levino
commented
9 months ago Some of the security issues are back.
Closed levino closed 9 months ago
levino
commented
9 months ago Some of the security issues are back.
thomasdavis
commented
9 months ago Fixed the criticals
levino
commented
9 months ago We need a way to check on PRs that they do not (re-)introduce vulnerabilities. However I shy away from running a ci script "pnpm audit" for PRs because the exit code of this script might suddenly change for reasons outside of the repository...
I think we need to fix all security issues asap. Probably that means removing some or many themes. But the possibility to inject stuff into handlebars templating engine is really problematic, as far as I can tell (just make a resume.json that contains an injection and read out our environment etc.).