- lib/clean/user.sh: quote glob patterns in _clean_incomplete_downloads so
they are not expanded at array assignment time; filenames with spaces would
previously be word-split before reaching safe_clean, causing silent failures
- lib/clean/project.sh: replace silent array fallback with explicit bounds
check before reading PURGE_CATEGORY_FULL_PATHS_ARRAY, guarding against
future index drift if menu filtering is added
- SECURITY_AUDIT.md: document double validatePath in analyze delete, native
PAM passthrough for sudo prompts, dry-run dedup by filesystem identity,
atomic purge config write, pre-commit hook mirroring CI, and new test suites
- Validate bundle_id format (reverse-DNS) in stop_launch_services() to prevent glob injection attacks
- Add common word exclusion list for LaunchAgents name search to avoid false positive matches (Music, Notes, Photos, etc.) - Add security comments explaining symlink handling in remove_file_list()
- Improve brew_uninstall_cask() timeout handling: exit code 124 now returns failure immediately
- Update SECURITY_AUDIT.md with remediation details
- Disable sensors data collection (CPU temp already shown in CPU card)
- Remove unused sensor-related functions (collectSensors, prettifyLabel, hasSensorData, renderSensorsCard)
- Remove unused gopsutil/sensors import
- Fix inline spinner disown call with explicit PID
- Update version from 1.22.0 to 1.22.1
- Update SECURITY_AUDIT.md to match new version and date
- Change delete confirmation from double-delete to Delete→Enter
- Move files to macOS Trash instead of permanent deletion
- Allow file recovery from Trash if accidentally deleted
- Update UI prompts to show 'Press Enter to confirm'
- Skip Finder-dependent tests in CI environments
- Update SECURITY_AUDIT.md with new safety mechanisms
Closes#288
Fixes#263
- Change regex from \.\. to (^|/)\.\.(/|$) to only match path components
- Firefox uses ..files suffix in IndexedDB dirs (e.g., name..files)
- Still blocks actual traversal: /tmp/../etc
- Added test cases for Firefox compatibility
- All 16 tests passing
