Commit Graph

7545 Commits

Author SHA1 Message Date
90e53bcc6a ci(spelling): turn off check-spelling action temporarily 2021-12-07 19:37:28 +01:00
44d8edea05 ci(spelling): automatically accept aliased commands (#10475)
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2021-12-07 18:09:34 +01:00
29b344a710 chore: update security docs and link to huntr.dev 2021-12-07 18:04:33 +01:00
841f3cb0bb ci: add check-spelling action (#10470)
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2021-12-02 12:17:00 +01:00
46e63340ee feat(branch): show mercurial bookmarks if used (#9948)
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-12-01 17:49:42 +01:00
c66fc00401 feat(updater): show command to update when update skipped (#10465) 2021-12-01 12:44:15 +01:00
e253661a9b Revert "ci: add check-spelling GitHub Action"
This reverts commit aef393bdce.
2021-12-01 12:25:58 +01:00
aef393bdce ci: add check-spelling GitHub Action 2021-12-01 12:20:46 +01:00
0e41181d54 chore: fix spelling errors across the project (#10459)
Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>
2021-12-01 12:20:31 +01:00
1c1d74c5ec chore: update new issue templates 2021-11-30 10:34:45 +01:00
f0f792fa6b feat(cli): add omz version command 2021-11-30 10:13:23 +01:00
bf303965e6 feat(aws): Adds the login option for AWS SSO (#9921) 2021-11-27 12:34:47 -08:00
58478d0888 feat(git): Add alias for rebasing to origin/main-branch (#10445) 2021-11-27 11:30:03 -08:00
8e5f3db305 feat(dotnet): add alias for dotnet build command (#10435)
Co-authored-by: Adam Cwyk <git@adamcwyk.dev>
2021-11-26 17:23:08 -08:00
452ddff763 feat(xcode): support .swiftpm as project file in xc (#10434) 2021-11-25 23:57:08 +01:00
0314604384 fix(lib): don't error if INSIDE_EMACS is not defined (#10443) 2021-11-25 23:55:21 +01:00
2b96b7c54b fix(updater): stop update if $ZSH is not a git repository (#10448)
Fixes #10448
2021-11-25 23:36:38 +01:00
15fd9c84de style(bundler): simplify bundled_commands array operations 2021-11-17 13:09:25 +01:00
98b4801548 fix(bundler): use BUNDLE_JOBS in bi to avoid config file change
When calling `bundle install` with `--jobs=<n>`, bundle persists this
argument in `.bundle/config`. If we run `BUNDLE_JOBS=<n> bundle install`
instead, this is not persisted.

Fixes #10425
2021-11-17 13:09:25 +01:00
ff09151d6b fix(bgnotify): avoid permission prompts by checking frontmost app ID (#10318)
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-11-17 11:44:04 +01:00
88e72e8a54 fix(docker-compose)!: check for old command instead of calling docker (#10409)
BREAKING CHANGE: the plugin now checks for the `docker-compose` command instead
of trying whether `docker compose` is a valid command. This means that if the
old command is still installed it will be used instead. To use `docker compose`,
uninstall any old copies of `docker-compose`.

Fixes #10409
2021-11-17 11:05:25 +01:00
b60b3f1842 fix(osx): deprecate osx plugin without symlink (#10428)
Fixes #10428
2021-11-17 10:53:17 +01:00
2b379ec42c feat(kn): add plugin for kn completion (#8927) 2021-11-17 10:33:48 +01:00
60b89cd264 feat(ssh-agent): add quiet option to silence plugin (#9659)
Closes #9659

Co-authored-by: Jeff Warner <jeff@develops.software>
2021-11-17 09:55:39 +01:00
fb12e41353 fix(install): fix backslash in printf when showing logo (#10422)
Fixes #10422
2021-11-16 19:24:32 +01:00
2c06852546 style(dirhistory): remove use of eval completely 2021-11-16 17:18:07 +01:00
b3ba9978cc fix(themes): fix potential command injection in pygmalion, pygmalion-virtualenv and refined
The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information
which results in a double evaluation of this information, so a malicious git repository
could trigger a command injection if the user cloned and entered the repository.

A similar method could be used in the refined theme. All themes have been patched against this
vulnerability.
2021-11-11 22:45:40 +01:00
72928432f1 fix(plugins): fix potential command injection in rand-quote and hitokoto
The `rand-quote` plugin uses quotationspage.com and prints part of its content to the
shell without sanitization, which could trigger command injection. There is no evidence
that this has been exploited, but this commit removes all possibility for exploit.

Similarly, the `hitokoto` plugin uses the hitokoto.cn website to print quotes to the
shell, also without sanitization. Furthermore, there is also no evidence that this has
been exploited, but with this change it is now impossible.
2021-11-11 22:45:24 +01:00
a263cdac9c fix(lib): fix potential command injection in title and spectrum functions
The `title` function unsafely prints its input without sanitization, which if used
with custom user code that calls it, it could trigger command injection.

The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is
changed in the user's shell environment with a carefully crafted value. This is
highly unlikely to occur (and if possible, other methods would be used instead),
but with this change the exploit of these two functions is now impossible.
2021-11-11 22:45:11 +01:00
06fc5fb129 fix(dirhistory): fix unsafe eval bug in back and forward widgets
The plugin unsafely processes directory paths in pop_past and pop_future.
This commit fixes that.
2021-11-11 22:44:28 +01:00
6cb41b70a6 fix(lib): fix omz_urldecode unsafe eval bug
The `omz_urldecode` function uses an eval to decode the input which can be
exploited to inject commands. This is used only in the svn plugin and it
requires a complex process to exploit, so it is highly unlikely to have been
used by an attacker.
2021-11-11 22:44:18 +01:00
1448d234d6 fix(dirhistory): fix Up/Down key bindings for Terminal.app
Reference: https://github.com/ohmyzsh/ohmyzsh/commit/7f49494#commitcomment-60117011
2021-11-11 17:20:07 +01:00
22de1d304c fix(command-not-found): pass arguments correctly in Termux (#10403) 2021-11-10 15:03:38 +01:00
1d166eaaa1 fix(cli): avoid git -C for compatibility with git < v1.8.5 (#10404) 2021-11-10 11:35:17 +01:00
e3f7b8aa57 fix(updater): avoid git -C for compatibility with git < v1.8.5 (#10404)
Fixes #10404
2021-11-10 11:21:59 +01:00
db19589fcf refactor(updater): simplify check for available updates 2021-11-09 19:56:53 +01:00
5c2440cb0c style(frontend-search): rename completion file to _frontend 2021-11-09 12:07:23 +01:00
9a11b34101 fix(cli): fix check for completion files in omz plugin load 2021-11-09 12:03:59 +01:00
3dc66bd367 fix(emotty): fix glyphs output width in emotty theme 2021-11-09 10:25:23 +01:00
4a74349635 feat(refined): allow selecting git branch by changing prefix to : (#10400) 2021-11-09 09:50:25 +01:00
e86c6f5e7f style: use -n flag in head and tail commands (#10391)
Co-authored-by: Marc Cornellà <hello@mcornella.com>
2021-11-09 09:04:10 +01:00
55682e3692 feat(tmux): set session name with ZSH_TMUX_DEFAULT_SESSION_NAME (#9063) 2021-11-08 15:32:09 +01:00
90903779b9 refactor(percol): fix style, bind keys for vi-mode and remove dependencies 2021-11-08 14:01:34 +01:00
b2f35a7b98 refactor(osx): Rename osx plugin to macos (#10341)
Apple changed the name of their operating system from OS X to macOS a number of years ago. This was overdue!

As per issue  #10311

* refactor(osx): rename `osx` plugin to `macos`
* refactor(macos): Add symbolic link from old `osx` plugin name.
2021-11-05 16:40:38 -07:00
7a2cb10625 fix(updater): stop update if connection unavailable 2021-11-05 19:47:29 +01:00
0520c2e309 docs: add Security Policy 2021-11-03 18:21:04 +01:00
9a02515c7c fix(command-not-found): pass arguments correctly in NixOS (#10381) 2021-11-03 13:17:23 +01:00
5e8905b4b2 feat(ys): increase color contrast with light color schemes (#10295) 2021-11-02 19:40:40 +01:00
79cf4b3ceb feat(dirhistory): support urxvt terminal key binding (#8370)
Closes #8370
2021-11-02 15:12:43 +01:00
7f494944e6 fix(dirhistory): fix ALT+Up/Down key bindings for Terminal.app 2021-11-02 15:12:43 +01:00