github Graphify-Labs/graphify v0.9.15

5 hours ago

A small, security-focused patch on top of 0.9.14.

Highlights

  • Security (stored XSS): the exported graph.html is fixed (#1838). The report's neighbor links dropped an unescaped stringified node id into an inline onclick — which broke every neighbor link and, when a node id/label contained a double-quote (e.g. from a document or a title scraped via graphify add <url>), let a hostile source inject a live event handler into a report opened locally. The id is now carried in an HTML-escaped data-nid attribute dispatched through a single delegated listener. If you generate reports from untrusted corpora, upgrade.

All fixes

  • Security: close a stored XSS and repair the (previously always-broken) neighbor "focus" links in the exported graph.html (#1838, thanks @edgestack-ai).
  • Fix: detection honors nested .gitignore/.graphifyignore files below the scan root, matching git — a vendor/sub/.gitignore deeper in the tree is now applied to its own subtree instead of being ignored (#1847, thanks @Mohak-Agrawal). Composes with .git/info/exclude (0.9.14): a nearer ! re-include still wins.
  • Fix: graphify update now keeps human-readable community_name labels instead of stripping them back to numeric ids on every incremental rebuild (#1808 / #1855, thanks @latreon).

Install

pip install --upgrade graphifyy
# or
uv tool install graphifyy@0.9.15

Then graphify install to update the skill for your agent.

Don't miss a new graphify release

NewReleases is sending notifications on new releases.