npm - nothumanallowed - Versions diffs - 13.5.145 → 13.5.147 - Mend

nothumanallowed 13.5.145 → 13.5.147

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nothumanallowed",
-  "version": "13.5.145",
+  "version": "13.5.147",
   "description": "NotHumanAllowed — 38 AI agents, 80 tools, Studio (visual agentic workflows). Email, calendar, browser automation, screen capture, canvas, cron/heartbeat, Alexandria E2E messaging, GitHub, Notion, Slack, voice chat, free AI (Liara), 28 languages. Zero-dependency CLI.",
   "type": "module",
   "bin": {

package/src/commands/ui.mjs CHANGED Viewed

@@ -4979,6 +4979,8 @@ ${completedHeadings ? `## SECTIONS ALREADY WRITTEN (headings only):\n${completed
               html = html.replace(/<meta[^>]+X-Frame-Options[^>]*>/gi, '');
               // Remove Content-Security-Policy meta http-equiv (server sets it via helmet with sandbox-safe values)
               html = html.replace(/<meta[^>]+http-equiv=["']Content-Security-Policy["'][^>]*>/gi, '');
+              // Remove upgrade-insecure-requests directive if present in any remaining CSP meta
+              html = html.replace(/upgrade-insecure-requests\s*;?\s*/gi, '');
               // Remove frame-ancestors none/self directives from any remaining CSP meta
               html = html.replace(/<meta[^>]+content=["'][^"']*frame-ancestors[^"']*["'][^>]*>/gi, '');
               if (html.length !== before) {
@@ -5242,9 +5244,15 @@ module.exports = { validateEmail, sanitizeText, validatePassword, validateUserna
             [/require\(['"]\.\/config\/redis['"]\)/g,                  "require('../services/cache')"],
             [/require\(['"]\.\.\/services\/redis['"]\)/g,             "require('../services/cache')"],
             [/require\(['"]\.\/services\/redis['"]\)/g,               "require('../services/cache')"],
-            // email utils: LLM puts utils/email but file is in services/email
+            // email utils: LLM puts utils/email or services/emailService but file is services/email
             [/require\(['"]\.\.\/utils\/email['"]\)/g,                 "require('../services/email')"],
             [/require\(['"]\.\/utils\/email['"]\)/g,                   "require('./services/email')"],
+            [/require\(['"]\.\.\/services\/emailService['"]\)/g,       "require('../services/email')"],
+            [/require\(['"]\.\/services\/emailService['"]\)/g,         "require('./services/email')"],
+            [/require\(['"]\.\.\/services\/mailer['"]\)/g,             "require('../services/email')"],
+            [/require\(['"]\.\/services\/mailer['"]\)/g,               "require('./services/email')"],
+            [/require\(['"]\.\.\/utils\/mailer['"]\)/g,                "require('../services/email')"],
+            [/require\(['"]\.\/utils\/mailer['"]\)/g,                  "require('./services/email')"],
             // config module: LLM generates require('../../config') or require('../config')
             [/require\(['"]\.\.\/\.\.\/config['"]\)/g,                 "{env:process.env}"],
             [/require\(['"]\.\.\/config['"]\)/g,                       "{env:process.env}"],
@@ -5276,6 +5284,8 @@ module.exports = { validateEmail, sanitizeText, validatePassword, validateUserna
             // nodemailer: LLM calls createTransporter (wrong) instead of createTransport (correct)
             [/nodemailer\.createTransporter\s*\(/g,                    "nodemailer.createTransport("],
             [/\{createTransporter\s*:/g,                               "{createTransport:"],
+            // helmet: upgradeInsecureRequests forces HTTPS on local sandbox — always disable it
+            [/upgradeInsecureRequests\s*:\s*(?:true|\{\}|undefined)/g, "upgradeInsecureRequests: false"],
           ];
           function patchJsFiles(dir, rootDir) {
             if (!fs.existsSync(dir)) return;

package/src/constants.mjs CHANGED Viewed

@@ -5,7 +5,7 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
-export const VERSION = '13.5.145';
+export const VERSION = '13.5.147';
 export const BASE_URL = 'https://nothumanallowed.com/cli';
 export const API_BASE = 'https://nothumanallowed.com/api/v1';