Skip to content

chore(release): v0.2.1 — Codex media-gate security fixes#6

Merged
LakshmanTurlapati merged 1 commit into
mainfrom
phantomstream-remote-control
Jun 22, 2026
Merged

chore(release): v0.2.1 — Codex media-gate security fixes#6
LakshmanTurlapati merged 1 commit into
mainfrom
phantomstream-remote-control

Conversation

@LakshmanTurlapati

Copy link
Copy Markdown
Contributor

Summary

Patch release v0.2.1 over v0.2.0. It carries the three renderer media gate security fixes that landed on main in PR #5 (the Codex P1 and P2 findings from the v0.2.0 review). This is a version bump only; the code fixes are already on main.

Included fixes

  • Gate <source srcset> at the string layer, so a blocked candidate cannot be prefetched during srcdoc parse (c8470a2).
  • Scan <audio> in the pre parse media gate, closing an ungated <audio src> path (54a7a95).
  • Pick the diff gate kind from the live element tag, so poster mode withholds playable media on a src mutation (3789dd3).

Compatibility

No API changes, fully backward compatible with 0.2.0. The published module stays at zero hard runtime dependencies.

Verification

Full suite green at 712 of 712, differential oracle 48 of 48, types clean. The tarball builds at @full-self-browsing/phantom-stream 0.2.1 with 111 files.

Co-Authored-By: Claude Opus 4.8 (1M context)

Patch release over v0.2.0 carrying the three renderer media-gate fixes
from PR #5 (Codex P1/P2 findings, all already on main):
- gate <source srcset> at the string layer (c8470a2)
- scan <audio> in the pre-parse media gate (54a7a95)
- poster-mode-aware src mutation gate (3789dd3)

No API changes, backward compatible. Bumps package.json and
package-lock.json to 0.2.1.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@LakshmanTurlapati LakshmanTurlapati merged commit a15b873 into main Jun 22, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant