issues Search Results · language:Dune language:TypeScript language:JavaScript language:TypeScript linked:pr language:Python
Filter by
7.9M results
pnpm audit --audit-level high (CI Supply-chain job) now fails on a newly-published advisory:
- esbuild =0.17.0 0.28.1 — Missing binary integrity verification enables RCE via NPM_CONFIG_REGISTRY (high). ...
security
task
lucianhanga
Enable Safer High-Quality Image Regeneration Retry for Cohort B
Context
The product roadmap for Phase 5 (Monetization / Soft Launch) indicates that the P5-3f task, Option C Safer High-Quality
Retry (which ...
jules
jules-ready
ksc0000
Fix reflected XSS alert on /timeseries/meta JSON response
What
CodeQL alert #30 (py/reflective-xss, CWE-79) flags backend/routes/timeseries_meta.py:130-136 — the JSONResponse content
dict in get_meta_timeseries, ...
backend
security
sonnet
leonarduk
Sanitise transaction data before logging invalid share counts in compliance.py
What
CodeQL alerts #87 and #88 (py/log-injection, CWE-117) both flag backend/common/compliance.py:211:
logger.warning( ...
backend
security
sonnet
Problem
ci.yml diverges from the champi-imgui pattern in several ways:
- Uses ubuntu-latest + macos-latest OS matrix — macOS minutes are expensive and the self-hosted runner covers what we
need ...
ci-cd
Divagnz
Sanitise log-record extra fields in data_loader provider fallback logging
What
CodeQL alert #156 (py/log-injection, CWE-117) flags backend/common/data_loader.py:1048-1054 — the logger.warning(...)
call ...
backend
haiku
security
Resolve CodeQL CSRF/SSRF alert on frontend API base URL validation
What
CodeQL alert #218 (js/client-side-request-forgery, CWE-918) flags frontend/src/api.ts:217 — the fetchImpl(fullUrl, ...)
call inside ...
frontend
security
sonnet
Goal
Make HuggingFace the public, citable home for RLE benchmark data — every spread lands on the Hub automatically, with a
dataset card that doubles as a live leaderboard.
Current state
- tracking/hf_logger.py ...
jkbennitt
背景
PR #167 で GitHub Actions の各 use を commit SHA で pin したが、自動更新の仕組みがない。upstream で新しい version (security fix を含む) が出ても、手動で SHA
を解決して bump する必要がある。
CVE 修正版を遅延なく取り込むため、Dependabot で以下を自動化する:
1. GitHub Actions: ...
ci
security
sserada
Problem
Issue #661 added shared sensitive-path rejection for OpenCode and DeepSeek worker selected files. Direct DeepSeek also
rejects secret-like file content before creating prompt/request artifacts ...
priority:p2
type:feature
sakibshuvo
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.