fix(zsh-navigation-tools): quote some potential space-filled strings (#13567 )

feat(dotenv): add named pipe (FIFO) support (#13561 )
fix(dnf): ensure correct alias for different version (#13559 )
2026-02-16 22:31:03 +01:00 · 2026-02-16 12:10:27 +01:00 · 2026-02-16 12:08:13 +01:00 · 2026-02-16 12:01:00 +01:00 · 2026-02-16 09:14:58 +01:00 · 2026-02-11 12:31:06 +01:00
10 changed files with 33 additions and 17 deletions
--- a/.github/workflows/dependencies.yml
+++ b/.github/workflows/dependencies.yml
@@ -13,7 +13,7 @@ jobs:
      contents: write # this is needed to push commits and branches
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit
--- a/.github/workflows/installer.yml
+++ b/.github/workflows/installer.yml
@@ -26,7 +26,7 @@ jobs:
          - macos-latest
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit
@@ -47,7 +47,7 @@ jobs:
      - test
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -24,7 +24,7 @@ jobs:
    if: github.repository == 'ohmyzsh/ohmyzsh'
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit
--- a/.github/workflows/project.yml
+++ b/.github/workflows/project.yml
@@ -17,7 +17,7 @@ jobs:
    if: github.repository == 'ohmyzsh/ohmyzsh'
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit
      - name: Authenticate as @ohmyzsh
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -36,7 +36,7 @@ jobs:
    steps:
      - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
        with:
          egress-policy: audit
@@ -60,6 +60,6 @@ jobs:
          retention-days: 5
      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
+        uses: github/codeql-action/upload-sarif@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
        with:
          sarif_file: results.sarif
--- a/lib/theme-and-appearance.zsh
+++ b/lib/theme-and-appearance.zsh
@@ -40,9 +40,9 @@ if [[ -z "$LS_COLORS" ]]; then
 fi
 function test-ls-args {
-  local cmd="$1"          # ls, gls, colorls, ...
+  # Usage: test-ls-args cmd args...
-  local args="${@[2,-1]}" # arguments except the first one
+  # e.g. test-ls-args gls --color
-  command "$cmd" "$args" /dev/null &>/dev/null
+  command "$@" /dev/null &>/dev/null
 }
 # Find the option for using colors in ls, depending on the version
--- a/plugins/dnf/dnf.plugin.zsh
+++ b/plugins/dnf/dnf.plugin.zsh
@@ -6,14 +6,22 @@ command -v dnf5 > /dev/null && dnfprog=dnf5
 alias dnfl="${dnfprog} list"                       # List packages
 alias dnfli="${dnfprog} list installed"            # List installed packages
 alias dnfgl="${dnfprog} grouplist"                 # List package groups
 alias dnfmc="${dnfprog} makecache"                 # Generate metadata cache
 alias dnfp="${dnfprog} info"                       # Show package information
 alias dnfs="${dnfprog} search"                     # Search package
 alias dnfu="sudo ${dnfprog} upgrade"               # Upgrade package
 alias dnfi="sudo ${dnfprog} install"               # Install package
 alias dnfgi="sudo ${dnfprog} groupinstall"         # Install package group
 alias dnfr="sudo ${dnfprog} remove"                # Remove package
 alias dnfgr="sudo ${dnfprog} groupremove"          # Remove package group
 alias dnfc="sudo ${dnfprog} clean all"             # Clean cache
 # Conditional aliases based on dnfprog value
 if [[ "${dnfprog}" == "dnf5" ]]; then
    alias dnfgl="${dnfprog} group list"            # List package groups (dnf5)
    alias dnfgi="sudo ${dnfprog} group install"    # Install package group (dnf5)
    alias dnfgr="sudo ${dnfprog} group remove"     # Remove package group (dnf5)
 else
    alias dnfgl="${dnfprog} grouplist"             # List package groups (dnf)
    alias dnfgi="sudo ${dnfprog} groupinstall"     # Install package group (dnf)
    alias dnfgr="sudo ${dnfprog} groupremove"      # Remove package group (dnf)
 fi
--- a/plugins/dotenv/README.md
+++ b/plugins/dotenv/README.md
@@ -78,6 +78,14 @@ change.
 NOTE: if a directory is found in both the allowed and disallowed lists, the disallowed list
 takes preference, _i.e._ the .env file will never be sourced.
 ## Named Pipe (FIFO) Support
 The plugin supports `.env` files provided as UNIX named pipes (FIFOs) in addition to regular files.
 This is useful when secrets managers like [1Password Environments](https://developer.1password.com/docs/environment/)
 mount `.env` files as named pipes to inject secrets on-the-fly without writing them to disk.
 No additional configuration is required — the plugin automatically detects and sources named pipes.
 ## Version Control
 **It's strongly recommended to add `.env` file to `.gitignore`**, because usually it contains sensitive information such as your credentials, secret keys, passwords etc. You don't want to commit this file, it's supposed to be local only.
--- a/plugins/dotenv/dotenv.plugin.zsh
+++ b/plugins/dotenv/dotenv.plugin.zsh
@@ -11,7 +11,7 @@
 ## Functions
 source_env() {
-  if [[ ! -f "$ZSH_DOTENV_FILE" ]]; then
+  if [[ ! -f "$ZSH_DOTENV_FILE" ]] && [[ ! -p "$ZSH_DOTENV_FILE" ]]; then
    return
  fi
--- a/plugins/zsh-navigation-tools/n-list
+++ b/plugins/zsh-navigation-tools/n-list
@@ -55,9 +55,9 @@ _nlist_cursor_visibility() {
        [ "$1" = "1" ] && { tput cvvis; tput cnorm }
        [ "$1" = "0" ] && tput civis
    elif [ "$_nlist_has_terminfo" = "1" ]; then
-        [ "$1" = "1" ] && { [ -n $terminfo[cvvis] ] && echo -n $terminfo[cvvis];
+        [ "$1" = "1" ] && { [ -n "$terminfo[cvvis]" ] && echo -n "$terminfo[cvvis]";
-                           [ -n $terminfo[cnorm] ] && echo -n $terminfo[cnorm] }
+                           [ -n "$terminfo[cnorm]" ] && echo -n "$terminfo[cnorm]" }
-        [ "$1" = "0" ] && [ -n $terminfo[civis] ] && echo -n $terminfo[civis]
+        [ "$1" = "0" ] && [ -n "$terminfo[civis]" ] && echo -n "$terminfo[civis]"
    fi 
 }
Author	SHA1	Message	Date
Eve	45dd7d006a	fix(zsh-navigation-tools): quote some potential space-filled strings (#13567 )	2026-02-16 12:10:27 +01:00
Thomas Witt	993afc8267	feat(dotenv): add named pipe (FIFO) support (#13561 )	2026-02-16 12:08:13 +01:00
c0mpile	a8aca3fba5	fix(dnf): ensure correct alias for different version (#13559 )	2026-02-16 12:01:00 +01:00
dependabot[bot]	cdd31a7ab3	chore(deps): bump github/codeql-action from 4.32.2 to 4.32.3 (#13570 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.2 to 4.32.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`45cbd0c69e...9e907b5e64`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-16 09:14:58 +01:00
Ranga Nirmal	88659ed193	fix(appearance): ensure arg separation in `test-ls-args` (#13556 ) Co-authored-by: Marc Cornellà <marc@mcornella.com>	2026-02-11 12:31:06 +01:00
dependabot[bot]	41c5b9677a	chore(deps): bump github/codeql-action from 4.32.0 to 4.32.2 (#13558 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.0 to 4.32.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`b20883b0cd...45cbd0c69e`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-08 21:09:55 +01:00
dependabot[bot]	116be8badd	chore(deps): bump step-security/harden-runner from 2.14.1 to 2.14.2 (#13557 ) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.14.1 to 2.14.2. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](`e3f713f2d8...5ef0c079ce`) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.14.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-02-08 21:09:10 +01:00