Merge pull request #11 from godaddy/changeset-release/main

wcole1-godaddy · web-flow · commit e743fbbbbf8b · 2026-02-26T09:58:26.000-05:00
Version Packages
diff --git a/.changeset/curvy-wolves-prove.md b/.changeset/curvy-wolves-prove.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,17 @@
 # @godaddy/cli
 
+## 0.2.2
+
+### Patch Changes
+
+- e6f6ae3: Hardened CLI security in three areas without changing intended workflows:
+
+  - Block extension deploy path traversal by validating `handle` and `source` stay within the extension workspace.
+  - Quote and escape generated `.env` values to prevent newline/comment-based env injection.
+  - Restrict truncation `full_output` dump permissions to owner-only (`0700` dir, `0600` files).
+
+  Also adds regression tests covering these protections.
+
 ## 0.2.1
 
 ### Patch Changes
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@godaddy/cli",
-	"version": "0.2.1",
+	"version": "0.2.2",
 	"description": "GoDaddy CLI for managing applications and webhooks",
 	"keywords": [
 		"godaddy",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@godaddy/cli",`
`3`		`- "version": "0.2.1",`
	`3`	`+ "version": "0.2.2",`
`4`	`4`	`"description": "GoDaddy CLI for managing applications and webhooks",`
`5`	`5`	`"keywords": [`
`6`	`6`	`"godaddy",`