issues Search Results · language:Dune language:JavaScript language:JavaScript language:JavaScript language:TypeScript
Filter by
35M results
Hill
Reduce Bijou s live type-aware ESLint debt from the current 5,121 findings to at most 4,900, then lower the official
Code Dojo ESLint and aggregate debt ceilings so future work cannot regain the ...
lane:bad-code
legend:wf
priority:high
roadmap
type:maintenance
work-in-progress
flyingrobots
배경
진행 중인 수업마다 진도(어디까지 나갔는지)를 보여주고, 선생님이 강의실에서 나가기 전에 그날 진도를 기록할 수 있어야 한다.
제안
1. 진도 표시: 수업 상세/마이페이지 등에서 수업별 진도 이력(최신 진도 + 지난 기록)을 보여준다.
2. 진도 입력: 선생님이 강의실에서 나가기/수업 종료 전에 그날 나간 진도를 입력·저장한다.
작업 범위 (FE) ...
congsoony
Still uses login_with_passkey_button which no longer exists.
CamJN
Issue Type
Choose one:
- [x] Bug
- [ ] Feature Request
- [ ] Improvement
- [ ] Documentation
- [ ] Question
Priority
Choose one:
- [x] Low
- [ ] Medium
- [ ] High
- [ ] Critical ...
zchuwie
Related to #6
Subtask: Testing and Documentation
This is part of the epic: #6
Description
This task covers the testing and documentation phase of the epic.
Acceptance Criteria
- [ ] Testing and ...
enhancement
needs-review
uxneasters
Related to #6
Subtask: Implementation
This is part of the epic: #6
Description
This task covers the implementation phase of the epic.
Acceptance Criteria
- [ ] Implementation completed
- [ ] ...
enhancement
needs-review
Describe the problem: The window cannot be dragged via the title bar
To Reproduce: Version 1.0.234 @ macOS 26.5.1 It is found that most title bars cannot drag windows under macOS 26.5.1.
Only the title ...
T: Bug
Jermynn
安全:Worker Authorization header 直接字符串比较,存在 timing attack 风险
摘要
worker/src/index.ts:236-243 的 authenticate() 函数用 authHeader !== expected 直接字符串比较来验证 Bearer WORKER_SECRET。这种比较是
非常量时间(short-circuit 在第一个不同字节就返回),攻击者可通过测量响应时间逐字节恢复 ...
security
nocoo
安全:x-api-key 直接字符串比较,存在 timing attack 风险
摘要
worker/src/auth.ts:42 的 requireApiKey() 函数用 provided !== env.API_KEY 直接字符串比较来验证 API key。这种比较是 非常量时间(short-circuit
在第一个不同字节就返回),攻击者可通过测量响应时间逐字节恢复 secret。
严重度 ...
security
安全:NextAuth signIn callback 空白名单 fail-open,任何 Google 账号可登录
摘要
src/lib/auth.ts 的 isEmailAllowed() 函数(line 20)当白名单为空时返回 true — 空白名单 = 允许所有人登录。这是典型的 fail-open 反模式。
src/auth.ts:14-83 NextAuth 配置中 signIn ...
security
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.