v0.5.105
·
557 commits
to main
since this release
What's Changed
- Pin workflow actions to full SHAs by @glenn-sorrentino in #1546
- Fix release-triggered docs screenshots startup by @glenn-sorrentino in #1547
- Disallow unapproved autonomous repo agents by @glenn-sorrentino in #1548
- Fix manual docs screenshots workflow permissions by @glenn-sorrentino in #1549
- Use PR flows for website and stats syncs by @glenn-sorrentino in #1550
- Simplify screenshot release automation by @glenn-sorrentino in #1551
- Publish screenshots to archive repo too by @glenn-sorrentino in #1552
- Use screenshots repo token for archive publish by @glenn-sorrentino in #1554
- Reuse screenshots automation branch without force-push by @glenn-sorrentino in #1555
- fix: avoid empty failure-signature runner aborts by @hushline-dev in #1559
- Qualify workflow PR heads by owner by @glenn-sorrentino in #1558
- Codex Daily: #1556 Codex transcript now logged to repo, risking secret leaks by @hushline-dev in #1562
- Require CSRF for alias deletion by @glenn-sorrentino in #1563
- Lock onboarding directory opt-out behavior by @glenn-sorrentino in #1564
- Codex Daily: #1557 Workflow PR auto-merge can target attacker forks by @hushline-dev in #1565
- Add workflow guard for qualified PR heads by @glenn-sorrentino in #1566
- Tighten audit environmental failure detection by @glenn-sorrentino in #1567
- Bound agent runner retry loops by @glenn-sorrentino in #1568
- Sanitize persisted agent run logs by @glenn-sorrentino in #1569
- Withhold failed check output from Codex prompts by @glenn-sorrentino in #1570
- Handle invalid email headers export input by @glenn-sorrentino in #1571
- Restore onboarding JavaScript bundle by @glenn-sorrentino in #1572
- Require full PGP armor for email body notifications by @glenn-sorrentino in #1573
- Add regression test for onboarding directory opt-out by @glenn-sorrentino in #1574
- Restore case-insensitive username uniqueness by @glenn-sorrentino in #1575
- Stop leaking internal user IDs on public profiles by @glenn-sorrentino in #1576
- Prevent resend message PGP substring bypass by @glenn-sorrentino in #1577
- Pin actionlint installation in workflow security checks by @glenn-sorrentino in #1578
Full Changelog: v0.5.104...v0.5.105
Contributors
glenn-sorrentino and hushline-dev