rebase#88
Merged
EthanThePhoenix38 merged 181 commits intoclaude/main-portfolio-footer-G1Gdxfrom Feb 14, 2026
Merged
Conversation
Bumps [jsdom](https://github.com/jsdom/jsdom) from 27.4.0 to 28.0.0. - [Release notes](https://github.com/jsdom/jsdom/releases) - [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md) - [Commits](jsdom/jsdom@27.4.0...28.0.0) --- updated-dependencies: - dependency-name: jsdom dependency-version: 28.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [tldts](https://github.com/remusao/tldts) from 7.0.21 to 7.0.22. - [Release notes](https://github.com/remusao/tldts/releases) - [Changelog](https://github.com/remusao/tldts/blob/master/CHANGELOG.md) - [Commits](remusao/tldts@v7.0.21...v7.0.22) --- updated-dependencies: - dependency-name: tldts dependency-version: 7.0.22 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…0.22' into securite
…re-7.0.22' into securite
… digests Major overhaul of AI-Pulse into a fully configurable, personalized news reader: - config.json: externalized 12 categories (AI, Cybersecurity, IoT, Windows, Mac, Linux, Tech, Entrepreneurship, Finance, Crypto, Open Source, Products) with 112 RSS sources in FR/EN, bilingual labels, and keyword mappings - aggregator.js: config-driven, franc-min language detection, article deduplication (70% Dice similarity), local Readability reader, RSS feed generation (global + per-category), email digests via Resend API - readme-viewer.html: section navigation sidebar with scroll spy, preferences panel (language, categories, keywords, article count slider), DOM-based filtering - reader.html: back button in article info bar - tracker.js: preferences manager, read history, bookmarks manager (localStorage) - All pages: portfolio moved from nav to footer, added "Proposer une source" and "S'abonner" links in footer pointing to GitHub Issue templates - Issue templates: source submission (new-source.yml) and subscription (subscribe.yml) - Workflows: add-source.yml (auto-add approved sources), manage-subscriber.yml (auto-add subscribers), update-ai-pulse.yml (API_RESEND env var) - Email digest: HTML template with personalized content per subscriber preferences https://claude.ai/code/session_0138bAjho1fWwiRZju3nJFJ3
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…as HTML Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…as HTML Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Bumps [@asamuzakjp/css-color](https://github.com/asamuzaK/cssColor) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/asamuzaK/cssColor/releases) - [Commits](asamuzaK/cssColor@v4.1.1...v4.1.2) --- updated-dependencies: - dependency-name: "@asamuzakjp/css-color" dependency-version: 4.1.2 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…jp/css-color-4.1.2' into securite
Bumps [@asamuzakjp/dom-selector](https://github.com/asamuzaK/domSelector) from 6.7.7 to 6.7.8. - [Release notes](https://github.com/asamuzaK/domSelector/releases) - [Commits](asamuzaK/domSelector@v6.7.7...v6.7.8) --- updated-dependencies: - dependency-name: "@asamuzakjp/dom-selector" dependency-version: 6.7.8 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…jp/dom-selector-6.7.8' into securite
Mise à jour avec plus de sources, Mac et ancres vers les catégories, plus aérées. Portfolio amélioré, migré vers footer.
Nouvelle version du site
Bumps the npm_and_yarn group with 1 update in the / directory: [qs](https://github.com/ljharb/qs). Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.14.2) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
…yarn-14dc0ebc5a' into securite
Annule les modifications de documentation qui cassaient la structure HTML. Les fichiers reader.html et portfolio.html sont restaurés depuis main. https://claude.ai/code/session_0138bAjho1fWwiRZju3nJFJ3
- Ajoute balises </head> et <body> manquantes - Restaure structure HTML valide - Portfolio avec config simplifiée https://claude.ai/code/session_0138bAjho1fWwiRZju3nJFJ3
Added a security policy document outlining supported versions and vulnerability reporting.
…scripting Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…scripting (#86) Potential fix for [https://github.com/ThePhoenixAgency/AI-Pulse/security/code-scanning/22](https://github.com/ThePhoenixAgency/AI-Pulse/security/code-scanning/22) In general, to fix this kind of issue you must ensure that any value deriving from user input (like `window.location.hash`) is either strictly validated against an allowlist of expected values or properly escaped before being written into HTML via `innerHTML`, `document.write`, or similar sinks. Here, the vulnerable usage is in the error template where `${filename}` is inserted into HTML. The minimal, behavior‑preserving fix is: 1. Introduce a small helper function that HTML‑escapes a string (`&`, `<`, `>`, `"`, `'`, and `/` at least). 2. Use this helper to sanitize `filename` at the point where it is interpolated into the error message HTML (line 418–422). 3. Keep using the original unsanitized `filename` for non‑HTML contexts (like building the GitHub URL path), because the URL path is constrained by the existing logic via `docsNav`. However, to be extra defensive, we can also use the escaped version in the GitHub URL; escaping `<`, `>`, etc. is safe for URLs in HTML attributes. Concretely: - Add a function `escapeHtml(str)` above `loadDoc`. - In `loadDoc`, compute `const safeFilename = escapeHtml(filename);`. - Use `safeFilename` instead of `filename` in the error HTML template literal (both in the visible text and the `href` attribute). No external libraries are needed; the escaping function is simple and self‑contained. All changes are within `docs.html` in the shown script block. --- _Suggested fixes powered by Copilot Autofix. Review carefully before merging._
EthanThePhoenix38
merged commit 19f23b0
into
claude/main-portfolio-footer-G1Gdx
13 of 14 checks passed
github-actions
bot
added
documentation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR performs a rebase operation, integrating multiple automated security updates and introducing new subscription and source management features.
Changes:
- Added subscriber and source management workflows with issue templates
- Integrated automated security batch updates across multiple dates
- Added SECURITY.md policy file
- Updated workflow configurations for improved stability
- Added new GitHub Actions workflows for managing subscribers and sources
Reviewed changes
Copilot reviewed 100 out of 905 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| SECURITY.md | Adds security policy template with version support matrix |
| CHANGELOG.md | Records automated security updates from DependabotSecureFlow |
| .github/workflows/sync-to-action-repo.yaml | Removes trailing blank line for cleaner formatting |
| .github/workflows/release-notification.yaml | Updates GitHub API method calls and modifies summary message |
| .github/workflows/manage-subscriber.yml | Adds workflow for automated subscriber management via issues |
| .github/workflows/add-source.yml | Adds workflow for automated source addition via issues |
| .github/ISSUE_TEMPLATE/subscribe.yml | Creates subscription form template |
| .github/ISSUE_TEMPLATE/new-source.yml | Creates new source suggestion template |
| .github/ISSUE_TEMPLATE/config.yml | Configures issue template settings |
| data/articles/*.html | Adds new article data files |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| // Get the Announcements category ID (you may need to adjust this) | ||
| const categories = await github.rest.discussions.listCategories({ | ||
| const categories = await github.rest.discussions.listCategoriesInRepository({ |
There was a problem hiding this comment.
The GitHub API method has been changed from listCategories to listCategoriesInRepository. This appears to be a correction to use the proper API method name. Verify that this method exists in the version of the GitHub REST API being used, as this could be a breaking change if the method signature or behavior differs from the previous one.
Suggested change
| const categories = await github.rest.discussions.listCategoriesInRepository({ | |
| const categories = await github.rest.discussions.listCategories({ |
Comment on lines
71
to
86
| @@ -83,7 +81,9 @@ jobs: | |||
| } | |||
| } | |||
| } | |||
| `, { | |||
| `; | |||
|
|
|||
| await github.graphql(mutation, { | |||
There was a problem hiding this comment.
The GraphQL mutation string is now defined in a separate variable before being passed to github.graphql(). While this improves readability, ensure that extracting the mutation doesn't introduce any issues with template literal interpolation or formatting that could affect the GraphQL query execution.
| - name: Send Summary | ||
| run: | | ||
| echo "## 🎉 Release Published" >> $GITHUB_STEP_SUMMARY | ||
| echo "## 🎉 Release Published by Phoenix" >> $GITHUB_STEP_SUMMARY |
There was a problem hiding this comment.
The summary message has been changed from "Release Published" to "Release Published by Phoenix". The addition of "by Phoenix" may be unnecessarily specific or could cause confusion if the actual publisher is different. Consider whether this branding addition is appropriate for all release contexts.
Suggested change
| echo "## 🎉 Release Published by Phoenix" >> $GITHUB_STEP_SUMMARY | |
| echo "## 🎉 Release Published" >> $GITHUB_STEP_SUMMARY |
EthanThePhoenix38
added a commit
that referenced
this pull request
Feb 14, 2026
--- <!-- continue-task-summary-start --> **Continue Tasks:**▶️ 1 queued — [View all](https://hub.continue.dev/inbox?pr=https%3A%2F%2Fgithub.com%2FThePhoenixAgency%2FAI-Pulse%2Fpull%2F89&utm_source=github_pr&utm_medium=pr_body&utm_campaign=continue_tasks) <!-- continue-task-summary-end -->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Continue Tasks:▶️ 1 queued — View all