Skip to content

fix(version): Fail if the 'cmd' source is used in .nvchecker.toml

The cmd source allows nvchecker to use a shell command line to get versions. Using this source within .nvchecker.toml would result in pkgctl version {check,upgrade} to run arbitrary commands which isn't desirable, as it can lead to various issues (e.g. missing packages / dependencies to run said commands or even executing malicious commands in hypothetical worst case scenarios).

2025-01-04_11-14

Edited by Robin Candau

Merge request reports

Loading