issues Search Results · language:Dune language:JavaScript language:JavaScript linked:pr language:JavaScript language:Java
Filter by
3.2M results
Feature issue
Feature: Minecraft 26.2 Compatibility Port Type: Slice 3 - 26.2 worldgen data and datapack schema port Effort: L - agent
Depends on: FT-02 Branch: codex/ft-03-worldgen-data-schema
This ...
data-model
effort-l
feature
slice
worldgen
agentorvus
Feature issue
Feature: Minecraft 26.2 Compatibility Port Type: Slice 2 - Common source API compile port Effort: L - agent Depends on:
FT-01 Branch: codex/ft-02-common-api-compile
This issue ports the ...
api
effort-l
feature
slice
worldgen
Feature issue
Feature: Minecraft 26.2 Compatibility Port Type: Slice 1 - 26.2 toolchain and dependency resolution Effort: M - agent
Depends on: nothing Branch: codex/ft-01-26-2-toolchain
This issue establishes ...
build
effort-m
feature
slice
Severity: High
Summary
Four of the five new visualizer pages reference styles.css with a wrong relative path, so the 161 KB root
stylesheet 404s and base layout/nav/buttons are broken.
Details
These ...
Easy
SSoC26
sricharan12-hub
Severity: High
Summary
The Vercel deployment never runs server.js, so any functionality defined only there (Socket.IO realtime, the BullMQ
worker, server-only routes) is absent in production.
Details ...
Hard
SSoC26
Severity: High
Summary
Unauthenticated endpoints perform read-modify-write on JSON files with no serialization, causing lost writes under
concurrency and unbounded disk growth.
Details
/api/log-error ...
Hard
SSoC26
Severity: High
Summary
Several expensive and state-changing API endpoints have no authentication, enabling IDOR (read/overwrite any team
profile) and unauthenticated denial-of-service / cost amplification. ...
Hard
SSoC26
Severity: High
Summary
CSRF protection is issued but never verified, so it provides no actual protection on state-changing requests.
Details
server.js:412-419 mints an HMAC CSRF token and a csrfSecret ...
Hard
SSoC26
Severity: Critical
Summary
The BullMQ worker is never created when Redis is available, so bulk audit jobs are enqueued to Redis but never consumed
— they hang at processing forever.
Details
backend/jobs/worker.js:9 ...
Hard
SSoC26
Severity: Critical
Summary
Session JWTs can be forged because the signing secret falls back to a hardcoded constant whenever the environment is not
exactly production.
Details
In backend/services/auth.service.js:86 ...
Hard
SSoC26
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.