You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tauri and Capacitor readDirectory/scanDirectory now preserve real filenames containing repeated dots instead of sanitizing them into different names
Tauri and Capacitor directory scans now skip unsafe native entries (/, \, null byte, ., ..) without altering valid filenames
Tauri and Capacitor renameFile now validate-and-reject unsafe names instead of silently stripping characters, so renaming to ...thinking.txt no longer writes a different filename
Tauri splitParentPath now picks the separator from the dominant separator of the parent portion rather than the last separator character, avoiding malformed paths when both / and \ appear
Added
isSafeEntryName validator in src/utils.ts plus a dedicated unit-test suite locking the accept/reject contract
Regression tests for Tauri and Capacitor scans with repeated-dot filenames, rename validator behavior, and mixed-separator path handling
ESLint dev tooling and config so npm run lint runs as part of release validation
Security
Bumped vite to ^7, vite-plugin-dts to ^5, and vitest to ^4 to clear advisories in their transitive deps (esbuild dev-server request leak, rollup path traversal, vite WebSocket file read, postcss XSS, minimatch/picomatch/brace-expansion ReDoS, lodash prototype pollution, ajv ReDoS)
Added postcss, rollup, and picomatch overrides to pin patched versions until vite/vitest publish updated lockfiles
