Fix/security audit small#19
Merged
Merged
Conversation
cargo audit already gates the desktop crate; production JS dependencies had no advisory scan in CI. Add audit:js and run it in branch-checks and main CI so known npm advisories fail the pipeline. Fixes audit F-11 (partial — triage/allowlist policy still open). Co-authored-by: Cursor <cursoragent@cursor.com>
MAVLink and CRSF decoders could propagate NaN/Infinity into TelemetryState, poisoning stats and downstream geo math without an obvious UI failure. Apply finiteOrNull at store update boundaries and drop invalid voltage paths. Fixes audit F-08. Co-authored-by: Cursor <cursoragent@cursor.com>
Video URLs from localStorage or env were passed straight into img/video src,
and custom map tile env vars had no scheme check. Sanitize to http/https only,
reject credential URLs and dangerous schemes, and preserve tile {z}/{x}/{y}
placeholders.
Fixes audit F-17.
Co-authored-by: Cursor <cursoragent@cursor.com>
The attitude HUD already dimmed after 3 s without packets, but the sidebar and map drone marker still looked live. Dim sidebar metrics, grey the drone point, and hide ground-target overlay while link data is stale. Fixes audit F-04 (partial). Co-authored-by: Cursor <cursoragent@cursor.com>
Reason codes were hidden whenever quality was warn but coordinates still rendered, which understates trust risk. Always list active reason codes with human labels and show a calibration/datum caveat on warn estimates. Fixes audit F-09 (partial). Co-authored-by: Cursor <cursoragent@cursor.com>
Port and parser error handlers only logged; the MAVLink transform and serial handle could stay open after a fault. Remove listeners, destroy the parser stream, and close the port on disconnect or error so reconnect stays reliable. Fixes audit F-18. Co-authored-by: Cursor <cursoragent@cursor.com>
Sync root package.json after the six incremental security/safety commits on this branch. Co-authored-by: Cursor <cursoragent@cursor.com>
Replace require() inside vi.hoisted with plain mock objects so @typescript-eslint/no-require-imports passes in CI while keeping the disconnect teardown assertion. Co-authored-by: Cursor <cursoragent@cursor.com>
Vite pulled esbuild 0.28.0, which fails pnpm audit --prod (GHSA-gv7w-rqvm-qjhr and GHSA-g7r4-m6w7-qqqr). Pin esbuild >= 0.28.1 via pnpm overrides so the production dependency audit step passes in CI. Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.