Skip to content

Commit 80dc3f0

Browse files
committed
chore(plans): close out plan 004 (already shipped in #70)
Plan 004's fix was independently implemented and merged in PR #70 (commit 9e2cfeb, 'fix(plugin-git): guard revisions against argument injection'), matching the plan's spec exactly: isSafeRevision guard in node/git.ts, --end-of-options + guard in log.ts and show.ts, and the same injection-guard tests in git.test.ts. Verified: git plugin tests (16/16), typecheck, and lint all pass clean. Marking the plan DONE and removing the now-stale plan file.
1 parent 48aa791 commit 80dc3f0

2 files changed

Lines changed: 1 addition & 215 deletions

File tree

plans/004-git-argument-injection.md

Lines changed: 0 additions & 214 deletions
This file was deleted.

plans/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ changes are allowed as long as they're marked).
1616
| 001 | Add missing `typecheck` scripts (inspect + 5 examples) | dx | P1 | S || DONE (partial — see note) |
1717
| 002 | Clear the critical `shell-quote` advisory in the bundle | security/deps | P1 | S || DONE |
1818
| 003 | Reject cross-origin WebSocket upgrades ⚠️ | security | P1 | S || DONE |
19-
| 004 | Stop git argument injection via `ref`/`hash` | security/bug | P1 | S || TODO |
19+
| 004 | Stop git argument injection via `ref`/`hash` | security/bug | P1 | S || DONE |
2020
| 005 | Don't cache a rejected RPC `setup()` promise | bug | P1 | S || DONE |
2121
| 006 | Bound `SharedState.syncIds` (memory leak) | bug | P1 | S || DONE |
2222
| 007 | Behavioral tests for the auth/OTP trust boundary | tests | P1 | S || DONE |

0 commit comments

Comments
 (0)