fix: address PR #173 security and code quality feedback

Security fixes: - Enhanced branch name sanitization for cross-platform filesystem safety (handles Windows-invalid chars, reserved names, path length limits) - Added branch name validation in pr-info.ts to prevent command injection - Sanitized prUrl in kanban-card to only allow http/https URLs Code quality improvements: - Fixed placeholder issue where {owner}/{repo} was passed literally to gh api - Replaced async forEach with Promise.all for proper async handling - Display PR number extracted from URL in kanban cards 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 20:23:36 +00:00 · 2025-12-19 20:39:38 -05:00
parent 6c25680115
commit ec7c2892c2
7 changed files with 153 additions and 132 deletions
--- a/apps/ui/src/components/views/board-view/dialogs/create-pr-dialog.tsx
+++ b/apps/ui/src/components/views/board-view/dialogs/create-pr-dialog.tsx
@@ -29,12 +29,8 @@ interface CreatePRDialogProps {
  open: boolean;
  onOpenChange: (open: boolean) => void;
  worktree: WorktreeInfo | null;
-<<<<<<< Updated upstream
-  onCreated: (prUrl?: string) => void;
-=======
  projectPath: string | null;
-  onCreated: () => void;
->>>>>>> Stashed changes
+  onCreated: (prUrl?: string) => void;
 }

 export function CreatePRDialog({