issues Search Results · language:Dune language:JavaScript language:Python language:Java language:JavaScript language:Java
Filter by
55.2M results
Finding
- No reorder endpoint; client must rebuild cart from orders.order_items.
- order.js returns qbo_invoice_id but no endpoint fetches a PDF / hosted invoice / Stripe receipt URL.
- notifications.js ...
missing-feature
post-auth
OJamals
Implement the layout decided in AD-22 (recorded in #184).
Steps
- [ ] Add src/randomgen/versions.py — the registry API_VERSIONS = { v1 : RandomGenV1, v2 : RandomGenV2} (the only
module importing ...
P2
task
braboj
Finding
- No email-change endpoint (me.js reads user.email read-only).
- No account/company deletion or anonymization, no data export. Schema has on delete cascade but nothing invokes it.
Acceptance ...
missing-feature
post-auth
Finding
- No PUT/PATCH to edit an address or flip is_default on an existing one — must delete+recreate (addresses.js has POST
create + DELETE only).
- team.js can invite (POST) and revoke a pending ...
missing-feature
post-auth
Finding
esc() (js/util.js:6) escapes text but does not sanitize URLs. Raw values flow into href/src: notification n.link
(dashboard.js:341), order.tracking_url (dashboard.js:66), step.action (dashboard.js:122), ...
security
ux
Finding
qbo/callback.js is (correctly) unguarded as the Intuit redirect URI and protected by HMAC-signed, 10-min-TTL,
timing-safe verifyQboState. But state is bound only to time+nonce+secret, not to the ...
admin
security
Finding
ratelimit.js (rateLimit/clientIp) is imported by zero account/ or admin/ routes. team.js POST and messages.js POST send
an email per request (email-bomb / address enumeration). Admin offers.js ...
security
Finding
quotes.js:170-177: when action: sweep_due + matching x-quote-crm-secret, it calls adminClient(env) + sweepDueQuotes (DB
writes: emails, quote updates) before requireStaff (:179). Secret check ...
admin
security
Finding
register.js returns raw error.message on 500 at :38, :58, :67 (json(500,{error:jErr.message}) etc.). It is the one
account route omitted from the CUSTOMER_FACING list in tests/api-error-masking.test.mjs:10-20, ...
bug
post-auth
security
Objetivo
Criar um publicador Windows com interface simples para o Valora Pulse, permitindo que o usuário clique em um
programa/atalho e execute todo o fluxo de publicação PRD/IIS: validar ambiente, exportar/importar ...
deploy
iis
prioridade-alta
produção
ux
windows
devmnsoft
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.