Skip to content

@stripe/link-cli@0.4.3

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 05 May 11:38
· 1 commit to main since this release
@stripe/link-cli@0.4.3
5f0e206
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Patch Changes

  • 59a0fe1: Restrict the auth config file (config.json) to mode 0o600. The file holds OAuth access + refresh tokens and, during a pending login, a device_code. Previously it inherited conf's default (0o666 masked by umask, typically 0o644), which let other local users read the credentials and, during a login, race the legitimate poll loop to /device/token. Existing files are remediated automatically on the next config write.
Assets 2
Loading