nothumanallowed 13.5.144 → 13.5.146
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/commands/ui.mjs +7 -0
- package/src/constants.mjs +1 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nothumanallowed",
|
|
3
|
-
"version": "13.5.
|
|
3
|
+
"version": "13.5.146",
|
|
4
4
|
"description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
package/src/commands/ui.mjs
CHANGED
|
@@ -4979,6 +4979,8 @@ ${completedHeadings ? `## SECTIONS ALREADY WRITTEN (headings only):\n${completed
|
|
|
4979
4979
|
html = html.replace(/<meta[^>]+X-Frame-Options[^>]*>/gi, '');
|
|
4980
4980
|
// Remove Content-Security-Policy meta http-equiv (server sets it via helmet with sandbox-safe values)
|
|
4981
4981
|
html = html.replace(/<meta[^>]+http-equiv=["']Content-Security-Policy["'][^>]*>/gi, '');
|
|
4982
|
+
// Remove upgrade-insecure-requests directive if present in any remaining CSP meta
|
|
4983
|
+
html = html.replace(/upgrade-insecure-requests\s*;?\s*/gi, '');
|
|
4982
4984
|
// Remove frame-ancestors none/self directives from any remaining CSP meta
|
|
4983
4985
|
html = html.replace(/<meta[^>]+content=["'][^"']*frame-ancestors[^"']*["'][^>]*>/gi, '');
|
|
4984
4986
|
if (html.length !== before) {
|
|
@@ -5273,6 +5275,11 @@ module.exports = { validateEmail, sanitizeText, validatePassword, validateUserna
|
|
|
5273
5275
|
[/require\(['"]\.\/middleware\/rateLimit['"]\)/g, "require('./middleware/security')"],
|
|
5274
5276
|
[/require\(['"]\.\.\/middleware\/limiter['"]\)/g, "require('../middleware/security')"],
|
|
5275
5277
|
[/require\(['"]\.\/middleware\/limiter['"]\)/g, "require('./middleware/security')"],
|
|
5278
|
+
// nodemailer: LLM calls createTransporter (wrong) instead of createTransport (correct)
|
|
5279
|
+
[/nodemailer\.createTransporter\s*\(/g, "nodemailer.createTransport("],
|
|
5280
|
+
[/\{createTransporter\s*:/g, "{createTransport:"],
|
|
5281
|
+
// helmet: upgradeInsecureRequests forces HTTPS on local sandbox — always disable it
|
|
5282
|
+
[/upgradeInsecureRequests\s*:\s*(?:true|\{\}|undefined)/g, "upgradeInsecureRequests: false"],
|
|
5276
5283
|
];
|
|
5277
5284
|
function patchJsFiles(dir, rootDir) {
|
|
5278
5285
|
if (!fs.existsSync(dir)) return;
|
package/src/constants.mjs
CHANGED
|
@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
|
|
|
5
5
|
const __filename = fileURLToPath(import.meta.url);
|
|
6
6
|
const __dirname = path.dirname(__filename);
|
|
7
7
|
|
|
8
|
-
export const VERSION = '13.5.
|
|
8
|
+
export const VERSION = '13.5.146';
|
|
9
9
|
export const BASE_URL = 'https://nothumanallowed.com/cli';
|
|
10
10
|
export const API_BASE = 'https://nothumanallowed.com/api/v1';
|
|
11
11
|
|