chore: deep-maintenance pass — fuzz fix, dep bumps, doc sync#1632
Merged
Conversation
…etic
arithmetic_fuzz CI run (2026-05-16) hit a string-slice panic in
`expand_brace_expr_in_arithmetic` when input like `${#arr[禧` lacked a
closing `]`: `end = rest.len() - 1` landed inside the trailing 3-byte
UTF-8 char, panicking the `&rest[bracket + 1..end]` slice.
Require `rest.ends_with(']')` before computing `end` so the slice is
always on a char boundary; malformed input now returns "0" gracefully,
matching the existing `${#[}` no-panic test (TM-DOS-029).
Add a UTF-8 regression test covering the exact crash artifact.
…on to AGENTS.md - specs/maintenance.md: #880 (ArgParser migration) and #881 (errexit helper) are both closed; replace the deferred-items table with a short note. - AGENTS.md: spec table was missing `credential-injection` (covered by specs/credential-injection.md). Add it next to the other security-adjacent entries.
Apply non-breaking upgrades reported by GitHub Dependabot: - site/: npm audit fix bumps astro 6.1.8→6.3.3 (low: GHSA-xr5h-phrj-8vxv, server-island replay), devalue 5.6.3→5.8.1 (high: GHSA-77vg-94rm-hx3p, sparse-array DoS), fast-uri 3.0.1→3.1.2 (high: GHSA-v39h-62p7-jpjc, GHSA-q3j6-qgpj-74h6). - examples/, crates/bashkit-js/: bump pinned langsmith override from 0.5.25 to ^0.6.0 to clear GHSA-3644-q5cj-c5c7 (untrusted-manifest deserialization). `npm install` confirms 0 vulnerabilities. - .deepsec/: bump deepsec 2.0.4→^2.0.8 to pull @anthropic-ai/sdk 0.93.0 (was 0.81.0) and clear GHSA-p7fg-763f-g4gf (insecure default file perms in the local filesystem tool). Remaining 5 moderate alerts in site/ live behind `@astrojs/check` and require a semver-major downgrade (0.9.8 → 0.9.2); they're devDeps only and not actionable inline.
Issue #287 (add base64 builtin) is closed and `base64` is registered in the default builtins macro, so the stub override in skills_tests is no longer needed. The 19 skills tests still pass against the real builtin.
…gelog
- crates/bashkit/docs/threat-model.md: 59 entries previously marked
**OPEN** or UNMITIGATED that the spec already records as **MITIGATED**
are updated to match (TM-DOS-035-040, TM-DOS-045-048, TM-DOS-029/031/
032/041-044/050-052/054/056/058, TM-ESC-012/013, TM-INF-015-017, etc.).
TM-DOS-057 follows the spec by becoming **PARTIAL** (sleep timeout is
WASM-only gap). TM-INF-018 stays **OPEN** — the spec marks it as
NEEDED rather than MITIGATED. Closes the drift called out in the
v0.6.0 changelog ("the final 6 OPEN entries are now marked mitigated").
- CHANGELOG.md: populate empty Unreleased section with the three commits
landed since v0.6.0 (interpreter fuzz fix, JS dependabot bumps, specs
housekeeping).
- cargo update pulls 29 patch-level bumps (aws-lc-rs 1.16.3→1.17.0, tower-http 0.6.8→0.6.10, russh 0.60.2→0.60.3, napi 3.8.6→3.9.0, wasm-bindgen 0.2.120→0.2.121, …). All direct deps were already on the latest minor/major per cargo outdated. - deny.toml: drop RUSTSEC-2026-0097 (rand) and RUSTSEC-2023-0071 (rsa); cargo deny reports `advisory-not-detected` for both — the underlying crates have already been upgraded out of the tree.
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
bashkit | 11b7ae8 | Commit Preview URL Branch Preview URL |
May 17 2026, 05:33 AM |
Reverts the lockfile portion of 1fa272b. CI's `cargo vet --locked` fails with 29 unvetted dependencies for the patch bumps, which require trusted-party certification imports that this branch can't perform from the sandbox. Patch bumps will land via dependabot's weekly group PRs (e.g. #1626) which already handle vet certification. The deny.toml cleanup from 1fa272b stays — both `advisory-not-detected` ignores are legitimately stale and the change is unrelated to vetting.
3 tasks
chaliy
added a commit
that referenced
this pull request
May 17, 2026
## Summary - `examples/package.json`: bump `@langchain/core` 0.3→1.1, `@langchain/langgraph` 0.2→1.3, `@langchain/openai` 0.5→1.4 (LangChain.js released v1 stable). - `examples/package.json`: bump the `langsmith` override from `0.5.25` to `^0.6.0` (clears GHSA-3644-q5cj-c5c7; already applied to maintenance branch in #1632, this PR keeps examples consistent). LangChain v1 kept the API surface used by `examples/langchain_agent.mjs` (`DynamicStructuredTool`, `ChatOpenAI`, `createReactAgent` from `@langchain/langgraph/prebuilt`) — no source changes needed. ## Test plan - [x] `npm install` clean, 0 vulnerabilities - [x] `node langchain_agent.mjs` reaches the OpenAI call (constructors + tool wiring work; expected `OpenAI credentials missing` exit) - [ ] CI green (`@everruns/bashkit` install + langchain integration tests) ## Notes - `examples/langchain_integration.mjs` requires a newer `@everruns/bashkit` than the latest published 0.1.10 (uses the `/langchain` subpath export). That's a pre-existing issue unrelated to this PR — surfaces whenever you `npm install` outside of CI's wheel/binding build. - `crates/bashkit-js/langchain.ts` already uses the same v1-compatible APIs; no binding code change. --- _Generated by [Claude Code](https://claude.ai/code/session_017dpq8SdNvefnUW6egJJJYR)_
This was referenced May 17, 2026
chaliy
added a commit
that referenced
this pull request
May 17, 2026
…8, deps (#1635) Follow-up to #1632 / #1633 — works through the deferred items the maintenance pass identified. ## Summary **1. `just vet` recipe (049d362)** Locally failed with `no such command: vet` because the recipe assumed cargo-vet was on PATH (CI installs it separately via `taiki-e/install-action`). Added a private `_ensure-vet` recipe that installs it on demand, and the three public recipes depend on it. Also pass `--locked` to match CI. **2. cargo update + supply-chain exemptions (6875e85)** Pulls 29 patch/minor transitive bumps (`aws-lc-rs` 1.16→1.17, `tower-http` 0.6.8→0.6.10, `russh` 0.60.2→0.60.3, `napi` 3.8→3.9, `wasm-bindgen` 0.2.120→0.2.121, …). Adds matching exemption entries in `supply-chain/config.toml` — every one of them is a patch/minor of a crate that already had an exemption for the prior version, consistent with the existing 594 exemptions the project accepts. Dependabot's weekly group PR will replace these with proper imported certifications via `cargo vet prune`. The previous attempt to land this hit the sandbox's inability to fetch import certs (cargo-vet's webpki-roots reject the proxy CA); exemptions avoid that. **3. Builtin count reconciliation (f9bfc3d)** README, `lib.rs` rustdoc, and bashkit-python README claimed 160. `compatibility.md` total said 150 with category counts summing to 110. `implementation-status.md` claimed 148+14=162. Authoritative count from the source: **142 always-on + 14 feature-gated = 156**. All five surfaces now agree. `compatibility.md`'s broken sub-category table is replaced with a two-row split that reconciles. **4. TM-INF-018 mitigation (04cebad)** Spec said the mitigation was "Configurable time source (fixed *or* offset)" but only the fixed variant was implemented. Adds `Bash::builder().epoch_offset(seconds)` which shifts `Utc::now()` by a constant — keeps elapsed-time semantics, blinds absolute wall-clock. `fixed_epoch` and `epoch_offset` are mutually exclusive on the builder (last call wins). Wired through `Date::with_offset_seconds`, `Interpreter::with_config`, and the builder. 4 unit + 4 integration tests. Spec and rustdoc threat-model doc now mark TM-INF-018 as **MITIGATED** (opt-in). **5. Crypto stack split tracking (fc36722, issue #1634)** RustCrypto 0.10/0.11 line split (`turso_core` / `aes-gcm 0.10` pull the old line; `bashkit` uses the new line directly). Cannot unify without upstream releases. Filed #1634 with watch conditions on `aes-gcm 0.11` and `turso_core 0.7+`. Added to `specs/maintenance.md` deferred-items table. ## Test plan - [x] `just vet` — passes locally now (was `error: no such command: vet`) - [x] `cargo build --workspace` clean - [x] `cargo test -p bashkit --lib` — 2239 pass - [x] `cargo test --test threat_model_tests tm_inf_018_date` — 4/4 pass - [x] `cargo clippy --workspace --all-targets -- -D warnings` clean - [x] `cargo fmt --check` clean - [x] `cargo vet --locked` succeeds (25 fully audited, 7 partially audited, 619 exempted) - [x] `cargo deny check` — advisories ok, bans ok, licenses ok, sources ok ## Not addressed (intentional) - Replacing `turso_core` to unblock the crypto split. Embedded SQLite via Turso is a core feature, not a swap candidate. Tracked in #1634. - Changing `date`'s default behavior to a virtual clock. That would be a breaking change for every embedder; `epoch_offset` is opt-in by design. --- _Generated by [Claude Code](https://claude.ai/code/session_017dpq8SdNvefnUW6egJJJYR)_
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pre-release maintenance run following
specs/maintenance.md.Summary
cargo update(29 patch bumps) and bumped JS/TS deps to clear 7 open Dependabot alerts (devalue, fast-uri, astro, langsmith, @anthropic-ai/sdk). Removed twoadvisory-not-detectedignores fromdeny.toml.${#arr[…}without closing]panicked on a UTF-8 char boundary). Added a regression test under TM-DOS-029.crates/bashkit/docs/threat-model.mdwithspecs/threat-model.md(59 staleOPENentries →MITIGATED/PARTIALper spec), populated empty## [Unreleased]in CHANGELOG, dropped the deferred-items table that pointed at closed issues Migrate 27 builtins from manual arg parsing to ArgParser #880/Extract errexit suppression propagation helper for compound commands #881, and added the missingcredential-injectionrow to the AGENTS.md spec table.cargo fmt --check,cargo clippy --all-targets --all-features -- -D warnings, andruff checkall clean. Removed the now-unusedBase64Stubtest helper (issue feat: add base64 builtin command #287 is closed, the real base64 builtin exists).Test plan
cargo build --workspaceafter dep updatecargo test --test threat_model_tests(200 passed)cargo test --test skills_tests(19 passed after stub removal)cargo fmt --checkcargo clippy --all-targets --all-features -- -D warningscargo deny checkcargo audit(only 2 transitive unmaintained warnings — ignored indeny.toml)ruff check crates/bashkit-pythonnpm auditclean inexamples/,crates/bashkit-js/;pnpm auditclean in.deepsec/; site has 0 high/critical remainingDeferred
datehost-time leak) — spec marks it NEEDED; configurable time source exists but isn't the default. Real implementation pending.turso_coreandaes-gcm.just vetrecipe is broken (cargo-vet not initialized) — out of scope.Generated by Claude Code