1
0
mirror of https://github.com/avinal/nikki.git synced 2026-07-04 05:50:10 +05:30

Fix security issues from review

Notifications:
- VISIBILITY_PRIVATE on all channels and notifications
  (hides task text from lockscreen)
- Remove setFullScreenIntent (requires USE_FULL_SCREEN_INTENT
  permission; p1 channel already bypasses DND)

Auth:
- Clear cached token and server URL in memory on logout
  via AuthRepository.onLogout callback

Offline queue:
- Replace manual JSON string interpolation with
  kotlinx.serialization JsonObject/JsonPrimitive
  (prevents JSON injection from memo content)

CI/CD:
- Pin all GitHub Actions to commit SHAs
- Add permissions: contents: read to build workflow
- Decode keystore via env var instead of inline expansion
- Sanitize tag name through env var in release upload
- Fix test task name: testAndroidHostTest

Signed-off-by: Avinal Kumar <avinal.xlvii@gmail.com>
Co-Authored-By: Claude Opus 4.6 (1M context)
This commit is contained in:
2026-06-05 15:08:16 +05:30
parent 6b1d798c95
commit e4c19c2d7c
11 changed files with 55 additions and 21 deletions
+6
View File
@@ -36,11 +36,17 @@ kotlin {
sourceSets {
commonMain.dependencies {
@Suppress("DEPRECATION")
implementation(compose.runtime)
@Suppress("DEPRECATION")
implementation(compose.foundation)
@Suppress("DEPRECATION")
implementation(compose.material3)
@Suppress("DEPRECATION")
implementation(compose.materialIconsExtended)
@Suppress("DEPRECATION")
implementation(compose.ui)
@Suppress("DEPRECATION")
implementation(compose.components.resources)
implementation(libs.androidx.lifecycle.viewmodel)