Skip to content

fix(updatenotification): harden git command execution + simplify checkUpdates#4115

Draft
KristjanESPERANTO wants to merge 2 commits intoMagicMirrorOrg:developfrom
KristjanESPERANTO:fix/updatenotification
Draft

fix(updatenotification): harden git command execution + simplify checkUpdates#4115
KristjanESPERANTO wants to merge 2 commits intoMagicMirrorOrg:developfrom
KristjanESPERANTO:fix/updatenotification

Conversation

@KristjanESPERANTO
Copy link
Copy Markdown
Collaborator

@KristjanESPERANTO KristjanESPERANTO commented Apr 19, 2026

This fixes CodeQL alert #16 by replacing shell-built git commands with execFile + cwd in updatenotification’s git_helper.

It also includes a small cleanup in checkUpdates() (remove unnecessary async/Promise wrapper) and updates the related unit tests.

@KristjanESPERANTO
fix(updatenotification): harden git command execution
9200001 
Use execFile with cwd and variadic git arguments to avoid shell
interpretation of repository paths and resolve CodeQL alert #16.

Update unit tests to cover the refactored execGit API.
@KristjanESPERANTO
refactor(updatenotification): simplify checkUpdates
7842bed 
Remove the unnecessary async Promise wrapper in checkUpdates and
use a direct loop over collected repository info.
@KristjanESPERANTO KristjanESPERANTO marked this pull request as draft April 19, 2026 18:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@KristjanESPERANTO