umputun / remark42 / 25911597104

Builds	Branch	Commit	Type	Ran	Committer	Via	Coverage
25911597104	fix-typo	fix typo in file name	push	15 May 2026 09:54AM UTC	paskal	github	84.22
25889511287	dependabot/go_modules/backend/github.com/slack-go/slack-0.23.1	chore(deps): bump github.com/slack-go/slack in /backend Bumps [github.com/slack-go/slack](https://github.com/slack-go/slack) from 0.21.1 to 0.23.1. - [Release notes](https://github.com/slack-go/slack/releases) - [Changelog](https://github.com/sla...	Pull #2058	14 May 2026 10:36PM UTC	web-flow	github	84.25
25889512640	dependabot/go_modules/backend/github.com/slack-go/slack-0.23.1	chore(deps): bump github.com/slack-go/slack in /backend Bumps [github.com/slack-go/slack](https://github.com/slack-go/slack) from 0.21.1 to 0.23.1. - [Release notes](https://github.com/slack-go/slack/releases) - [Changelog](https://github.com/sla...	Pull #2058	14 May 2026 10:36PM UTC	web-flow	github	84.25
25420889359	master	Merge pull request #2052 from umputun/dependabot/go_modules/backend/go-modules-updates-47fdc5c9f4 chore(deps): bump the go-modules-updates group in /backend with 2 updates	push	06 May 2026 06:56AM UTC	web-flow	github	84.25
25234765728	dependabot/go_modules/backend/go-modules-updates-47fdc5c9f4	chore(deps): bump the go-modules-updates group Bumps the go-modules-updates group in /backend with 2 updates: [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) and [github.com/go-pkgz/auth/v2](https://github.com/go-pkgz/auth...	Pull #2052	01 May 2026 09:55PM UTC	paskal	github	84.25
24967946260	paskal/improve_get_user	Return 200 with null body from /user when unauthenticated Previously /user required auth and returned 401 for unauthenticated requests, which produced a console error in browsers checking the auth state on page load. Move /user into the open rout...	Pull #1763	26 Apr 2026 09:54PM UTC	paskal	github	84.28
24753077072	master	fix(auth): close OAuth open-redirect by wiring AllowedRedirectHosts (#2049) * fix(auth): close OAuth open-redirect by wiring AllowedRedirectHosts Bump go-pkgz/auth/v2 to master (v2.1.2-0.20260421203319-686683f19cf7) which carries the `from` redi...	push	22 Apr 2026 12:12AM UTC	web-flow	github	84.25
24752433324	bump-auth-oauth-redirect-fix	fix(auth): preserve explicit port in AllowedRedirectHosts + clarify fs_store nolint Address Copilot follow-up on PR #2049: * getAllowedRedirectHosts stripped explicit ports via u.Hostname(), which broadened the allowlist. The auth validator ch...	Pull #2049	21 Apr 2026 11:50PM UTC	paskal	github	84.25
24751384141	bump-auth-oauth-redirect-fix	fix(auth): normalise AllowedRedirectHosts entries + add unit test Address Copilot review on PR #2049. The previous closure passed raw s.AllowedHosts entries straight to the auth library, but --allowed-hosts holds CSP frame-ancestors source expres...	Pull #2049	21 Apr 2026 11:18PM UTC	paskal	github	84.24
24750894901	bump-auth-oauth-redirect-fix	chore(lint): suppress G703 false positives on image Save CI's newer gosec flags os.MkdirAll/os.WriteFile in FileSystem.Save with G703 because id flows in from the caller. id is validated at the HTTP layer (safePictureSegment in rest_public.go) an...	Pull #2049	21 Apr 2026 11:04PM UTC	paskal	github	84.19
24750714194	bump-auth-oauth-redirect-fix	fix(auth): close OAuth open-redirect by wiring AllowedRedirectHosts Bump go-pkgz/auth/v2 to master (v2.1.2-0.20260421203319-686683f19cf7) which carries the `from` redirect validator from go-pkgz/auth#275. The library default with a nil AllowedRe...	Pull #2049	21 Apr 2026 10:58PM UTC	paskal	github	84.19
24600086020	master	test: use testing/synctest to eliminate wall-clock sleeps (#2048) Go 1.25's testing/synctest package (GA) provides a fake clock bubble for deterministic goroutine and timer testing. Convert tests that waited on real-time durations to use synctest...	push	18 Apr 2026 07:47AM UTC	web-flow	github	84.25
24599629279	master	fix(api): drop QR-write nolint dup + trim dead `..` check Address PR #2045 review (umputun): * The //nolint:gosec on telegramQrCtrl's w.Write(png) was byte-identical to the same line in #2044 (gosec-rule restoration). Drop it here so the two...	push	18 Apr 2026 07:18AM UTC	umputun	github	84.13
24596866617	security-pr-a-path-traversal	fix(api): drop QR-write nolint dup + trim dead `..` check Address PR #2045 review (umputun): * The //nolint:gosec on telegramQrCtrl's w.Write(png) was byte-identical to the same line in #2044 (gosec-rule restoration). Drop it here so the two...	Pull #2045	18 Apr 2026 04:29AM UTC	paskal	github	84.34
24596576498	security-pr-a-path-traversal	fix(api): reject control characters in /picture URL segments Address PR #2045 review feedback (Copilot #2045-1). The previous safePictureSegment allowed CR/LF/TAB through, so a request such as GET /api/v1/picture/dev%0Auser/abc.png would inject l...	Pull #2045	18 Apr 2026 04:12AM UTC	paskal	github	84.36

• ← Previous
• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• …
• 105
• 106
• Next →