Commits · 841f3cb0bb7663fa1062ffc59acb7b4581dc1d0f · Alexander Hess / oh-my-zsh

Dec 02, 2021
- ci: add `check-spelling` action (#10470) · 841f3cb0
  Josh Soref authored Dec 02, 2021
```
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
```
  841f3cb0
Dec 01, 2021
- feat(branch): show mercurial bookmarks if used (#9948) · 46e63340
  whoami authored Dec 01, 2021
```
Co-authored-by: Marc Cornellà <hello@mcornella.com>
```
  46e63340
- feat(updater): show command to update when update skipped (#10465) · c66fc004
  Nick Aldwin authored Dec 01, 2021
  
  c66fc004
- Revert "ci: add `check-spelling` GitHub Action" · e253661a
  Marc Cornellà authored Dec 01, 2021
```
This reverts commit aef393bd.
```
  e253661a
- ci: add `check-spelling` GitHub Action · aef393bd
  Marc Cornellà authored Dec 01, 2021
  
  aef393bd
- chore: fix spelling errors across the project (#10459) · 0e41181d
  Josh Soref authored Dec 01, 2021
```
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
```
  0e41181d
Nov 30, 2021
- chore: update new issue templates · 1c1d74c5
  Marc Cornellà authored Nov 30, 2021
  
  1c1d74c5
- feat(cli): add `omz version` command · f0f792fa
  Marc Cornellà authored Nov 30, 2021
  
  f0f792fa
Nov 27, 2021
- feat(aws): Adds the login option for AWS SSO (#9921) · bf303965
  Nicholas Hawkes authored Nov 27, 2021
  
  bf303965
- feat(git): Add alias for rebasing to origin/main-branch (#10445) · 58478d08
  Markus Hofbauer authored Nov 27, 2021
  
  58478d08
- feat(dotnet): add alias for `dotnet build` command (#10435) · 8e5f3db3
  Adam Cwyk authored Nov 27, 2021
```
Co-authored-by: Adam Cwyk <git@adamcwyk.dev>
```
  8e5f3db3
Nov 25, 2021
- feat(xcode): support `.swiftpm` as project file in `xc` (#10434) · 452ddff7
  Kyle authored Nov 26, 2021
  
  452ddff7
- fix(lib): don't error if `INSIDE_EMACS` is not defined (#10443) · 03146043
  Paul Scott authored Nov 25, 2021
  
  03146043
- fix(updater): stop update if `$ZSH` is not a git repository (#10448) · 2b96b7c5
  Marc Cornellà authored Nov 25, 2021
```
Fixes #10448
```
  2b96b7c5
Nov 17, 2021
- style(bundler): simplify `bundled_commands` array operations · 15fd9c84
  Marc Cornellà authored Nov 09, 2021
  
  15fd9c84
- fix(bundler): use BUNDLE_JOBS in `bi` to avoid config file change · 98b48015
  Marc Cornellà authored Nov 17, 2021
```
When calling `bundle install` with `--jobs=<n>`, bundle persists this
argument in `.bundle/config`. If we run `BUNDLE_JOBS=<n> bundle install`
instead, this is not persisted.

Fixes #10425
```
  98b48015
- fix(bgnotify): avoid permission prompts by checking frontmost app ID (#10318) · ff09151d
  Aurora authored Nov 17, 2021
```
Co-authored-by: Marc Cornellà <hello@mcornella.com>
```
  ff09151d
- fix(docker-compose)!: check for old command instead of calling `docker` (#10409) · 88e72e8a
  Marc Cornellà authored Nov 17, 2021
```
BREAKING CHANGE: the plugin now checks for the `docker-compose` command instead
of trying whether `docker compose` is a valid command. This means that if the
old command is still installed it will be used instead. To use `docker compose`,
uninstall any old copies of `docker-compose`.

Fixes #10409
```
  88e72e8a
- fix(osx): deprecate `osx` plugin without symlink (#10428) · b60b3f18
  Marc Cornellà authored Nov 17, 2021
```
Fixes #10428
```
  b60b3f18
- feat(kn): add plugin for `kn` completion (#8927) · 2b379ec4
  Brian Tannous authored Nov 17, 2021
  
  2b379ec4
- feat(ssh-agent): add `quiet` option to silence plugin (#9659) · 60b89cd2
  Marc Cornellà authored Nov 17, 2021
```
Closes #9659

Co-authored-by: Jeff Warner <jeff@develops.software>
```
  60b89cd2
Nov 16, 2021
- fix(install): fix backslash in `printf` when showing logo (#10422) · fb12e413
  Marc Cornellà authored Nov 16, 2021
```
Fixes #10422
```
  fb12e413
- style(dirhistory): remove use of `eval` completely · 2c068525
  Marc Cornellà authored Nov 16, 2021
  
  2c068525
Nov 11, 2021

fix(themes): fix potential command injection in `pygmalion`, `pygmalion-virtualenv` and `refined` · b3ba9978

Marc Cornellà authored Nov 09, 2021

The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information
which results in a double evaluation of this information, so a malicious git repository
could trigger a command injection if the user cloned and entered the repository.

A similar method could be used in the refined theme. All themes have been patched against this
vulnerability.

b3ba9978

fix(plugins): fix potential command injection in `rand-quote` and `hitokoto` · 72928432

Marc Cornellà authored Nov 09, 2021

The `rand-quote` plugin uses quotationspage.com and prints part of its content to the
shell without sanitization, which could trigger command injection. There is no evidence
that this has been exploited, but this commit removes all possibility for exploit.

Similarly, the `hitokoto` plugin uses the hitokoto.cn website to print quotes to the
shell, also without sanitization. Furthermore, there is also no evidence that this has
been exploited, but with this change it is now impossible.

72928432

fix(lib): fix potential command injection in `title` and `spectrum` functions · a263cdac

Marc Cornellà authored Nov 09, 2021

The `title` function unsafely prints its input without sanitization, which if used
with custom user code that calls it, it could trigger command injection.

The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is
changed in the user's shell environment with a carefully crafted value. This is
highly unlikely to occur (and if possible, other methods would be used instead),
but with this change the exploit of these two functions is now impossible.

a263cdac

fix(dirhistory): fix unsafe eval bug in back and forward widgets · 06fc5fb1
Marc Cornellà authored Nov 09, 2021
```
The plugin unsafely processes directory paths in pop_past and pop_future.
This commit fixes that.
```
06fc5fb1

fix(lib): fix `omz_urldecode` unsafe eval bug · 6cb41b70

Marc Cornellà authored Nov 08, 2021

The `omz_urldecode` function uses an eval to decode the input which can be
exploited to inject commands. This is used only in the svn plugin and it
requires a complex process to exploit, so it is highly unlikely to have been
used by an attacker.

6cb41b70

fix(dirhistory): fix Up/Down key bindings for Terminal.app · 1448d234
Marc Cornellà authored Nov 11, 2021
```
Reference: https://github.com/ohmyzsh/ohmyzsh/commit/7f49494#commitcomment-60117011
```
1448d234

Nov 10, 2021
- fix(command-not-found): pass arguments correctly in Termux (#10403) · 22de1d30
  Kirill Molchanov authored Nov 10, 2021
  
  22de1d30
- fix(cli): avoid `git -C` for compatibility with git < v1.8.5 (#10404) · 1d166eaa
  Marc Cornellà authored Nov 10, 2021
  
  1d166eaa
- fix(updater): avoid `git -C` for compatibility with git < v1.8.5 (#10404) · e3f7b8aa
  Marc Cornellà authored Nov 10, 2021
```
Fixes #10404
```
  e3f7b8aa
Nov 09, 2021
- refactor(updater): simplify check for available updates · db19589f
  Marc Cornellà authored Nov 09, 2021
  
  db19589f
- style(frontend-search): rename completion file to `_frontend` · 5c2440cb
  Marc Cornellà authored Nov 09, 2021
  
  5c2440cb
- fix(cli): fix check for completion files in `omz plugin load` · 9a11b341
  Marc Cornellà authored Nov 09, 2021
  
  9a11b341
- fix(emotty): fix glyphs output width in emotty theme · 3dc66bd3
  Marc Cornellà authored Nov 09, 2021
  
  3dc66bd3
- feat(refined): allow selecting git branch by changing prefix to `:` (#10400) · 4a743496
  Janusz Mordarski authored Nov 09, 2021
  
  4a743496
- style: use `-n` flag in `head` and `tail` commands (#10391) · e86c6f5e
  Kevin Burke authored Nov 09, 2021
```
Co-authored-by: Marc Cornellà <hello@mcornella.com>
```
  e86c6f5e
Nov 08, 2021
- feat(tmux): set session name with `ZSH_TMUX_DEFAULT_SESSION_NAME` (#9063) · 55682e36
  Shahin Sorkh authored Nov 08, 2021
  
  55682e36
- refactor(percol): fix style, bind keys for vi-mode and remove dependencies · 90903779
  Marc Cornellà authored Nov 08, 2021
  
  90903779