btcpayserver/btcpay-contribute
btcpayserver/btcpay-contribute
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

security fixes

Browse Source
This commit is contained in:
Pavlenex 2026-03-19 16:50:23 +01:00
parent 151275d547
commit 78712f5840
5 changed files with 48 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.github/workflows/deploy.yml vendored
View File

@ -5,11 +5,6 @@ on:
branches: [main]
workflow_dispatch:
permissions:
contents: read
pages: write
id-token: write
concurrency:
group: pages
cancel-in-progress: true
@ -17,24 +12,29 @@ concurrency:
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 20
cache: npm
- run: npm ci
- run: npm run build
- uses: actions/upload-pages-artifact@v3
- uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
with:
path: dist
deploy:
needs: build
runs-on: ubuntu-latest
permissions:
pages: write
id-token: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- uses: actions/deploy-pages@v4
- uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
id: deployment

22
.github/workflows/fetch-issues.yml vendored
View File

@ -10,20 +10,17 @@ concurrency:
group: fetch-issues
cancel-in-progress: false
permissions:
contents: write
pages: write
id-token: write
jobs:
fetch:
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
changed: ${{ steps.fetch.outputs.changed }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
- uses: actions/setup-node@v4
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 20
cache: npm
@ -63,11 +60,11 @@ jobs:
if: needs.fetch.outputs.changed == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
with:
ref: main # ensure we get the just-pushed commit
- uses: actions/setup-node@v4
- uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
with:
node-version: 20
cache: npm
@ -75,13 +72,16 @@ jobs:
- run: npm ci
- run: npm run build
- uses: actions/upload-pages-artifact@v3
- uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
with:
path: dist
deploy:
needs: build
runs-on: ubuntu-latest
permissions:
pages: write
id-token: write
concurrency:
group: pages
cancel-in-progress: true
@ -89,5 +89,5 @@ jobs:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- uses: actions/deploy-pages@v4
- uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
id: deployment

2
package.json
View File

@ -11,7 +11,6 @@
"lint": "eslint ."
},
"dependencies": {
"@octokit/rest": "^22.0.1",
"@radix-ui/react-dialog": "^1.1.15",
"@radix-ui/react-slot": "^1.2.4",
"@radix-ui/react-tooltip": "^1.2.8",
@ -24,6 +23,7 @@
"tailwind-merge": "^3.5.0"
},
"devDependencies": {
"@octokit/rest": "^22.0.1",
"@eslint/js": "^9.39.1",
"@tailwindcss/typography": "^0.5.19",
"@tailwindcss/vite": "^4.2.1",

2
scripts/fetch-issues.js
View File

@ -143,7 +143,7 @@ async function main() {
updatedAt: raw.updated_at ?? raw.created_at,
commentsCount: raw.comments,
reactionCount: raw.reactions?.total_count ?? 0,
labels: raw.labels
labels: (raw.labels ?? [])
.filter((l) => typeof l === 'object')
.map((l) => ({ name: l.name ?? '', color: l.color ?? '888888' })),
repo: {

41
src/components/IssueModal.tsx
View File

@ -46,21 +46,26 @@ export default function IssueModal({ issue, onClose, slideFrom }: IssueModalProp
)}
<div className="flex items-center gap-3 text-xs text-muted-foreground mt-1">
<img
src={issue.author.avatarUrl}
alt={issue.author.login}
className="w-5 h-5 rounded-full"
referrerPolicy="no-referrer"
loading="lazy"
/>
<a
href={issue.author.url}
target="_blank"
rel="noopener noreferrer"
className="font-medium hover:text-primary transition-colors"
>
{issue.author.login}
</a>
{issue.author.avatarUrl && (
<img
src={issue.author.avatarUrl}
alt={issue.author.login}
className="w-5 h-5 rounded-full"
referrerPolicy="no-referrer"
loading="lazy"
/>
)}
{issue.author.url ? (
<a
href={issue.author.url}
target="_blank"
className="font-medium hover:text-primary transition-colors"
>
{issue.author.login}
</a>
) : (
<span className="font-medium">{issue.author.login}</span>
)}
<span className="flex items-center gap-1">
<Clock size={11} aria-hidden="true" /> {timeAgo(issue.createdAt)}
</span>
@ -76,6 +81,12 @@ export default function IssueModal({ issue, onClose, slideFrom }: IssueModalProp
skipHtml
allowedElements={['p', 'h1', 'h2', 'h3', 'ul', 'ol', 'li', 'code', 'pre', 'blockquote', 'a', 'strong', 'em', 'br']}
unwrapDisallowed
components={{
a: ({ href, children }) => {
const safe = href && /^https?:\/\//i.test(href) ? href : '#'
return <a href={safe} target="_blank" rel="noopener noreferrer">{children}</a>
},
}}
>
{issue.body || '_No description provided._'}
</ReactMarkdown>