Skip to content

Bump @foxglove/rosmsg-serialization to 2.1.2#143

Merged
achim-k merged 1 commit into
mainfrom
achim/bump-rosmsg-serialization-dd3a
Jul 1, 2026
Merged

Bump @foxglove/rosmsg-serialization to 2.1.2#143
achim-k merged 1 commit into
mainfrom
achim/bump-rosmsg-serialization-dd3a

Conversation

@achim-k

@achim-k achim-k commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

Changelog

Reject invalid ROS 1 field names to prevent code injection (#141)

Docs

None

Description

Updates the release metadata for @foxglove/rosmsg-serialization ahead of the next package publication. This patch release includes the fix from #141 that rejects invalid ROS 1 field names before code generation, preventing crafted MessageDefinition schemas from executing arbitrary JavaScript.

Testing

  • yarn workspaces foreach -Rp --topological-dev --from @foxglove/rosmsg-serialization run build
  • yarn workspace @foxglove/rosmsg-serialization test

Links

None

Co-authored-by: Hans-Joachim Krauch <achim-k@users.noreply.github.com>
@achim-k achim-k requested a review from nidanin July 1, 2026 01:01
@achim-k achim-k marked this pull request as ready for review July 1, 2026 01:01
@achim-k achim-k merged commit eccbdee into main Jul 1, 2026
13 checks passed
@achim-k achim-k deleted the achim/bump-rosmsg-serialization-dd3a branch July 1, 2026 01:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

3 participants