Fix CodeQL scan issues in "Soliciting and Evaluating ACRs..." training main.bundle.js#1069
Merged
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
drewnielson
changed the title
drewnielson
requested review from
KMSOC,
alexwilsongsa and
michaelhortongsa
as code owners
KMSOC
approved these changes
Apr 16, 2025
michaelhortongsa
added a commit
that referenced
this pull request
Apr 29, 2025
* Stage redirect for annual reports (#1049) * Stage PM List, accessibility bug fixes. (#1050) * Stage tools landing, playbook overview, misc relative links to improve testing on staging (#1051) * Stage Web-only version 4.1.1 for image bugfix. (#1052) * Stage bug fix (#1053) * Stage draft updates (#1055) * Updated KPIs with short URL redirects (#1057) * Feature/ogpweb 16849 (#1058) * momentjs version upgraded * momentjs version upgraded * ng updated * gem lock updated * Updated DOJ EOUS Trustees (#1060) * April itacm (#1061) * Stage ITACM for April * Update ITACM for April * Update ITACM for April * Htaccess update (#1062) * htaccess content updated- attemp-1 * htaccess content updated- attemp-2 * Pml08 apr25 (#1063) * Update PM List for 08APR25 * Update PM List for 08APR25 * Update PM List for 08APR25 --------- Co-authored-by: Andrew Nielson <29068131+drewnielson@users.noreply.github.com> * Update PM List for 09APR25 (#1064) * Event update (#1067) * Update April ITACM date. * Update information. * Update formatting * Update formatting again * update front matter end date (#1068) * def updates (#1070) * def updates * two updates * Update 2020-02-27-tools-glossary-terms.md --------- Co-authored-by: Michael Horton <47794384+michaelhortongsa@users.noreply.github.com> * Update PM USAF (#1071) Co-authored-by: Andrew Nielson <29068131+drewnielson@users.noreply.github.com> * Event2025 04 16 (#1072) * Update IAAF landing page dates and misc * Update date image size, updated dates * Fix ics URI for testing on staging * Fix day-date paring. (#1073) * Fix day-date paring. * Optimize images and update meta site description. * Correct description * Fix CodeQL scan issues in "Soliciting and Evaluating ACRs..." training main.bundle.js (#1069) * initial fix on unvalidated action * patch on incomplete multi-character sanitization at 15093 * update unvalidated method to us Map * fix issue 145 - incomplete string escaping * fix issue 144 - incomplete string escaping * fix issues 143, 142, 141, 131, 130, 129 - incomplete string escaping * additional fix for escaping backslash character in input * fix issues 126 - overly permissive regex, 123 - prototype-polluting function * Updated nokogiri to 1.18.7 to fix High vulerability detected by Dependabot (#1074) * Fix CodeQL issues in "Procuring Section 508 Conformant ICT..." course JavaScript (#1076) * fix issues 149, 148, 147 - incomplete multi-character sanitization * fix issues 140, 139, 138, 137, 136, 135, 134 - incomplete string escaping * fix issue 127 - bad HTML filtering regexp * fix issue 124 - prototype-polluting function * fix issue 125 - overly permissive regex * fix variable * fix syntax * Misc21 apr25 (#1077) * Update SRT langing page; PL List for CIA and USITC. * Update SRT landing page with card. * Update SRT landing page card. * Update SRT landing page card. * Update SRT landing page card. * Update SRT landing page card. * Add April 2025 ITACM Docs. (#1079) * Fix CodeQL issues in "Micro-Purchases and Section 508 Requirements" course (#1078) * fix CodeQL issue 136 - escape backslash characters * un-minify 88bd0ee9 * un-minify 88bd0ee9, remove duplicate line * fix biased random numbers from cryptographically secure source * fix multi-character sanitization in switch * fix bad HTML filtering regex * fix incomplete string escaping * fix incomplete multi-character sanitization; overly permissive regex * fix incomplete multi-character sanitization; overly permissive regex * un-minify b45fd027 and 10cbab57 * fix string replacement and incomplete string escaping * fix incomplete multi-character sanitization * fix incomplete multi-character sanitization and incomplete string escaping * fix incomplete string escaping and inefficient regex * fix inefficient regex * fix inefficient regex, URL sanitization * fix unvalidated dynamic method calls * un-minify execs 487a5978.js * additional fix on unvalidated dynamic method call * fix prototype-polluting function and multi-character sanitization * fix HTML filtering regex and incomplete string escaping * fix overly permissive regex and bad HTML filtering regex * fix incomplete string escaping * fix unvalidated dynamic method call * remove merge-schedule (#1081) * Revert "remove merge-schedule (#1081)" (#1083) This reverts commit 17be80a. * add esbuild override (#1084) --------- Co-authored-by: Yogita B <59358166+yogitabholwankar@users.noreply.github.com> Co-authored-by: Andrew Nielson <29068131+drewnielson@users.noreply.github.com> Co-authored-by: KMSOC <122887429+KMSOC@users.noreply.github.com> Co-authored-by: PrashantK <prashant.kakade@gsa.gov> Co-authored-by: arnayv-47 <arnay.vohra@gsa.gov>
lmgeorge
pushed a commit
to gsa-archived/Section508.gov
that referenced
this pull request
May 4, 2025
* Stage redirect for annual reports (GSA#1049) * Stage PM List, accessibility bug fixes. (GSA#1050) * Stage tools landing, playbook overview, misc relative links to improve testing on staging (GSA#1051) * Stage Web-only version 4.1.1 for image bugfix. (GSA#1052) * Stage bug fix (GSA#1053) * Stage draft updates (GSA#1055) * Updated KPIs with short URL redirects (GSA#1057) * Feature/ogpweb 16849 (GSA#1058) * momentjs version upgraded * momentjs version upgraded * ng updated * gem lock updated * Updated DOJ EOUS Trustees (GSA#1060) * April itacm (GSA#1061) * Stage ITACM for April * Update ITACM for April * Update ITACM for April * Htaccess update (GSA#1062) * htaccess content updated- attemp-1 * htaccess content updated- attemp-2 * Pml08 apr25 (GSA#1063) * Update PM List for 08APR25 * Update PM List for 08APR25 * Update PM List for 08APR25 --------- Co-authored-by: Andrew Nielson <29068131+drewnielson@users.noreply.github.com> * Update PM List for 09APR25 (GSA#1064) * Event update (GSA#1067) * Update April ITACM date. * Update information. * Update formatting * Update formatting again * update front matter end date (GSA#1068) * def updates (GSA#1070) * def updates * two updates * Update 2020-02-27-tools-glossary-terms.md --------- Co-authored-by: Michael Horton <47794384+michaelhortongsa@users.noreply.github.com> * Update PM USAF (GSA#1071) Co-authored-by: Andrew Nielson <29068131+drewnielson@users.noreply.github.com> * Event2025 04 16 (GSA#1072) * Update IAAF landing page dates and misc * Update date image size, updated dates * Fix ics URI for testing on staging * Fix day-date paring. (GSA#1073) * Fix day-date paring. * Optimize images and update meta site description. * Correct description * Fix CodeQL scan issues in "Soliciting and Evaluating ACRs..." training main.bundle.js (GSA#1069) * initial fix on unvalidated action * patch on incomplete multi-character sanitization at 15093 * update unvalidated method to us Map * fix issue 145 - incomplete string escaping * fix issue 144 - incomplete string escaping * fix issues 143, 142, 141, 131, 130, 129 - incomplete string escaping * additional fix for escaping backslash character in input * fix issues 126 - overly permissive regex, 123 - prototype-polluting function * Updated nokogiri to 1.18.7 to fix High vulerability detected by Dependabot (GSA#1074) * Fix CodeQL issues in "Procuring Section 508 Conformant ICT..." course JavaScript (GSA#1076) * fix issues 149, 148, 147 - incomplete multi-character sanitization * fix issues 140, 139, 138, 137, 136, 135, 134 - incomplete string escaping * fix issue 127 - bad HTML filtering regexp * fix issue 124 - prototype-polluting function * fix issue 125 - overly permissive regex * fix variable * fix syntax * Misc21 apr25 (GSA#1077) * Update SRT langing page; PL List for CIA and USITC. * Update SRT landing page with card. * Update SRT landing page card. * Update SRT landing page card. * Update SRT landing page card. * Update SRT landing page card. * Add April 2025 ITACM Docs. (GSA#1079) * Fix CodeQL issues in "Micro-Purchases and Section 508 Requirements" course (GSA#1078) * fix CodeQL issue 136 - escape backslash characters * un-minify 88bd0ee9 * un-minify 88bd0ee9, remove duplicate line * fix biased random numbers from cryptographically secure source * fix multi-character sanitization in switch * fix bad HTML filtering regex * fix incomplete string escaping * fix incomplete multi-character sanitization; overly permissive regex * fix incomplete multi-character sanitization; overly permissive regex * un-minify b45fd027 and 10cbab57 * fix string replacement and incomplete string escaping * fix incomplete multi-character sanitization * fix incomplete multi-character sanitization and incomplete string escaping * fix incomplete string escaping and inefficient regex * fix inefficient regex * fix inefficient regex, URL sanitization * fix unvalidated dynamic method calls * un-minify execs 487a5978.js * additional fix on unvalidated dynamic method call * fix prototype-polluting function and multi-character sanitization * fix HTML filtering regex and incomplete string escaping * fix overly permissive regex and bad HTML filtering regex * fix incomplete string escaping * fix unvalidated dynamic method call * remove merge-schedule (GSA#1081) * Revert "remove merge-schedule (GSA#1081)" (GSA#1083) This reverts commit 17be80a. * add esbuild override (GSA#1084) --------- Co-authored-by: Yogita B <59358166+yogitabholwankar@users.noreply.github.com> Co-authored-by: Andrew Nielson <29068131+drewnielson@users.noreply.github.com> Co-authored-by: KMSOC <122887429+KMSOC@users.noreply.github.com> Co-authored-by: PrashantK <prashant.kakade@gsa.gov> Co-authored-by: arnayv-47 <arnay.vohra@gsa.gov>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes CodeQL scan issues: 123, 126, 129, 130, 131, 141, 142, 143, 144, 145, 146, 150, 151, 152, 153