Skip to content

Limit event comments to 255 chars#159

Merged
tarekio merged 3 commits into
mainfrom
BYNT-1434-Limit-event-comments-to-255-chars
Aug 21, 2025
Merged

Limit event comments to 255 chars#159
tarekio merged 3 commits into
mainfrom
BYNT-1434-Limit-event-comments-to-255-chars

Conversation

@apodacaduron

@apodacaduron apodacaduron commented Aug 15, 2025

Copy link
Copy Markdown
Contributor

Jira Issue

  1. BYNT-1434

Description

Add a form validation to limit event comments to 255 chars

Checklist

  • Tests added/updated
  • Documentation updated (if needed)
  • New strings prepared for translations

API Changes (if applicable)

  • Permissions checked
  • Endpoint tests added

Additional Notes

[Any other relevant information]

@apodacaduron apodacaduron requested a review from tarekio August 15, 2025 14:46
@apodacaduron apodacaduron self-assigned this Aug 15, 2025
@tarekio tarekio requested a review from level09 August 18, 2025 21:50

@level09 level09 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems good. but @tarekio do you want to have that validated in the backend/DB ? or just keep it front-end only?

@tarekio tarekio merged commit ef8bc2a into main Aug 21, 2025
6 of 7 checks passed
@tarekio tarekio deleted the BYNT-1434-Limit-event-comments-to-255-chars branch August 21, 2025 23:35
@level09 level09 mentioned this pull request Apr 25, 2026
3 tasks
level09 added a commit that referenced this pull request May 6, 2026
## Summary

Patch release addressing 11 open Dependabot advisories in `uv.lock`
(high + medium severity). All fixes are minor/patch-level dependency
bumps. No code changes.

| Package | From | To | Severity | Advisory |
|---|---|---|---|---|
| lxml | 6.0.2 | 6.1.0 | **high** |
[GHSA-pp7h-53gx-mx7r](GHSA-pp7h-53gx-mx7r)
— XXE in iterparse/ETCompatXMLParser |
| pillow | 12.1.1 | 12.2.0 | **high** |
[GHSA-2vfv-wwj6-7q47](https://github.com/advisories/GHSA-2vfv-wwj6-7q47)
— FITS GZIP decompression bomb |
| pypdf | 6.10.0 | 6.10.2 | medium | 3 advisories — RAM exhaustion via
crafted PDFs |
| python-dotenv | 1.2.1 | 1.2.2 | medium | symlink-following in set_key
|
| Mako | 1.3.10 | 1.3.11 | medium | path traversal in TemplateLookup |
| pytest (dev) | 9.0.2 | 9.0.3 | medium | vulnerable tmpdir handling |

`pip <= 26.0.1` (alert #159) is also flagged but no patched version is
available yet upstream — left for a follow-up.

Frontend advisories (`dompurify`, `vite`, `uuid` in
`docs/package-lock.json`) are scoped to the docs site and tracked
separately.

## Test plan

- [x] `uv sync --extra dev` clean
- [x] `uv run pytest -q` — **773 passed, 4 skipped** in 29.5 s
- [ ] After merge, bump `production` and tag v4.0.2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants