Danny Avila 2b09879faf fix: require browser binding (CSRF/session) for failFlow on OAuth error ... hasActiveFlow only proves a PENDING flow exists, not that the caller is the same browser that initiated it. An attacker with a leaked state could force-fail the flow without any user binding. Require hasCsrf or hasSession before calling failFlow on the oauthError path.		2026-04-03 20:39:40 -04:00
..
app	📎 fix: Route Unrecognized File Types via supportedMimeTypes Config (#12508)	2026-04-01 23:04:43 -04:00
cache	🚦 fix: ERR_ERL_INVALID_IP_ADDRESS and IPv6 Key Collisions in IP Rate Limiters (#12319)	2026-03-19 21:48:03 -04:00
config	🪵 fix: Standardize Logging Directory with Environment-Aware Resolution (#11000)	2025-12-16 18:00:06 -05:00
db	🐛 fix: Resolve MeiliSearch Startup Sync Failure from Model Loading Order (#12397)	2026-03-25 14:02:44 -04:00
models	🗑️ chore: Remove Action Test Suite and Update Mock Implementations (#12268)	2026-03-21 14:28:55 -04:00
server	fix: require browser binding (CSRF/session) for failFlow on OAuth error	2026-04-03 20:39:40 -04:00
strategies	🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472)	2026-03-30 22:49:44 -04:00
test	🗂️ refactor: Migrate S3 Storage to TypeScript in packages/api (#11947)	2026-03-21 14:28:55 -04:00
utils	🧹 chore: Remove Deprecated Gemini 2.0 Models & Fix Mistral-Large-3 Context Window (#12453)	2026-03-28 23:44:58 -04:00
jest.config.js	📏 refactor: Add File Size Limits to Conversation Imports (#12221)	2026-03-14 03:06:29 -04:00
jsconfig.json	feat(api): initial Redis support; fix(SearchBar): proper debounce (#1039)	2023-10-11 17:05:47 -04:00
package.json	📦 chore: Bump mongodb-memory-server to v11.0.1, mermaid to v11.14.0, npm audit (#12543)	2026-04-03 17:01:11 -04:00
typedefs.js	🪦 refactor: Remove Legacy Code (#10533)	2025-12-11 16:36:12 -05:00