create-astro@5.0.0-beta.4
📦 astroView on GitHub →
🐛 2 fixes
Summary
This patch release addresses a security vulnerability in the `add` command by strictly validating inputs for integrations and adapters, preventing arbitrary values from being accepted.
🐛 Bug Fixes
- Fixed an issue where the `add` command or `--add` flag could accept arbitrary strings, potentially leading to command injection; it now only accepts valid integration and adapter npmjs.org names.
- Fixed an issue where `--add` could accept any kind of string, leading to different errors; it now only accepts values of valid integrations and adapters.