Issue 282: Fix missing feature field in project tasks API response#301
Merged
Wirasm merged 1 commit intocoleam00:mainfrom Aug 19, 2025
Merged
Conversation
Resolves issue coleam00#282 by adding feature field to task dictionary in TaskService.list_tasks() method. The project tasks API endpoint was excluding the feature field while individual task API included it, causing frontend to default to 'General' instead of showing custom feature values. Changes: - Add feature field to task response in list_tasks method - Maintains compatibility with existing API consumers - All 212 tests pass with this change
Collaborator
|
thanks for this @ericfisherdev |
POWERFULMOVES
added a commit
to POWERFULMOVES/PMOVES-Archon
that referenced
this pull request
Feb 12, 2026
…m00#301) * security: fix HIGH severity vulnerabilities in dependencies This commit addresses critical security vulnerabilities: 1. **python-multipart DoS (CVE-2025-*)**: Upgraded to >=0.0.7 - Fixed in: flute-gateway, presign, retrieval-eval - All instances now use >=0.0.20 for maximum safety 2. **Next.js DoS with Server Components (CVE-2025-55184, CVE-2025-55183)** - Upgraded pmoves/ui from 16.0.7 to 16.0.9 - Upgraded PMOVES-DoX from 15.4.8 to 15.4.9 - Upgraded PMOVES-Open-Notebook from 15.4.8 to 15.4.9 - Upgraded PMOVES-BoTZ/cipher from 15.3.6 to 15.3.7 - Fixes DoS and source code exposure vulnerabilities 3. **MCP Python SDK DNS Rebinding (CVE-2025-66416)**: Upgraded to >=1.23.0 - Fixed in: PMOVES-Agent-Zero, PMOVES-BoTZ features - Enables DNS rebinding protection by default for localhost servers 4. **glob CLI command injection (CVE-2025-64756)**: Verified not affected - Repository uses glob@^7.1.3, vulnerability only affects 10.3.7-11.0.3 - No CLI usage detected, only programmatic API usage 5. **jws HMAC signature verification (CVE-2025-65945)**: Verified not affected - No direct jws package dependencies found in repository - jose package uses jws as keyword only, not as dependency All security fixes align with December 2025 security advisories. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(security): address CRITICAL CVE-2025-55182 (Next.js) and CVE-2025-32434 (PyTorch) This commit addresses two CRITICAL severity vulnerabilities: ## CVE-2025-55182: Next.js/React RCE (CVSS 10.0) Updated Next.js in all submodules to patched versions to fix React Server Components "Flight" protocol vulnerability allowing unauthenticated RCE. Affected projects and updates: - PMOVES-Open-Notebook: 15.4.7 → 15.4.8 - PMOVES-DoX: 14.1.0 → 15.4.8 - PMOVES-ToKenism-Multi: 13.4.19 → 15.4.8 - PMOVES-BoTZ/cipher: 15.3.1 → 15.3.6 Default Next.js apps with App Router were vulnerable to exploitation via crafted HTTP requests with no code changes required. Public exploits exist and active exploitation has been observed in the wild. ## CVE-2025-32434: PyTorch torch.load RCE (CVSS 9.3) Updated PyTorch minimum version to >=2.6.0 in PMOVES-Creator to address deserialization vulnerability in torch.load() that allows RCE even with weights_only=True parameter when loading specially crafted .tar model files. References: - https://nextjs.org/blog/CVE-2025-66478 - GHSA-53q9-r3pm-6pq6 - https://nvd.nist.gov/vuln/detail/CVE-2025-32434 - https://www.wiz.io/blog/critical-vulnerability-in-react-cve-2025-55182 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs(security): add Docker 2025 best practices and deployment security guide - Add Port Allocation Reference Table with 40+ services and security classifications - Add Service Discovery Patterns (Docker DNS, NATS, Supabase Realtime) - Add Docker 2025 Security Advisories (CVE-2025-9074, CVE-2025-62725) - Add Docker Compose V5 breaking changes documentation - Add Container Security Best Practices (2025 standards) - Add Production Deployment Checklist with verification commands - Create docker-compose-networking-best-practices-2025.md with CVE mitigations - Document Supabase integration path for data services 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * docs: address CodeRabbit review comments for docker-compose guide - Add official Docker security advisory links for CVE-2025-9074 and CVE-2025-62725 - Update Docker Compose V5 changes to match official release notes only - Add platform/scope clarification for iptables mitigation with subnet discovery guidance - Fix markdown lint issues (MD036/MD040) for emphasis-as-heading and missing code block languages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(docs): address CodeRabbit review comments - Fix CRITICAL CVE-2025-55182 Next.js version guidance - correct patched versions are 15.0.5, 15.1.9, 15.2.6, 15.3.6+, 15.4.8+, 15.5.7+, 16.0.7+ (versions 15.3.0-15.3.5 are NOT patched) - Fix MD056 table column count issues - add missing columns to section header rows - Add missing language tags to code blocks (MD040) - use 'text' for cross-tier rules and NATS subjects - Remove low-trust blog links from Additional Resources section - Replace with official Docker documentation and security advisories Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(docs): address additional CodeRabbit review comments - Add Linux portability note for host.docker.internal with workarounds - Fix Compose Bridge command syntax (docker compose bridge convert) - Update security checklist to avoid grep secret leak - use safe placeholder checks and secret scanners instead Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(docs): correct CVE-2025-55182 as RCE and add iptables platform notes - Fix CVE-2025-55182 description: it's RSC Remote Code Execution via unsafe deserialization, not authorization bypass - Add note that App Router is primary attack surface, Pages Router has reduced exposure - Add platform notes for iptables mitigation: Linux-only, Docker Desktop uses different networking model - Include common subnet values and verification command 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Codex Agent <codex-agent@example.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request
Summary
Resolves issue #282 by adding feature field to task dictionary in TaskService.list_tasks() method. The project tasks API endpoint was excluding the feature field while individual task API included it, causing frontend to default to 'General' instead of showing custom feature values.
Changes Made
Before the change:
After the change:
Type of Change
Affected Services
Testing
Test Evidence
uv run pytest tests/ -v ================= 212 passed, 54 warnings in 81.90s (0:01:21) ==================Checklist