cherry-pick: upstream deps/security commits (2026-02-08-2013)#115
Merged
cherry-pick: upstream deps/security commits (2026-02-08-2013)#115
Conversation
Thanks @YLChen-007. Co-authored-by: Edward-x <[email protected]> (cherry picked from commit 06289b3) # Conflicts: # src/plugins/config-state.ts
(cherry picked from commit cb4b3f7)
(cherry picked from commit 9a71607) # Conflicts: # CHANGELOG.md # README.md # src/agents/bash-tools.test.ts # src/auto-reply/reply/dispatch-from-config.test.ts # src/canvas-host/server.test.ts # src/media-understanding/apply.test.ts # src/plugins/loader.ts # ui/src/ui/app-chat.ts # ui/src/ui/app-gateway.ts
(cherry picked from commit 7d03cae)
(cherry picked from commit 67918dc) # Conflicts: # package.json
(cherry picked from commit d9c8199) # Conflicts: # package.json
(cherry picked from commit c5d7d11)
(cherry picked from commit 2cdfecd)
…tring (cherry picked from commit 201d7fa)
…ent LFI (openclaw#4880) * Media: restrict local path extraction to prevent LFI * Lint: remove unused variable hasValidMediaOnLine (cherry picked from commit c67df65)
(cherry picked from commit c0a6e67)
(cherry picked from commit 08ed628) # Conflicts: # docs/index.md # src/agents/pi-embedded-runner/model.test.ts # src/commands/auth-choice.apply.oauth.ts # src/commands/models.list.test.ts # src/commands/onboard-auth.credentials.ts
… build` by 5-10x. (cherry picked from commit 67945e8)
(cherry picked from commit 7626522)
(cherry picked from commit 88fe4de) # Conflicts: # package.json
(cherry picked from commit 86d38c2) # Conflicts: # src/imessage/send.ts
(cherry picked from commit d4ed79f)
(cherry picked from commit 1766cd4)
(cherry picked from commit 76361ae) # Conflicts: # openclaw.mjs # scripts/postinstall.js # scripts/run-node.mjs # scripts/watch-node.mjs # src/cli/browser-cli.test.ts # src/infra/control-ui-assets.ts # src/infra/gateway-lock.ts
(cherry picked from commit 247fab4) # Conflicts: # CHANGELOG.md # extensions/bluebubbles/package.json # extensions/copilot-proxy/package.json # extensions/diagnostics-otel/package.json # extensions/discord/package.json # extensions/google-antigravity-auth/package.json # extensions/google-gemini-cli-auth/package.json # extensions/googlechat/package.json # extensions/imessage/package.json # extensions/line/package.json # extensions/llm-task/package.json # extensions/lobster/package.json # extensions/matrix/package.json # extensions/mattermost/package.json # extensions/memory-core/package.json # extensions/memory-lancedb/package.json # extensions/msteams/package.json # extensions/nextcloud-talk/package.json # extensions/nostr/package.json # extensions/open-prose/package.json # extensions/signal/package.json # extensions/slack/package.json # extensions/telegram/package.json # extensions/tlon/package.json # extensions/twitch/package.json # extensions/voice-call/package.json # extensions/whatsapp/package.json # extensions/zalo/package.json # extensions/zalouser/package.json # package.json
(cherry picked from commit 1287328) # Conflicts: # README.md # src/agents/auth-profiles/external-cli-sync.ts # src/agents/model-auth.ts # src/commands/auth-choice-options.ts
… types resolve. (cherry picked from commit aa91f6e) # Conflicts: # extensions/bluebubbles/package.json # extensions/copilot-proxy/package.json # extensions/diagnostics-otel/package.json # extensions/discord/package.json # extensions/google-antigravity-auth/package.json # extensions/google-gemini-cli-auth/package.json # extensions/imessage/package.json # extensions/llm-task/package.json # extensions/lobster/package.json # extensions/mattermost/package.json # extensions/minimax-portal-auth/package.json # extensions/msteams/package.json # extensions/nextcloud-talk/package.json # extensions/nostr/package.json # extensions/open-prose/package.json # extensions/signal/package.json # extensions/slack/package.json # extensions/telegram/package.json # extensions/tlon/package.json # extensions/whatsapp/package.json # extensions/zalo/package.json
(cherry picked from commit 7d89855)
…w#4930) * fix(security): restrict inbound media staging to media directory * docs: update MEDIA path guidance for security restrictions - Update agent hint to warn against absolute/~ paths - Update docs example to use https:// instead of /tmp/ --------- Co-authored-by: Evan Otero <[email protected]> (cherry picked from commit 34e2425)
- Update @mariozechner/pi-ai and pi-agent-core to 0.50.9 - Rename cacheControlTtl to cacheRetention with values none/short/long - Add backwards compatibility mapping: 5m->short, 1h->long - Remove dead OpenRouter check (uses openai-completions API) - Default new configs to cacheRetention: short (cherry picked from commit ba4a55f) # Conflicts: # src/agents/pi-embedded-runner/extra-params.ts # src/config/defaults.ts
…penclaw#6398) * security(message-tool): validate filePath/path against sandbox root * style: translate Polish comments to English for consistency (cherry picked from commit 9b6fffd) # Conflicts: # src/agents/tools/message-tool.ts
…penclaw#4610) * security(web): sanitize WhatsApp accountId to prevent path traversal Apply normalizeAccountId() from routing/session-key to resolveDefaultAuthDir() so that malicious config values like "../../../etc" cannot escape the intended auth directory. Fixes openclaw#2692 * fix(web): check sanitized segment instead of full path in Windows test * style(web): fix oxfmt formatting in accounts test (cherry picked from commit 1bdd9e3) # Conflicts: # src/web/accounts.ts
(cherry picked from commit 2601f41) # Conflicts: # package.json
(cherry picked from commit e4d5721)
* Security: gate whatsapp_login by sender auth * Security: treat undefined senderAuthorized as unauthorized (opt-in) * fix: gate whatsapp_login to owner senders (openclaw#8768) (thanks @victormier) * fix: add explicit owner allowlist for tools (openclaw#8768) (thanks @victormier) * fix: normalize escaped newlines in send actions (openclaw#8768) (thanks @victormier) --------- Co-authored-by: Victor Mier <[email protected]> (cherry picked from commit 392bbdd) # Conflicts: # CHANGELOG.md # src/agents/pi-tools.ts # src/auto-reply/command-auth.ts
Adds comprehensive unit tests for Windows ACL inspection utilities: - resolveWindowsUserPrincipal: username resolution with fallback - parseIcaclsOutput: icacls output parsing - summarizeWindowsAcl: ACL entry classification (trusted/world/group) - inspectWindowsAcl: async ACL inspection with mocked exec - formatWindowsAclSummary: summary string formatting - formatIcaclsResetCommand: reset command string generation - createIcaclsResetCommand: structured reset command generation All 26 tests passing. Co-Authored-By: Claude Opus 4.5 <[email protected]> (cherry picked from commit f26cc60)
(cherry picked from commit 5031b28) # Conflicts: # CHANGELOG.md # appcast.xml # apps/android/app/build.gradle.kts # apps/ios/Sources/Info.plist # apps/ios/Tests/Info.plist # apps/ios/project.yml # apps/macos/Sources/OpenClaw/Resources/Info.plist # docs/platforms/mac/release.md # extensions/bluebubbles/package.json # extensions/copilot-proxy/package.json # extensions/diagnostics-otel/package.json # extensions/discord/package.json # extensions/feishu/package.json # extensions/google-antigravity-auth/package.json # extensions/google-gemini-cli-auth/package.json # extensions/googlechat/package.json # extensions/imessage/package.json # extensions/line/package.json # extensions/llm-task/package.json # extensions/lobster/package.json # extensions/matrix/CHANGELOG.md # extensions/matrix/package.json # extensions/mattermost/package.json # extensions/memory-core/package.json # extensions/memory-lancedb/package.json # extensions/minimax-portal-auth/package.json # extensions/msteams/CHANGELOG.md # extensions/msteams/package.json # extensions/nextcloud-talk/package.json # extensions/nostr/CHANGELOG.md # extensions/nostr/package.json # extensions/open-prose/package.json # extensions/signal/package.json # extensions/slack/package.json # extensions/telegram/package.json # extensions/tlon/package.json # extensions/twitch/CHANGELOG.md # extensions/twitch/package.json # extensions/voice-call/CHANGELOG.md # extensions/voice-call/package.json # extensions/whatsapp/package.json # extensions/zalo/CHANGELOG.md # extensions/zalo/package.json # extensions/zalouser/CHANGELOG.md # extensions/zalouser/package.json # package.json
(cherry picked from commit 460808e) # Conflicts: # package.json
* feat: add Claude Opus 4.6 to built-in model catalog - Update default model from claude-opus-4-5 to claude-opus-4-6 - Add opus-4.6 model ID normalization - Add claude-opus-4-6 to live model filter prefixes - Update image tool to prefer claude-opus-4-6 for vision - Add CLI backend alias for opus-4.6 - Update onboard auth default selections to include opus-4.6 - Update model picker placeholder Closes openclaw#9811 * test: update tests for claude-opus-4-6 default - Fix model-alias-defaults test to use claude-opus-4-6 - Fix image-tool test to expect claude-opus-4-6 in fallbacks * feat: support claude-opus-4-6 * docs: update changelog for opus 4.6 (openclaw#9853) (thanks @TinyTb) * chore: bump pi to 0.52.0 --------- Co-authored-by: Slurpy <[email protected]> Co-authored-by: Peter Steinberger <[email protected]> (cherry picked from commit eb80b9a) # Conflicts: # CHANGELOG.md # src/agents/model-selection.ts # src/agents/tools/image-tool.ts
* fix(runtime): bump minimum Node.js version to 22.12.0 Aligns the runtime guard with the declared package.json engines requirement. The Matrix plugin (and potentially others) requires Node >= 22.12.0, but the runtime guard previously allowed 22.0.0+. This caused confusing errors like 'Cannot find module @vector-im/matrix-bot-sdk' when the real issue was an unsupported Node version. - Update MIN_NODE from 22.0.0 to 22.12.0 - Update error message to reflect the correct version - Update tests to use 22.12.0 as the minimum valid version Fixes openclaw#5292 * fix: update test versions to match MIN_NODE=22.12.0 --------- Co-authored-by: Markus Glucksberg <[email protected]> (cherry picked from commit 2ca78a8)
* chore: apply local workspace updates * fix: resolve prep findings after rebase (openclaw#9898) (thanks @gumadeiras) * refactor: centralize model allowlist normalization (openclaw#9898) (thanks @gumadeiras) * fix: guard model allowlist initialization (openclaw#9911) * docs: update changelog scope for openclaw#9911 * docs: remove model names from changelog entry (openclaw#9911) * fix: satisfy type-aware lint in model allowlist (openclaw#9911) (cherry picked from commit 4629054) # Conflicts: # README.md # docs/bedrock.md # docs/concepts/model-providers.md # docs/concepts/models.md # docs/concepts/multi-agent.md # docs/gateway/cli-backends.md # docs/gateway/configuration-examples.md # docs/gateway/configuration.md # docs/gateway/heartbeat.md # docs/gateway/local-models.md # docs/help/faq.md # docs/providers/anthropic.md # docs/providers/index.md # docs/providers/minimax.md # docs/providers/models.md # docs/providers/openai.md # docs/providers/opencode.md # docs/providers/vercel-ai-gateway.md # docs/start/wizard-cli-reference.md # scripts/docs-i18n/util.go # src/agents/model-fallback.ts # src/agents/model-selection.ts # src/commands/auth-choice.apply.openai.ts # src/commands/onboard-non-interactive/local/auth-choice.ts
Add a more prominent security warning for multi-user DM setups: - Add blockquote security warning about context leakage - Include concrete example showing the privacy risk - Add "When to enable this" checklist - Clarify that default is fine for single-user setups Co-Authored-By: Claude Opus 4.5 <[email protected]> (cherry picked from commit b8004a2) # Conflicts: # docs/concepts/session.md
* Agents: bump pi-mono to 0.52.5 * Changelog: add PR reference for pi bump (cherry picked from commit 3299aeb) # Conflicts: # CHANGELOG.md
* security: add skill/plugin code safety scanner module * security: integrate skill scanner into security audit * security: add pre-install code safety scan for plugins * style: fix curly brace lint errors in skill-scanner.ts * docs: add changelog entry for skill code safety scanner * style: append ellipsis to truncated evidence strings * fix(security): harden plugin code safety scanning * fix: scan skills on install and report code-safety details * fix: dedupe audit-extra import * fix(security): make code safety scan failures observable * fix(test): stabilize smoke + gateway timeouts (openclaw#9806) (thanks @abdelsfane) --------- Co-authored-by: Darshil <[email protected]> Co-authored-by: Darshil <[email protected]> Co-authored-by: George Pickett <[email protected]> (cherry picked from commit bc88e58) # Conflicts: # src/commands/onboard-skills.ts # src/gateway/test-helpers.server.ts # src/plugins/install.test.ts # src/plugins/install.ts # src/security/audit-extra.ts # src/security/audit.test.ts
(cherry picked from commit 6f4665d) # Conflicts: # extensions/memory-lancedb/package.json
Add lockfile entries for: - @larksuiteoapi/node-sdk@^1.56.1 - @sinclair/[email protected] - zod@^4.3.6 Co-Authored-By: Claude Opus 4.5 <[email protected]> (cherry picked from commit 7e005ac)
…law#9858) * security: add skill/plugin code safety scanner module * security: integrate skill scanner into security audit * security: add pre-install code safety scan for plugins * style: fix curly brace lint errors in skill-scanner.ts * docs: add changelog entry for skill code safety scanner * security: redact credentials from config.get gateway responses The config.get gateway method returned the full config snapshot including channel credentials (Discord tokens, Slack botToken/appToken, Telegram botToken, Feishu appSecret, etc.), model provider API keys, and gateway auth tokens in plaintext. Any WebSocket client—including the unauthenticated Control UI when dangerouslyDisableDeviceAuth is set—could read every secret. This adds redactConfigSnapshot() which: - Deep-walks the config object and masks any field whose key matches token, password, secret, or apiKey patterns - Uses the existing redactSensitiveText() to scrub the raw JSON5 source - Preserves the hash for change detection - Includes 15 test cases covering all channel types * security: make gateway config writes return redacted values * test: disable control UI by default in gateway server tests * fix: redact credentials in gateway config APIs (openclaw#9858) (thanks @abdelsfane) --------- Co-authored-by: George Pickett <[email protected]> (cherry picked from commit 0c7fa2b) # Conflicts: # CHANGELOG.md # src/gateway/server.config-patch.e2e.test.ts
(cherry picked from commit 677450c) # Conflicts: # apps/android/app/build.gradle.kts # apps/ios/Sources/Info.plist # apps/ios/Tests/Info.plist # apps/ios/project.yml # apps/macos/Sources/OpenClaw/Resources/Info.plist # docs/platforms/mac/release.md # extensions/bluebubbles/package.json # extensions/copilot-proxy/package.json # extensions/diagnostics-otel/package.json # extensions/discord/package.json # extensions/feishu/package.json # extensions/google-antigravity-auth/package.json # extensions/google-gemini-cli-auth/package.json # extensions/googlechat/package.json # extensions/imessage/package.json # extensions/line/package.json # extensions/llm-task/package.json # extensions/lobster/package.json # extensions/matrix/CHANGELOG.md # extensions/matrix/package.json # extensions/mattermost/package.json # extensions/memory-core/package.json # extensions/memory-lancedb/package.json # extensions/minimax-portal-auth/package.json # extensions/msteams/CHANGELOG.md # extensions/msteams/package.json # extensions/nextcloud-talk/package.json # extensions/nostr/CHANGELOG.md # extensions/nostr/package.json # extensions/open-prose/package.json # extensions/signal/package.json # extensions/slack/package.json # extensions/telegram/package.json # extensions/tlon/package.json # extensions/twitch/CHANGELOG.md # extensions/twitch/package.json # extensions/voice-call/CHANGELOG.md # extensions/voice-call/package.json # extensions/whatsapp/package.json # extensions/zalo/CHANGELOG.md # extensions/zalo/package.json # extensions/zalouser/CHANGELOG.md # extensions/zalouser/package.json # package.json
(cherry picked from commit dca8cf9) # Conflicts: # extensions/feishu/package.json # extensions/memory-lancedb/package.json # package.json
(cherry picked from commit 94b2fc1)
(cherry picked from commit 0dd7033)
(cherry picked from commit ff80646)
…penclaw#11289) * chore: project hygiene fixes (workspace:*, sandbox USER, dead config) * chore: also fix workspace:* in zalouser dependencies (cherry picked from commit 28e1a65) # Conflicts: # CHANGELOG.md # extensions/zalouser/package.json # package.json # pnpm-workspace.yaml
Add threat model (MITRE ATLAS), contribution guide, and security directory README. Update SECURITY.md with trust page reporting instructions and Jamieson O'Reilly as Security & Trust. Co-Authored-By: theonejvo <[email protected]> (cherry picked from commit 74fbbda)
hughdidit
previously approved these changes
Feb 10, 2026
Owner
hughdidit
left a comment
hughdidit
left a comment
There was a problem hiding this comment.
Documentation is free of any injection. Approved
…rity-2026-02-08-2013 # Conflicts: # apps/shared/OpenClawKit/Sources/OpenClawKit/CalendarCommands.swift # apps/shared/OpenClawKit/Sources/OpenClawKit/ChatCommands.swift # apps/shared/OpenClawKit/Sources/OpenClawKit/ContactsCommands.swift # apps/shared/OpenClawKit/Sources/OpenClawKit/DeviceCommands.swift # apps/shared/OpenClawKit/Sources/OpenClawKit/MotionCommands.swift # apps/shared/OpenClawKit/Sources/OpenClawKit/PhotosCommands.swift # apps/shared/OpenClawKit/Sources/OpenClawKit/RemindersCommands.swift # apps/shared/OpenClawKit/Sources/OpenClawKit/TalkCommands.swift # scripts/docker/install-sh-smoke/Dockerfile # scripts/test-install-sh-docker.sh
Author
Patchbot
CI Checks (0/0 passed)
Updated 2026-03-01T02:18:39.694Z · Run #22533991117 |
2 tasks
hughdidit
added a commit
that referenced
this pull request
Mar 1, 2026
* Revert "cherry-pick: upstream refactor/feature commits (2026-02-08-2013) (#119)" This reverts commit ca1d391. * Revert "cherry-pick: upstream bugfix commits (2026-02-08-2013) (#117)" This reverts commit b5bcbd8. * Revert "cherry-pick: upstream deps/security commits (2026-02-08-2013) (#115)" This reverts commit 89c4883. * Revert "cherry-pick: upstream ci commits (2026-02-08-2013) (#116)" This reverts commit 595f964. * Revert "cherry-pick: upstream docs commits (2026-02-08-2013) (#118)" This reverts commit da859ed.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Automated cherry-pick of upstream
deps/securitycommits fromupstream/main.This branch was created from
origin/main, so cherry-picks apply cleanly ontheir own upstream lineage. Any merge conflicts in this PR are due to fork
divergence in
daisy/devand should be resolved during merge (not in thecherry-picks themselves).
Commits
06289b36fix(security): harden SSH target handling (fix(security): harden SSH target handling to prevent argument injection openclaw/openclaw#4001) (risk: 1/5)cb4b3f74chore(release): bump versions to 2026.1.29 (risk: 3/5)9a716078refactor: rename to openclaw (risk: 5/5)7d03cae6chore: bump npm version (risk: 1/5)67918dc4chore: bump beta (risk: 1/5)d9c81991chore: bump beta (risk: 1/5)c5d7d111chore: update pnpm lockfile (risk: 1/5)2cdfecdddocs: clarify security scope (risk: 1/5)201d7fa9fix(security): prevent gateway token from defaulting to 'undefined' string (risk: 1/5)c67df653fix(security): restrict local path extraction in media parser to prevent LFI (fix(security): restrict local path extraction in media parser to prevent LFI openclaw/openclaw#4880) (risk: 1/5)c0a6e675Agents: update pi dependencies to 0.50.7 (risk: 3/5)08ed6285chore: update deps and pi model discovery (risk: 3/5)67945e8dchore: Switch from TypeScript to build withtsdown, speeds uppnpm buildby 5-10x. (risk: 3/5)76265227Switch from TypeScript to TypeScript Go. Usepnpm tsgofor Typechecks. (risk: 1/5)88fe4de1chore: Remove unused deps. (risk: 1/5)86d38c2dchore: Oops, "long" is actually used + fix TypeScript error. (risk: 1/5)d4ed79ffchore:signal-utilsis actually used too. (risk: 1/5)1766cd41build: add typescript for a2ui bundling (risk: 1/5)76361ae3revert: Switch back totscfor compiling. (risk: 4/5)247fab47chore: bump version to 2026.1.30 (risk: 3/5)1287328bfeat: add MiniMax OAuth plugin (Feat: Add minimax OAuth authentication openclaw/openclaw#4521) (thanks @Maosghoul) (risk: 3/5)aa91f6e7chore: AddopenclawtodevDependenciesfor all extensions so that types resolve. (risk: 3/5)7d89855cfix: align npm publish metadata (risk: 1/5)34e2425bfix(security): restrict MEDIA path extraction to prevent LFI (fix(security): restrict MEDIA path extraction to prevent LFI openclaw/openclaw#4930) (risk: 1/5)ba4a55f6fix(agents): update cacheControlTtl to cacheRetention for pi-ai 0.50.9 (risk: 1/5)9b6fffd0security(message-tool): validate filePath/path against sandbox root (security(message-tool): validate filePath/path against sandbox root openclaw/openclaw#6398) (risk: 1/5)1bdd9e31security(web): sanitize WhatsApp accountId to prevent path traversal (security(web): sanitize WhatsApp accountId to prevent path traversal openclaw/openclaw#4610) (risk: 1/5)2601f413fix: override vulnerable transitive deps (risk: 1/5)e4d57219fix: override request dependency (risk: 1/5)e550e252Revert "fix: override request dependency" (risk: 2/5)b796f6ecSecurity: harden web tools and file parsing (Security: harden web tools and file parsing openclaw/openclaw#4058) (risk: 2/5)0a5821a8fix(security): enforce strict environment variable validation in exec tool (### Security Fix: Prevent Hidden Execution via Environment Variables openclaw/openclaw#4896) (risk: 1/5)cf1d3f7afix: update pi packages to 0.51.0, remove bogus type augmentation (risk: 1/5)bd259eebchore: Update deps. (risk: 1/5)4e4ed2eafix(security): cap Slack media downloads and validate Slack file URLs (fix(security): cap Slack media downloads and validate Slack file URLs openclaw/openclaw#6639) (risk: 1/5)85cd55e2chore: bump to 2026.2.1 (risk: 3/5)9e3ea268chore: Update deps. (risk: 1/5)a6afcb4cSecurity: new openclaw-system-admin skill + bootstrap audit (risk: 1/5)cdec53b2Security: rename openclaw-system-admin skill to healthcheck (risk: 1/5)1523ef24Security: remove openclaw-system-admin skill path (risk: 1/5)e2c03845Security: refine healthcheck workflow (risk: 1/5)578bde1eSecurity: healthcheck skill (Security: new healthcheck skill + bootstrap audit openclaw/openclaw#7641) (thanks @Takhoffman) (risk: 1/5)83715ecaSecurity: tune bootstrap healthcheck prompt + healthcheck wording (risk: 1/5)a03d852dchore: Migrate to tsdown, speed up JS bundling by ~10x (thanks @hyf0). (risk: 2/5)0223416cChannels: finish Feishu/Lark integration (risk: 2/5)e59eb814chore: bump version to 2026.2.2-1 (risk: 1/5)e4b084c7chore: bump version to 2026.2.3 (risk: 1/5)35eb40a7fix(security): separate untrusted channel metadata from system prompt (thanks @KonstantinMirin) (risk: 2/5)38e6da1fTUI/Gateway: fix pi streaming + tool routing + model display + msg updating (TUI/Gateway: fix pi streaming + tool routing + model display + msg updating openclaw/openclaw#8432) (risk: 2/5)a13ff55bSecurity: Prevent gateway credential exfiltration via URL override (Security: Prevent gateway credential exfiltration via URL override openclaw/openclaw#9179) (risk: 2/5)4434cae5Security: harden sandboxed media handling (Security: harden sandboxed media handling openclaw/openclaw#9182) (risk: 1/5)392bbddfSecurity: owner-only tools + command auth hardening (Security: owner-only tools + command auth hardening openclaw/openclaw#9202) (risk: 3/5)f26cc608Tests: add test coverage for security/windows-acl.ts (risk: 1/5)5031b283chore: bump version to 2026.2.4 (risk: 3/5)460808e0Update deps. (risk: 1/5)eb80b9acfeat: add Claude Opus 4.6 to built-in model catalog (feat: add Claude Opus 4.6 to built-in model catalog openclaw/openclaw#9853) (risk: 3/5)2ca78a8afix(runtime): bump minimum Node.js version to 22.12.0 (fix(runtime): bump minimum Node.js version to 22.12.0 openclaw/openclaw#5370) (risk: 1/5)46290544chore: apply local workspace updates (chore: apply local workspace updates openclaw/openclaw#9911) (risk: 4/5)b8004a28docs: improve DM security guidance with concrete example (risk: 1/5)3299aeb9Agents: bump pi-mono to 0.52.5 (Agents: bump pi-mono to 0.52.5 openclaw/openclaw#9949) (risk: 1/5)bc88e58fsecurity: add skill/plugin code safety scanner (security: add skill/plugin code safety scanner openclaw/openclaw#9806) (risk: 2/5)6f4665ddchore: Update deps. (risk: 1/5)7e005acdchore: update pnpm-lock.yaml for feishu extension deps (risk: 1/5)0c7fa2b0security: redact credentials from config.get gateway responses (security: redact credentials from config.get gateway responses openclaw/openclaw#9858) (risk: 1/5)677450cdchore(release): bump version to 2026.2.6 (risk: 3/5)dca8cf95chore(deps): update deps (risk: 1/5)94b2fc14chore(deps): bump carbon beta (risk: 1/5)0dd70335chore(lockfile): fix pnpm-lock (risk: 1/5)ff806460chore: bump pi to 0.52.8 (risk: 1/5)28e1a65echore: project hygiene — fix workspace:*, sandbox USER, dead config (chore: project hygiene — fix workspace:*, sandbox USER, dead config openclaw/openclaw#11289) (risk: 1/5)74fbbda2docs: add security & trust documentation (risk: 1/5)What to beware of
Verify lockfile diffs match declared dependency changes. Check for post-install scripts in new/updated packages. Confirm no transitive dependency introduces unexpected binaries.
About conflicts
Some cherry-picks may have conflicted during application — these are committed
with conflict markers intact and are visible in the diff for manual resolution.
Additionally, this PR may show merge conflicts against
daisy/devdue tofork divergence. Resolve both in the merge UI or locally with
git merge.Risk
Review checklist
Generated by
scripts/upstream-triage.sh --apply --open-pron 2026-02-08-2013 — no upstream code was executed