mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-06-10 08:32:09 +00:00
92dfd70d6a
* fix(photon): override transitive CVEs in the sidecar deps `npm audit` flagged 7 high-severity transitive CVEs (protobufjs code injection GHSA-66ff-xgx4-vchm + outdated @opentelemetry OTLP exporters) pulled in via spectrum-ts -> @photon-ai/otel. npm's suggested fix downgrades spectrum-ts to a version that targets the decommissioned spectrum host, so instead pin patched versions via `overrides` (protobufjs 8.6.1, @opentelemetry/* 0.218.0) without touching spectrum-ts. `npm audit` -> 0; spectrum-ts + provider still import. * fix(photon): harden the sidecar bridge + bound the dedup cache - constant-time sidecar control-token comparison (was `!==`, timing-attackable). - cap the control-channel request body (2 MiB) so a compromised local peer can't OOM the sidecar. - wrap the inbound gRPC stream consumer in a re-subscribe loop with capped exponential backoff + jitter — if the async iterator throws/ends it would otherwise stop inbound forever (the adapter dedupes any replay). - add an unhandledRejection handler so a stray rejection logs instead of killing the process. - dedup cache (adapter) was a true bounded LRU only for expired entries; a burst of unique ids within the window grew it without limit. Evict oldest at the cap. * chore: add AUTHOR_MAP entry for PhilipAD --------- Co-authored-by: PhilipAD <philipadsouza@gmail.com> |
||
|---|---|---|
| .. | ||
| browser | ||
| dashboard_auth | ||
| image_gen | ||
| memory | ||
| model_providers | ||
| platforms/photon | ||
| transcription | ||
| tts | ||
| video_gen | ||
| web | ||
| __init__.py | ||
| test_achievements_plugin.py | ||
| test_disk_cleanup_plugin.py | ||
| test_google_meet_audio.py | ||
| test_google_meet_node.py | ||
| test_google_meet_plugin.py | ||
| test_google_meet_realtime.py | ||
| test_kanban_attachments.py | ||
| test_kanban_dashboard_plugin.py | ||
| test_kanban_worker_runs.py | ||
| test_langfuse_plugin.py | ||
| test_nemo_relay_plugin.py | ||
| test_plugin_dashboard_auth_contract.py | ||
| test_retaindb_plugin.py | ||
| test_security_guidance_plugin.py | ||
| test_teams_pipeline_plugin.py | ||