marathon

studio/marathon

Fork 0

Commit Graph

Author	SHA1	Message	Date
Sienna Meridian Satterwhite	7c64de9795	fix(deps): update lru to 0.16.3 to address Dependabot alert #1 Addresses CVE regarding IterMut violating Stacked Borrows in lru crate. Changes: - Update lru v0.16.2 -> v0.16.3 (patched version) - Remove vulnerable lru v0.12.5 and v0.13.0 - Update ratatui v0.29 -> v0.30 in marathonctl - Remove unnecessary ratatui/crossterm from app crate - Update pkarr v5.0.0 -> v5.0.2 - Bump libmarathon v0.1.1 -> v0.1.2 - Bump marathonctl dependency on libmarathon to 0.1.2 All lru versions now use the patched 0.16.3 release. Fixes: https://github.com/r3t-studios/marathon/security/dependabot/1 Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-07 19:15:10 +00:00
Sienna Meridian Satterwhite	303ea7d8e0	chore(marathonctl): add crates.io metadata for publishing Add package metadata required for crates.io publication: - Description - MIT license - Repository URL - Keywords and categories - Version requirement for libmarathon dependency Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-07 19:15:10 +00:00
Sienna Meridian Satterwhite	25550e2165	fix(security): redact sensitive session IDs in marathonctl output Addresses CodeQL cleartext-logging alerts (#1, #2, #3) by implementing session ID redaction for CLI output. Changes: - Extract marathonctl into standalone crate (crates/marathonctl) - Add session ID redaction showing only first 8 characters by default - Add --show-sensitive/-s flag for full session IDs when debugging - Implement beautiful ratatui-based UI module with inline viewport - Add .envrc to .gitignore for secure token management - Document GitHub token setup in CONTRIBUTING.md The CLI now provides a secure-by-default experience while maintaining debugging capabilities through explicit opt-in flags. Session IDs are redacted to format "abc-def-..." unless --show-sensitive is specified. UI module provides easy-to-use builder APIs (ui::table, ui::grid, ui::list) that render beautiful terminal output without hijacking the terminal. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-07 19:15:10 +00:00

Author

SHA1

Message

Date

Sienna Meridian Satterwhite

7c64de9795

fix(deps): update lru to 0.16.3 to address Dependabot alert #1

Addresses CVE regarding IterMut violating Stacked Borrows in lru crate.

Changes:
- Update lru v0.16.2 -> v0.16.3 (patched version)
- Remove vulnerable lru v0.12.5 and v0.13.0
- Update ratatui v0.29 -> v0.30 in marathonctl
- Remove unnecessary ratatui/crossterm from app crate
- Update pkarr v5.0.0 -> v5.0.2
- Bump libmarathon v0.1.1 -> v0.1.2
- Bump marathonctl dependency on libmarathon to 0.1.2

All lru versions now use the patched 0.16.3 release.

Fixes: https://github.com/r3t-studios/marathon/security/dependabot/1

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-07 19:15:10 +00:00

Sienna Meridian Satterwhite

303ea7d8e0

chore(marathonctl): add crates.io metadata for publishing

Add package metadata required for crates.io publication:
- Description
- MIT license
- Repository URL
- Keywords and categories
- Version requirement for libmarathon dependency

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-07 19:15:10 +00:00

Sienna Meridian Satterwhite

25550e2165

fix(security): redact sensitive session IDs in marathonctl output

Addresses CodeQL cleartext-logging alerts (#1, #2, #3) by implementing
session ID redaction for CLI output.

Changes:
- Extract marathonctl into standalone crate (crates/marathonctl)
- Add session ID redaction showing only first 8 characters by default
- Add --show-sensitive/-s flag for full session IDs when debugging
- Implement beautiful ratatui-based UI module with inline viewport
- Add .envrc to .gitignore for secure token management
- Document GitHub token setup in CONTRIBUTING.md

The CLI now provides a secure-by-default experience while maintaining
debugging capabilities through explicit opt-in flags. Session IDs are
redacted to format "abc-def-..." unless --show-sensitive is specified.

UI module provides easy-to-use builder APIs (ui::table, ui::grid, ui::list)
that render beautiful terminal output without hijacking the terminal.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-07 19:15:10 +00:00

3 Commits