streamyfin

alteropen/streamyfin

Fork 0

mirror of https://github.com/streamyfin/streamyfin.git synced 2026-06-01 19:48:28 +01:00

Commit Graph

Author	SHA1	Message	Date
Gauvino	d2a0fd875a	fix(detect-duplicate): sanitize reposted issue titles Security audit: the bot echoes other issues' titles back into a comment, so a maliciously-named issue could ping (@everyone) or inject markdown/HTML. Break @-mentions with a zero-width space and strip markdown/HTML control chars before posting.	2026-06-01 20:32:39 +02:00
Gauvino	d2c48de60d	ci(issues): flag likely-duplicate issues on open Adds .github/workflows/detect-duplicate.yml + scripts/detect-duplicate-issue.mjs (Bun, dep-free, no API key): on a new issue, compares its title/body to open issues via Jaccard similarity (with light stemming and stop-words), and if the top matches pass a threshold, posts one comment listing them and adds a 'possible duplicate' label. Inspired by seerr's detect-duplicate, minus the embedding/Groq dependency.	2026-06-01 17:38:19 +02:00

Author

SHA1

Message

Date

Gauvino

d2a0fd875a

fix(detect-duplicate): sanitize reposted issue titles

Security audit: the bot echoes other issues' titles back into a comment, so a
maliciously-named issue could ping (@everyone) or inject markdown/HTML. Break
@-mentions with a zero-width space and strip markdown/HTML control chars before
posting.

2026-06-01 20:32:39 +02:00

Gauvino

d2c48de60d

ci(issues): flag likely-duplicate issues on open

Adds .github/workflows/detect-duplicate.yml + scripts/detect-duplicate-issue.mjs
(Bun, dep-free, no API key): on a new issue, compares its title/body to open
issues via Jaccard similarity (with light stemming and stop-words), and if the
top matches pass a threshold, posts one comment listing them and adds a
'possible duplicate' label. Inspired by seerr's detect-duplicate, minus the
embedding/Groq dependency.

2026-06-01 17:38:19 +02:00

2 Commits