github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-10 15:15:41 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity
13,708 Commits 88 Branches 59 Tags
spike-huma-openapi3
Commit Graph

5 Commits

Author SHA1 Message Date
kolaente
cc22acdf3e chore(lint): suppress gosec false positives on SSRF-safe HTTP client calls 2026-03-23 16:34:22 +00:00
kolaente
363aa66423 fix: prevent SSRF via OpenID Connect avatar download (GHSA-g9xj-752q-xh63) 2026-03-23 16:34:22 +00:00
kolaente
2053426062 chore(lint): suppress known gosec false positives 
Add config-level exclusions for G117 (secret-named struct fields),
G101 in test files, G702/G704 in magefile, and goheader in plugins.
Add inline #nosec comments for specific G703/G704 false positives
in export, dump/restore, migration, and avatar code.
 2026-03-23 16:23:15 +01:00
kolaente
731b7c3001 fix: avoid mutating global http.DefaultClient in webhook proxy (#2145) 
Fixes a bug where the webhook HTTP client was mutating `http.DefaultClient` (the global singleton), causing ALL HTTP requests in the application to use the webhook proxy. This broke OIDC authentication and other external HTTP calls when webhook proxy was configured.

Fixes #2144
 2026-01-24 13:58:47 +01:00
Weijie Zhao
a214d68a44 feat(auth): sync avatar from OpenID providers (#821) 2025-06-16 15:59:31 +02:00