9ert@gmx.de>","shortMessageHtmlLink":"Bugfix: Jade displaying wrong multisig addresses for descriptors usin…"}},{"before":"2808be1ae367e1c8a5827f5a78380cca1e93919d","after":"23ad11975bb45a67a676c4771043fd51ac3a39f5","ref":"refs/heads/master","pushedAt":"2023-09-08T14:39:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"k9ert","name":null,"path":"/k9ert","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/117085?s=80&v=4"},"commit":{"message":"revert removal of enumerate (#2378)","shortMessageHtmlLink":"revert removal of enumerate (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1887771310\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cryptoadvance/specter-desktop/issues/2378\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cryptoadvance/specter-desktop/pull/2378/hovercard\" href=\"https://github.com/cryptoadvance/specter-desktop/pull/2378\">#2378</a>)"}},{"before":null,"after":"3a5567b60fd68ffb83c4093347f8554052de893e","ref":"refs/heads/dependabot/npm_and_yarn/cypress/request-and-cypress-3.0.1","pushedAt":"2023-09-06T21:50:23.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"Chore(deps): Bump @cypress/request and cypress\n\nBumps [@cypress/request](https://github.com/cypress-io/request) to 3.0.1 and updates ancestor dependency [cypress](https://github.com/cypress-io/cypress). These dependencies need to be updated together.\n\n\nUpdates `@cypress/request` from 2.88.10 to 3.0.1\n- [Release notes](https://github.com/cypress-io/request/releases)\n- [Changelog](https://github.com/cypress-io/request/blob/master/CHANGELOG.md)\n- [Commits](https://github.com/cypress-io/request/compare/v2.88.10...v3.0.1)\n\nUpdates `cypress` from 9.7.0 to 13.1.0\n- [Release notes](https://github.com/cypress-io/cypress/releases)\n- [Changelog](https://github.com/cypress-io/cypress/blob/develop/CHANGELOG.md)\n- [Commits](https://github.com/cypress-io/cypress/compare/v9.7.0...v13.1.0)\n\n---\nupdated-dependencies:\n- dependency-name: \"@cypress/request\"\n  dependency-type: indirect\n- dependency-name: cypress\n  dependency-type: direct:development\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"Chore(deps): Bump @cypress/request and cypress"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEP_CP2QA","startCursor":null,"endCursor":null}},"title":"Activity · cryptoadvance/specter-desktop"}