issues Search Results · language:Dune language:TypeScript language:JavaScript language:JavaScript language:CSS linked:pr
Filter by
5.3M results
Problem
scripts/check-env.py uses subprocess.check_output(..., shell=True) for version checks and Docker platform detection. The
commands are static today, but shell invocation increases audit noise and ...
code-quality
devin-remediate
security
cctdaniel
Problem
superset-frontend/src/embedded/index.tsx writes a translated failure string with appMountPoint.innerHTML = message. This
is a DOM sink that security scanners flag and is unnecessary for plain ...
devin-remediate
frontend
security
Problem
superset/examples/utils.py parses exported metadata with yaml.load(..., Loader=yaml.Loader). Security tooling flags this
as an unsafe deserialization pattern even though the data normally comes ...
devin-remediate
maintenance
security
概要
複数のコード品質問題をまとめて報告します。
1. console.error の本番コード残留
深刻度: LOW
- App.tsx 行47: console.error(err);
- services/geminiService.ts 最終catch: console.error( Error calling Gemini API or processing stream: ...
bug
stewroux
概要
現在の .gitignore には .env、.env.local、.env.*.local 等の環境変数ファイルが含まれていません。誤って GEMINI_API_KEY を含む .env ファイルをコミットするリスクがあります。
対象ファイル・箇所
- .gitignore — .env パターンなし
現状の .gitignore(抜粋):
node_modules
dist ...
security
概要
components/ReferencesList.tsx で、Gemini APIレスポンスから取得したURLを検証せずそのまま a href={ref.url} に渡しています。AIが javascript:alert(1) や
data: スキームを返した場合、XSSが成立します。
対象ファイル・箇所
- components/ReferencesList.tsx 行27:
...
security
Not sure if it s intended, and it also feels weird that hiding community posts in searches when they include things you
ve searched for is grouped together with showing them on the For you page and part ...
bug
marcustyphoon
Scope
Enable react-hooks/purity as an enforced lint rule.
Why
This rule catches impure calls during render and hook construction. Moving the thumbnail queue shuffle out of the hook
body lets the rule ...
area:tooling
pr:size-small
type:refactor
validation:lint
validation:types
cgasgarth
La fiche /club/[slug] (issue #373) n affiche que nom + ville + liste des courts. Les courts (venues) portent pourtant :
phone, website_url, is_indoor, has_lighting, is_wheelchair_accessible, fee_required. ...
thsshm
oxlintでDDDレイヤ境界を機械的にガードする
Parent: #454, 先行: #455
概要
docs/architecture/ddd.md で定義した src/contexts/saved-tabs/{domain,application,infrastructure,presentation}
の依存方向と禁止ルールを、oxlint の no-restricted-imports ...
haruto-yamada1
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.