neovim/test at b06f8b174fdbb9edb93d7aa7f362faac950ab993 - neovim - Kyren's Code

mirrors/neovim

mirror of https://github.com/neovim/neovim.git synced 2026-05-24 05:40:08 +00:00

Files

History

zeertzjq b06f8b174f vim-patch:9.2.0435: [security]: backticks in 'path' may cause shell execution on completion

Problem:  [security]: Backticks enclosed shell commands in the 'path'
          option value are executed during completion (q1uf3ng).
Solution: Skip path entries containing backticks, add P_SECURE to 'path'
          option, so that it cannot be set from a modeline (for symmetry with
          the 'cdpath' option)

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvg

Supported by AI.

190cb3c2b9

Co-authored-by: Christian Brabandt <cb@256bit.org>

2026-05-06 07:23:07 +08:00

..

test: replace busted with local harness

2026-04-15 12:09:25 +01:00

feat(:restart): v:starttime, v:exitreason #39282

2026-04-22 13:40:41 -04:00

test: fix some type warnings (#37483 )

2026-01-21 15:11:47 +08:00

vim-patch:9.2.0442: completion: i_CTRL-X_CTRL-V doesn't use dict from customlist (#39614 )

2026-05-05 23:17:21 +00:00

build: remove unnecessary unit test code (#21940 )

2023-01-24 00:03:25 +01:00

vim-patch:9.2.0435: [security]: backticks in 'path' may cause shell execution on completion

2026-05-06 07:23:07 +08:00

vim-patch:9.2.0418: wildcards in expanded env vars reinterpreted by glob (#39517 )

2026-05-02 10:51:44 +08:00

_meta.lua

test: add finally() to meta file (#39388 )

2026-04-25 16:47:48 +08:00

.emmyrc.json

test: replace busted with local harness

2026-04-15 12:09:25 +01:00

.luarc.json

test: replace busted with local harness

2026-04-15 12:09:25 +01:00

assert.lua

test: replace busted with local harness

2026-04-15 12:09:25 +01:00

CMakeLists.txt

ci: drop cirrus #39321

2026-04-22 18:25:07 -04:00

format_string.lua

test: replace busted with local harness

2026-04-15 12:09:25 +01:00

harness.lua

ci: drop cirrus #39321

2026-04-22 18:25:07 -04:00

README.md

docs: dev-quickstart, dev-test #36304

2025-10-24 17:24:51 -07:00

reporter.lua

test: include test path in summary (#39141 )

2026-04-17 21:20:36 +08:00

run_tests.zig

fix(build): more changes to make zig 0.16.0 work

2026-04-21 12:46:01 +02:00

runner.lua

test: replace busted with local harness

2026-04-15 12:09:25 +01:00

testutil.lua

ci: ensure full sanitizer logs are shown in CI #39361

2026-04-25 10:33:39 -04:00

README.md

Moved to:

dev_test.txt