Skip to content

fix: merge main into blog feature branch #1091

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
whitep4nth3r wants to merge 297 commits into from

fix: skip oauth-client-metadata

0553821
Select commit
Loading
Failed to load commit list.
Closed

fix: merge main into blog feature branch #1091

fix: skip oauth-client-metadata
0553821
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Feb 6, 2026 in 4s

10 new alerts including 9 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 9 high
  • 1 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 40 in server/api/social/like.delete.ts

See this annotation in the file changed.

Code scanning / CodeQL

Clear-text logging of sensitive information High

This logs sensitive data returned by
an access to oAuthSession
Loading
as clear text.

Check failure on line 18 in server/utils/provenance.ts

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
gitlab.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Check failure on line 78 in server/utils/provenance.ts

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
github.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Check failure on line 79 in server/utils/provenance.ts

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
gitlab.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Check failure on line 85 in server/utils/provenance.ts

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
github.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Check failure on line 86 in server/utils/provenance.ts

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
gitlab.com
Loading
' can be anywhere in the URL, and arbitrary hosts may come before or after it.

Check failure on line 175 in server/utils/readme.ts

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Check failure on line 332 in server/utils/readme.ts

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Check failure on line 377 in server/utils/readme.ts

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Check warning on line 66 in test/e2e/docs.spec.ts

See this annotation in the file changed.

Code scanning / CodeQL

Replacement of a substring with itself Medium test

This replaces '#' with itself.