Fix Dependabot and code scanning security alerts#352
Merged
kovtcharov merged 7 commits intomainfrom Feb 27, 2026
Merged
Conversation
Dependabot fixes: - Update tar to >=7.5.8 via npm overrides (CVE path traversal/symlink) - Update qs to 6.14.2 (arrayLimit bypass DoS) - Update lodash to 4.17.23 (prototype pollution) - Regenerate package-lock.json files across all workspaces Code scanning fixes: - Add explicit permissions blocks to pypi.yml and docs.yml workflows - Add rate limiting to docs proxy login endpoint - Fix URL redirect to use explicit 303 status code - Add path traversal protection (safePath) to eval webapp server - Add path validation to file_watcher.py compute_file_hash - Remove stack trace exposure from EMR dashboard error responses - Remove sensitive patient data from EMR log messages - Add path injection protection to EMR upload-path endpoint - Add system directory validation to EMR watch-dir config Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
github-actions
Bot
added
documentation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
- Add tar>=7.5.8 overrides to example/webui and jira/webui package.json - Regenerate package-lock.json for both workspace packages - Fixes npm ci failures in CI where lock files were out of sync Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Inline path validation in eval/webapp/server.js so CodeQL can trace data flow through resolve() + startsWith() checks - Add rate limiting middleware to eval webapp API endpoints - Restructure file_watcher.py to validate path before resolve() - Restructure EMR upload-path to validate extension before file ops - Inline URL redirect validation in docs/server.js login handler Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- file_watcher.py: Use os.path.realpath() + startswith() for path validation with new allowed_dir parameter (py/path-injection) - emr/dashboard/server.py: Validate upload paths against user home directory using os.path.realpath() + startswith() (py/path-injection) - eval/webapp/server.js: Replace custom rate limiter with express-rate-limit, inline path validation in each route handler (js/path-injection, js/missing-rate-limiting) - docs/server.js: Use server-side nonce map for redirect URLs to eliminate user-controlled data from res.redirect() (js/server-side-unvalidated-url-redirection)
- eval/webapp/server.js: Use path.basename() (CodeQL-recognized sanitizer)
for filename params, includes('..') check for subdirectory params
- docs/server.js: Use if/else guard with startsWith('/') check on redirect
target instead of ternary expression
Replace startsWith guard with url.parse() + host/protocol check, which is explicitly recognized by CodeQL as a URL redirect sanitizer.
| const parsed = url.parse(target || ''); | ||
| // Only redirect to relative paths (no host/protocol) to prevent open redirects | ||
| if (!parsed.host && !parsed.protocol && parsed.pathname) { | ||
| res.redirect(303, parsed.pathname); |
Check warning
Code scanning / CodeQL
Server-side URL redirect Medium documentation
kovtcharov-amd
approved these changes
Feb 27, 2026
itomek
approved these changes
Feb 27, 2026
itomek
pushed a commit
that referenced
this pull request
Mar 12, 2026
## Summary - Fix all open Dependabot alerts: update `tar` (>=7.5.8), `qs` (6.14.2), and `lodash` (4.17.23) across all package-lock.json files - Fix all open code scanning alerts across Python and JavaScript files - Add missing GitHub Actions workflow permissions to `pypi.yml` and `docs.yml` ## Changes ### Dependabot (15 alerts) - **tar** (high): Add npm overrides to force `tar>=7.5.8`, fixing path traversal and symlink vulnerabilities across root, example/webui, and jira/webui workspaces - **qs** (low): Update to 6.14.2 fixing arrayLimit bypass DoS in root, docs, eval/webapp, and vscode extension - **lodash** (medium): Update to 4.17.23 fixing prototype pollution in all workspaces ### Code Scanning (22 alerts) | Alert | File | Fix | |-------|------|-----| | Missing workflow permissions | `pypi.yml`, `docs.yml` | Added `permissions: contents: read` to jobs | | Stack trace exposure (6) | `emr/dashboard/server.py` | Replaced `str(e)` in HTTP responses with generic messages | | Path injection (4) | `emr/dashboard/server.py` | Added path traversal validation and system directory checks | | Clear-text logging (4) | `emr/dashboard/server.py`, `emr/agent.py` | Removed patient IDs from log messages | | Path injection (3) | `utils/file_watcher.py` | Added `..` traversal check in `compute_file_hash` | | Path injection (1) | `eval/webapp/server.js` | Added `safePath()` validation to all file-serving routes | | URL redirect (1) | `docs/server.js` | Use explicit HTTP 303 redirect status | | Missing rate limiting (1) | `docs/server.js` | Added `express-rate-limit` to login endpoint | ## Test plan - [ ] Verify `gaia chat` works correctly - [ ] Verify EMR dashboard starts and processes forms - [ ] Verify eval webapp loads experiment data - [ ] Verify docs proxy starts correctly - [ ] Run `npm audit` in each workspace to confirm 0 vulnerabilities for tar/qs/lodash 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
tar(>=7.5.8),qs(6.14.2), andlodash(4.17.23) across all package-lock.json filespypi.ymlanddocs.ymlChanges
Dependabot (15 alerts)
tar>=7.5.8, fixing path traversal and symlink vulnerabilities across root, example/webui, and jira/webui workspacesCode Scanning (22 alerts)
pypi.yml,docs.ymlpermissions: contents: readto jobsemr/dashboard/server.pystr(e)in HTTP responses with generic messagesemr/dashboard/server.pyemr/dashboard/server.py,emr/agent.pyutils/file_watcher.py..traversal check incompute_file_hasheval/webapp/server.jssafePath()validation to all file-serving routesdocs/server.jsdocs/server.jsexpress-rate-limitto login endpointTest plan
gaia chatworks correctlynpm auditin each workspace to confirm 0 vulnerabilities for tar/qs/lodash🤖 Generated with Claude Code