hiro/tridactyl
1
0
Fork 0
mirror of https://github.com/vale981/tridactyl synced 2025-03-06 01:51:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
3229 commits 128 branches 79 tags 35 MiB
Commit graph

3229 commits

This branch
This branch
All branches
Author SHA1 Message Date
dependabot-preview[bot]
af5afd2746
Bump rss-parser from 3.7.1 to 3.7.2 
Bumps [rss-parser](https://github.com/bobby-brennan/rss-parser) from 3.7.1 to 3.7.2.
- [Release notes](https://github.com/bobby-brennan/rss-parser/releases)
- [Commits](https://github.com/bobby-brennan/rss-parser/compare/v3.7.1...v3.7.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-04 06:05:43 +00:00
dependabot-preview[bot]
28a24bca24
Bump web-ext from 3.0.0 to 3.1.0 
Bumps [web-ext](https://github.com/mozilla/web-ext) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/mozilla/web-ext/releases)
- [Commits](https://github.com/mozilla/web-ext/compare/3.0.0...3.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-04 06:04:31 +00:00
dependabot-preview[bot]
61f848c237
Bump @types/node from 12.0.10 to 12.0.12 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 12.0.10 to 12.0.12.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-04 06:02:36 +00:00
dependabot-preview[bot]
d762d796d0
Bump marked from 0.6.2 to 0.6.3 
Bumps [marked](https://github.com/markedjs/marked) from 0.6.2 to 0.6.3.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Commits](https://github.com/markedjs/marked/compare/v0.6.2...v0.6.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-04 06:01:52 +00:00
Oliver Blanthorn
c13329ddfb
Merge pull request #1689 from tridactyl/dependabot/npm_and_yarn/ts-node-8.3.0 
Bump ts-node from 8.2.0 to 8.3.0
 2019-07-03 22:04:15 +01:00
dependabot-preview[bot]
fced30826a
Bump ts-node from 8.2.0 to 8.3.0 
Bumps [ts-node](https://github.com/TypeStrong/ts-node) from 8.2.0 to 8.3.0.
- [Release notes](https://github.com/TypeStrong/ts-node/releases)
- [Commits](https://github.com/TypeStrong/ts-node/compare/v8.2.0...v8.3.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-03 14:13:12 +00:00
Oliver Blanthorn
18f9a9e74c
Merge pull request #1702 from tridactyl/dependabot/npm_and_yarn/@types/node-12.0.10 
Bump @types/node from 12.0.8 to 12.0.10
 2019-07-03 15:11:50 +01:00
Oliver Blanthorn
7c6d6119e1
Merge pull request #1709 from tridactyl/dependabot/npm_and_yarn/tslint-etc-1.5.6 
Bump tslint-etc from 1.5.3 to 1.5.6
 2019-07-03 15:11:03 +01:00
Oliver Blanthorn
546c5cc7b0
Merge pull request #1712 from tridactyl/dependabot/npm_and_yarn/webpack-4.35.2 
Bump webpack from 4.34.0 to 4.35.2
 2019-07-03 15:10:51 +01:00
dependabot-preview[bot]
3f247cf504
Bump @types/node from 12.0.8 to 12.0.10 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 12.0.8 to 12.0.10.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-03 10:48:34 +00:00
dependabot-preview[bot]
57bb3081c3
Bump tslint-etc from 1.5.3 to 1.5.6 
Bumps [tslint-etc](https://github.com/cartant/tslint-etc) from 1.5.3 to 1.5.6.
- [Release notes](https://github.com/cartant/tslint-etc/releases)
- [Changelog](https://github.com/cartant/tslint-etc/blob/master/CHANGELOG.md)
- [Commits](https://github.com/cartant/tslint-etc/compare/v1.5.3...v1.5.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-03 10:47:47 +00:00
dependabot-preview[bot]
59cde6016a
Bump webpack from 4.34.0 to 4.35.2 
Bumps [webpack](https://github.com/webpack/webpack) from 4.34.0 to 4.35.2.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.34.0...v4.35.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-07-03 10:47:44 +00:00
Oliver Blanthorn
947501bad9
Merge pull request #1684 from tridactyl/dependabot/npm_and_yarn/typescript-3.5.2 
Bump typescript from 3.5.1 to 3.5.2
 2019-07-03 11:46:30 +01:00
Oliver Blanthorn
b9570a09fe
Merge pull request #1686 from tridactyl/dependabot/npm_and_yarn/@types/jest-24.0.15 
Bump @types/jest from 24.0.14 to 24.0.15
 2019-07-03 11:46:19 +01:00
Oliver Blanthorn
e2efc2f140
Merge pull request #1706 from tridactyl/dependabot/npm_and_yarn/selenium-webdriver-4.0.0-alpha.4 
Bump selenium-webdriver from 4.0.0-alpha.1 to 4.0.0-alpha.4
 2019-07-03 11:46:11 +01:00
Oliver Blanthorn
578edace98
Merge pull request #1703 from tridactyl/dependabot/npm_and_yarn/webpack-cli-3.3.5 
Bump webpack-cli from 3.3.4 to 3.3.5
 2019-07-03 11:45:46 +01:00
Oliver Blanthorn
1ad4ecfc07
Merge pull request #1701 from tridactyl/dependabot/npm_and_yarn/tslint-5.18.0 
Bump tslint from 5.17.0 to 5.18.0
 2019-07-03 11:45:34 +01:00
Oliver Blanthorn
1f49f4ac23
Merge pull request #1705 from grpala/master 
Add a reference to editor functions in :help bind
 2019-07-02 19:42:30 +01:00
Oliver Blanthorn
9cd4622c5c
Merge remote-tracking branch 'badbugs/master' 
This merge closes #1713.
 2019-07-02 16:50:58 +01:00
Colin Caine
df5c6f830b
release 1.16.1 2019-07-02 16:48:47 +01:00
Oliver Blanthorn
d129c47913
Switch to cmcaine's shell escape library 2019-07-02 16:48:47 +01:00
Colin Caine
a71398dc1e
nativeopen: fix shell escaping 2019-07-02 16:48:47 +01:00
Colin Caine
2e591272a5
hinting: make rapid mpv hint mode safe 2019-07-02 16:48:47 +01:00
Colin Caine
d2106c8b3e
release 1.16.0 2019-07-02 16:48:47 +01:00
Colin Caine
b53bbe9c01
script to thank contributors in changelog 2019-07-02 16:48:47 +01:00
Colin Caine
0faf4be41a
This allowed malicious web pages to send artificial key events to 
the  parsers for  all modes  except the  command line  (which has
always been protected inside an iframe).

If the native  messenger was not installed, the bug  could not be
exploited  for  any more  than  nuisance  attacks (closing  tabs,
quitting Firefox,  etc.). If the native  messenger was installed,
an attack using the mpv hint  mode (bound to `;v` by default) and
a specially crafted link would  allow an attacker to execute some
commands  in the  user's shell.  Due  to the  way hyperlinks  are
encoded,  it  would  require  more  cunning  than  the  Tridactyl
developers possess to usefully exploit as it is difficult to pass
arguments to commands.

This  did mean  that the  standard output  of mpv  (including the
attacker's URL) was  also available to an attacker  via pipes. We
are not  aware of any way  to abuse that with  commonly installed
utilities.

We are unaware of any pages exploiting this in the wild.

Nevertheless, this security regression  should not have happened.
A short incident report follows:

These  checks were  accidentally  removed when  key handling  was
rewritten in  September 2018. The PR  was reviewed, but it  was a
large PR and the regression was missed by the reviewers.

We became aware of the regression after a question in our support
chat prompted  @glacambre to check  on exactly how we  were using
`isTrusted` and they realised that we weren't using it any more.

We  will  shortly  introduce  automated testing  to  check  these
security properties that we rely on.

We will  consider adding a  check to continuous  integration that
flags any change  to files containing security  relevant code for
more detailed review.

Affected versions: - Tridactyl 1.14.0 - 1.14.10, 1.15.0.

Mitigation:

- Update to Tridactyl 1.16.0+ or 1.14.13+

- If  updating is  unfeasible, we  recommend removing  the native
messenger by running `:! pwd` in Tridactyl and then deleting that
directory from your filesystem.

-  If  you've  thought  of   a  clever  exploit,  please  contact
bovine3dom or cmcaine privately on Matrix or by email.
 2019-07-02 16:45:31 +01:00
dependabot-preview[bot]
50c7c68f93
Bump selenium-webdriver from 4.0.0-alpha.1 to 4.0.0-alpha.4 
Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.0.0-alpha.1 to 4.0.0-alpha.4.
- [Release notes](https://github.com/SeleniumHQ/selenium/releases)
- [Commits](https://github.com/SeleniumHQ/selenium/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-25 05:45:09 +00:00
Guillermo R. Palavecino
ed5d1b0bd4 Add a reference to editor functions in :help bind 2019-06-24 17:31:39 -03:00
dependabot-preview[bot]
10e7941eab
Bump webpack-cli from 3.3.4 to 3.3.5 
Bumps [webpack-cli](https://github.com/webpack/webpack-cli) from 3.3.4 to 3.3.5.
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/v3.3.4...v3.3.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-24 06:06:15 +00:00
dependabot-preview[bot]
49ea3a25dc
Bump tslint from 5.17.0 to 5.18.0 
Bumps [tslint](https://github.com/palantir/tslint) from 5.17.0 to 5.18.0.
- [Release notes](https://github.com/palantir/tslint/releases)
- [Changelog](https://github.com/palantir/tslint/blob/master/CHANGELOG.md)
- [Commits](https://github.com/palantir/tslint/compare/5.17.0...5.18.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-24 06:04:46 +00:00
Joao Sa
bf29d268cb sligtly increase wait for guiset write to reduce test failure 2019-06-23 21:39:37 -03:00
Joao Sa
bf3862f4df cmd.exe's echo doesn't take -n 2019-06-23 20:24:48 -03:00
Joao Sa
2a9ac030df Fix e2e tests on windows 
- Also slightly increased wait for setpref write to reduce test failure
 2019-06-23 19:25:27 -03:00
Joao Sa
0507bd4bbf Fix editor and rcfile encoding errors 2019-06-23 10:04:21 -03:00
Oliver Blanthorn
0486595154
Make ;v safer 2019-06-20 23:09:21 +01:00
dependabot-preview[bot]
79df58b9b6
Bump @types/jest from 24.0.13 to 24.0.14 
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 24.0.13 to 24.0.14.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-20 23:09:21 +01:00
dependabot-preview[bot]
0fb4725891
Bump @types/jest from 24.0.14 to 24.0.15 
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 24.0.14 to 24.0.15.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-17 09:14:40 +00:00
Oliver Blanthorn
be119b3d4e
Make ;v safer 2019-06-14 11:18:49 +01:00
dependabot-preview[bot]
dcab6eaac3
Bump typescript from 3.5.1 to 3.5.2 
Bumps [typescript](https://github.com/Microsoft/TypeScript) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/Microsoft/TypeScript/releases)
- [Commits](https://github.com/Microsoft/TypeScript/commits)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-14 08:47:48 +00:00
Oliver Blanthorn
0f784d9607
Merge pull request #1679 from tridactyl/dependabot/npm_and_yarn/@types/jest-24.0.14 
Bump @types/jest from 24.0.13 to 24.0.14
 2019-06-13 12:26:38 +01:00
Oliver Blanthorn
1dda427567
Merge pull request #1680 from tridactyl/dependabot/npm_and_yarn/webpack-4.34.0 
Bump webpack from 4.33.0 to 4.34.0
 2019-06-13 12:00:43 +01:00
dependabot-preview[bot]
95f5422949
Bump webpack from 4.33.0 to 4.34.0 
Bumps [webpack](https://github.com/webpack/webpack) from 4.33.0 to 4.34.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.33.0...v4.34.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-13 08:47:04 +00:00
dependabot-preview[bot]
1883bfa5e2
Bump @types/jest from 24.0.13 to 24.0.14 
Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 24.0.13 to 24.0.14.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-13 08:46:31 +00:00
Oliver Blanthorn
01fc419cfa
Merge pull request #1677 from tridactyl/dependabot/npm_and_yarn/@types/node-12.0.8 
Bump @types/node from 12.0.7 to 12.0.8
 2019-06-12 11:46:40 +02:00
dependabot-preview[bot]
a0f1c15020
Bump @types/node from 12.0.7 to 12.0.8 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 12.0.7 to 12.0.8.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-12 08:55:43 +00:00
Oliver Blanthorn
4e606091ea
Merge pull request #1676 from tridactyl/dependabot/npm_and_yarn/webpack-cli-3.3.4 
Bump webpack-cli from 3.3.2 to 3.3.4
 2019-06-12 08:36:38 +02:00
Oliver Blanthorn
ecb6686c59
Merge pull request #1674 from tridactyl/dependabot/npm_and_yarn/immer-3.1.3 
Bump immer from 3.1.2 to 3.1.3
 2019-06-12 08:34:49 +02:00
dependabot-preview[bot]
0949ea3840
Bump webpack-cli from 3.3.2 to 3.3.4 
Bumps [webpack-cli](https://github.com/webpack/webpack-cli) from 3.3.2 to 3.3.4.
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/v3.3.2...v3.3.4)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-11 08:54:30 +00:00
dependabot-preview[bot]
cd68885f13
Bump immer from 3.1.2 to 3.1.3 
Bumps [immer](https://github.com/immerjs/immer) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/immerjs/immer/releases)
- [Commits](https://github.com/immerjs/immer/compare/v3.1.2...v3.1.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2019-06-10 09:11:52 +00:00
Oliver Blanthorn
727de21e04
Merge pull request #1667 from tridactyl/dependabot/npm_and_yarn/@types/node-12.0.7 
Bump @types/node from 12.0.5 to 12.0.7
 2019-06-07 13:49:02 +01:00