typebot.io

mirror of https://github.com/baptisteArno/typebot.io.git synced 2026-06-05 21:04:43 +08:00

History

Baptiste Arnaud b25c41b02b 🐛 Fix SSRF bypass via DNS rebinding in HTTP request and script fetch flows (#2461 ) - Add `createSafeDispatcher` with a `validatingLookup` that checks resolved IPs at TCP connection time, preventing DNS rebinding TOCTOU attacks (GHSA-hgqq-whf5-mrrf) - Pass the safe undici dispatcher in `safeFetchWithoutChunkedEncoding` (`ky.ts`) and in the isolated VM fetch wrapper (`executeFunction.ts`) - Export `parseIPAddress`, `validateIPAddress` and `ParsedIP` from `validateHttpReqUrl.ts` for reuse in the dispatcher - Add unit tests for `validatingLookup` and E2E test bot/spec for SSRF scenarios - Add `@types/bun` to `packages/lib` tsconfig --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-04-15 09:28:06 +00:00
..
auto-approve.yml	🔧 Auto-approve owner PRs (#2369 )	2026-01-25 08:01:58 +01:00
auto-create-tags.yml	🔧 Update GitHub Actions workflow to use CONTENTS_RW_PAT for GITHUB_TOKEN	2025-05-02 17:26:27 +02:00
daily.yml	🐛 Fix code scanning findings	2026-03-19 10:21:03 +01:00
deploy-partykit.yml	🐛 Fix code scanning findings	2026-03-19 10:21:03 +01:00
deploy-workflows.yml	🐛 Fix code scanning findings	2026-03-19 10:21:03 +01:00
hourly.yml	🐛 Fix code scanning findings	2026-03-19 10:21:03 +01:00
monthly.yml	🐛 Fix code scanning findings	2026-03-19 10:21:03 +01:00
publish-typebot-js.yml	🐛 Fix code scanning findings	2026-03-19 10:21:03 +01:00
publish-typebot-react.yml	🐛 Fix code scanning findings	2026-03-19 10:21:03 +01:00
release.yml	🔧 Migrate deprecated buildjet arm runner	2026-02-11 10:37:03 +01:00
stale.yml	🐛 Fix code scanning findings	2026-03-19 10:21:03 +01:00
typecheck.yml	🐛 Fix stored XSS via javascript: URI in bubble links (GHSA-hqmv-v56g-4m47) (#2435 )	2026-04-07 17:46:09 +02:00