Merged
Conversation
Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com>
Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com>
Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com>
Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com>
Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com>
Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com>
…ting Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com>
Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com>
Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com>
Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com>
Co-authored-by: EthanThePhoenix38 <103653068+EthanThePhoenix38@users.noreply.github.com>
Bumps [openai](https://github.com/openai/openai-node) from 6.17.0 to 6.19.0. - [Release notes](https://github.com/openai/openai-node/releases) - [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md) - [Commits](openai/openai-node@v6.17.0...v6.19.0) --- updated-dependencies: - dependency-name: openai dependency-version: 6.19.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@csstools/css-syntax-patches-for-csstree](https://github.com/csstools/postcss-plugins/tree/HEAD/packages/css-syntax-patches-for-csstree) from 1.0.26 to 1.0.27. - [Changelog](https://github.com/csstools/postcss-plugins/blob/main/packages/css-syntax-patches-for-csstree/CHANGELOG.md) - [Commits](https://github.com/csstools/postcss-plugins/commits/HEAD/packages/css-syntax-patches-for-csstree) --- updated-dependencies: - dependency-name: "@csstools/css-syntax-patches-for-csstree" dependency-version: 1.0.27 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…/css-syntax-patches-for-csstree-1.0.27' into securite
Bumps [@csstools/css-calc](https://github.com/csstools/postcss-plugins/tree/HEAD/packages/css-calc) from 3.0.0 to 3.0.1. - [Changelog](https://github.com/csstools/postcss-plugins/blob/main/packages/css-calc/CHANGELOG.md) - [Commits](https://github.com/csstools/postcss-plugins/commits/HEAD/packages/css-calc) --- updated-dependencies: - dependency-name: "@csstools/css-calc" dependency-version: 3.0.1 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…/css-calc-3.0.1' into securite
Bumps [lru-cache](https://github.com/isaacs/node-lru-cache) from 11.2.5 to 11.2.6. - [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md) - [Commits](isaacs/node-lru-cache@v11.2.5...v11.2.6) --- updated-dependencies: - dependency-name: lru-cache dependency-version: 11.2.6 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…e-11.2.6' into securite
Bumps [@exodus/bytes](https://github.com/ExodusOSS/bytes) from 1.12.0 to 1.14.0. - [Release notes](https://github.com/ExodusOSS/bytes/releases) - [Commits](ExodusOSS/bytes@v1.12.0...v1.14.0) --- updated-dependencies: - dependency-name: "@exodus/bytes" dependency-version: 1.14.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ytes-1.14.0' into securite
Bumps the npm_and_yarn group with 1 update in the / directory: [qs](https://github.com/ljharb/qs). Updates `qs` from 6.14.1 to 6.14.2 - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.14.2) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
…yarn-14dc0ebc5a' into securite
The labeler workflow was completing with `action_required` status instead of success, blocking PR checks. ## Changes - Added `issues: write` permission to `.github/workflows/label.yml` The labeler action requires this permission to manage labels on pull requests. Without it, the workflow completes but GitHub marks it as requiring action. <!-- START COPILOT CODING AGENT TIPS --> --- 💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey).
The digest emails reference `template=unsubscribe.yml` in unsubscribe links (line 438 of `src/aggregator.js`), but the template file didn't exist. Users clicking "Se désabonner" were sent to a 404. **Changes:** - Added `.github/ISSUE_TEMPLATE/unsubscribe.yml` with required email field and optional reason field - Follows existing bilingual (French/English) pattern from `subscribe.yml` The unsubscribe flow is now functional end-to-end. <!-- START COPILOT CODING AGENT TIPS --> --- ✨ Let Copilot coding agent [set things up for you](https://github.com/ThePhoenixAgency/AI-Pulse/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo.
…-pr-57-another-one
The error handler for missing `franc-min` logged "franc-min not
available, using feed-declared language only" without telling users how
to fix it.
## Changes
- Enhanced error message to include actionable resolution steps
- Message now explicitly instructs users to run `npm install` when the
package is missing
```javascript
} catch (e) {
console.error('WARNING: franc-min package not found. Language detection will be limited to feed-declared languages only.');
console.error('To enable automatic language detection, please run: npm install');
detectLang = () => null;
}
```
This addresses the review feedback that error messages should be
informative and include instructions for resolution.
<!-- START COPILOT CODING AGENT TIPS -->
---
💬 We'd love your input! Share your thoughts on Copilot coding agent in
our [2 minute survey](https://gh.io/copilot-coding-agent-survey).
…tibility (#61) Addresses all actionable review feedback from PR #57 focusing on i18n quality, input validation, error handling, and browser compatibility. ## French Localization - Fixed missing accents throughout: `Français`, `Cybersécurité`, `Générale`, `préférée`, `Fréquence`, `Réinitialiser`, etc. - Updated config.json, issue templates, email templates, and UI strings ## Input Validation & Security **Aggregator (`src/aggregator.js`)** - Config loading with actionable error messages on missing/malformed files - Email validation (RFC-compliant regex) before sending - API key format validation with sanitized error output - Deduplication threshold type checking - HTML lang attribute validation (ISO 639-1 codes only) **Workflows** - Email validation with abuse detection (max @ symbol threshold) - RSS URL format validation - Input sanitization for source names and tags (XSS prevention) ```javascript // Before: silent crash on missing config const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8')); // After: actionable error try { if (!fs.existsSync(CONFIG_PATH)) { console.error(`ERROR: Configuration file not found at ${CONFIG_PATH}`); console.error('Please ensure config.json exists in the repository root.'); process.exit(1); } // ... } catch (e) { console.error(`ERROR: Failed to load or parse config.json: ${e.message}`); process.exit(1); } ``` ## Browser Compatibility - `localStorage` availability checks before all operations - Try-catch wrappers with quota overflow recovery - `IntersectionObserver` feature detection with graceful degradation - `ReadHistory.markRead` safety guard against undefined ## Rate Limiting & Configuration - Email sending rate limit (100ms delay between sends) - Configurable sender via `EMAIL_FROM` env var with dev domain warning - Constants extracted for magic numbers (`VALID_LANG_CODES`, `MAX_SOURCE_NAME_LENGTH`, etc.) ## Security Scan ✅ CodeQL: 0 alerts <!-- START COPILOT CODING AGENT TIPS --> --- 💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips](https://gh.io/copilot-coding-agent-tips) in the docs.
--- <!-- continue-task-summary-start --> **Continue Tasks:**▶️ 1 queued — [View all](https://hub.continue.dev/inbox?pr=https%3A%2F%2Fgithub.com%2FThePhoenixAgency%2FAI-Pulse%2Fpull%2F88&utm_source=github_pr&utm_medium=pr_body&utm_campaign=continue_tasks) <!-- continue-task-summary-end -->
--- <!-- continue-task-summary-start --> **Continue Tasks:**▶️ 1 queued — [View all](https://hub.continue.dev/inbox?pr=https%3A%2F%2Fgithub.com%2FThePhoenixAgency%2FAI-Pulse%2Fpull%2F89&utm_source=github_pr&utm_medium=pr_body&utm_campaign=continue_tasks) <!-- continue-task-summary-end -->
--- <!-- continue-task-summary-start --> **Continue Tasks:**▶️ 1 queued — [View all](https://hub.continue.dev/inbox?pr=https%3A%2F%2Fgithub.com%2FThePhoenixAgency%2FAI-Pulse%2Fpull%2F91&utm_source=github_pr&utm_medium=pr_body&utm_campaign=continue_tasks) <!-- continue-task-summary-end -->
--- <!-- continue-task-summary-start --> **Continue Tasks:**▶️ 1 queued — [View all](https://hub.continue.dev/inbox?pr=https%3A%2F%2Fgithub.com%2FThePhoenixAgency%2FAI-Pulse%2Fpull%2F92&utm_source=github_pr&utm_medium=pr_body&utm_campaign=continue_tasks) <!-- continue-task-summary-end -->
github-actions
bot
added
documentation
EthanThePhoenix38
added a commit
that referenced
this pull request
Feb 14, 2026
--- <!-- continue-task-summary-start --> **Continue Tasks:**▶️ 1 queued — [View all](https://hub.continue.dev/inbox?pr=https%3A%2F%2Fgithub.com%2FThePhoenixAgency%2FAI-Pulse%2Fpull%2F93&utm_source=github_pr&utm_medium=pr_body&utm_campaign=continue_tasks) <!-- continue-task-summary-end -->
Contributor
There was a problem hiding this comment.
Pull request overview
This PR appears to be a rebase that consolidates multiple improvements including French language corrections, enhanced error handling, improved input validation, and dependency updates. However, the rebase has introduced critical bugs due to incomplete conflict resolution.
Changes:
- Corrected French accents throughout templates, config files, workflows, and issue templates
- Enhanced error handling for config loading, localStorage operations, and email sending
- Improved input validation and sanitization in GitHub workflows
- Added rate limiting for email sending and configurable sender address
- Updated dependencies (openai, lru-cache, qs, and CSS-related packages)
- Added new unsubscribe issue template
- Improved language detection with validation against ISO 639-1 codes
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| templates/email-digest.html | Fixed French accents in email template text |
| src/aggregator.js | CRITICAL BUG: Incomplete deduplication refactoring with undefined variables; added config error handling, email validation, rate limiting, and language validation |
| readme-viewer.html | Added localStorage availability checks and error handling; BUG: new setupScrollSpy function not called; removed hideRead checkbox from UI |
| js/tracker.js | Added localStorage availability checks and improved error handling for tracking |
| package.json & package-lock.json | Updated openai to 6.19.0 and various transitive dependencies |
| config.json | Corrected French accents in category labels and tag translations |
| CHANGELOG.md | Added automated security update entries with future dates (minor issue) |
| .github/workflows/manage-subscriber.yml | Enhanced email validation with abuse prevention and sanitization |
| .github/workflows/label.yml | Added issues:write permission |
| .github/workflows/add-source.yml | Added input validation and sanitization; minor maintainability issue with error messages |
| .github/ISSUE_TEMPLATE/unsubscribe.yml | CRITICAL: New template without corresponding workflow to handle unsubscription |
| .github/ISSUE_TEMPLATE/subscribe.yml | Corrected some French accents; still missing some on lines 1, 2, and 45 |
| .github/ISSUE_TEMPLATE/new-source.yml | Corrected French accents in dropdown labels |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| sections.forEach(section => observer.observe(section)); | ||
| } | ||
|
|
There was a problem hiding this comment.
The new setupScrollSpy() function is defined but never called. It should likely be invoked during initialization in the loadReadme() function after the content is loaded, similar to how buildSectionNav() and applyFilters() are called. Without calling this function, the scroll spy feature will not be enabled.
Suggested change
| // Initialize scroll spy after the DOM is ready | |
| document.addEventListener('DOMContentLoaded', () => { | |
| setupScrollSpy(); | |
| }); |
Comment on lines
+1
to
+21
| name: Se désabonner de AI-Pulse / Unsubscribe from AI-Pulse | ||
| description: Retirez votre email de notre liste de diffusion | ||
| title: "[UNSUBSCRIBE] " | ||
| labels: ["unsubscription"] | ||
| body: | ||
| - type: input | ||
| id: email | ||
| attributes: | ||
| label: Votre email / Your email | ||
| description: L'adresse email que vous souhaitez désabonner / The email address you want to unsubscribe | ||
| placeholder: "you@example.com" | ||
| validations: | ||
| required: true | ||
| - type: textarea | ||
| id: reason | ||
| attributes: | ||
| label: Raison (optionnel) / Reason (optional) | ||
| description: Dites-nous pourquoi vous vous désabonnez (optionnel) / Tell us why you're unsubscribing (optional) | ||
| placeholder: "Je ne souhaite plus recevoir les digests / I no longer wish to receive digests" | ||
| validations: | ||
| required: false |
There was a problem hiding this comment.
A new unsubscribe issue template has been added, but there is no corresponding workflow to handle unsubscription requests. The manage-subscriber.yml workflow only handles the 'subscription' label. You need to either add a handler for the 'unsubscription' label in the existing workflow or create a new workflow to process unsubscribe requests and remove emails from the subscribers.json file.
Comment on lines
+56
to
+67
| // Sanitize and validate source name (prevent injection) | ||
| const sanitizedSourceName = sourceName.replace(/[<>'"]/g, '').slice(0, MAX_SOURCE_NAME_LENGTH); | ||
| if (sanitizedSourceName !== sourceName) { | ||
| console.log('Source name contains invalid characters'); | ||
| await github.rest.issues.createComment({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| issue_number: issue.number, | ||
| body: 'Source name contains invalid characters. Please use only alphanumeric characters, spaces, and basic punctuation.' | ||
| }); | ||
| return; | ||
| } |
There was a problem hiding this comment.
The source name sanitization check will always reject valid names that exceed MAX_SOURCE_NAME_LENGTH (100 characters) even if they contain no invalid characters. The condition if (sanitizedSourceName !== sourceName) will be true both when invalid characters are removed AND when the string is truncated. Consider separating these checks: first check for invalid characters, then check length, to provide more specific error messages to users.
Comment on lines
1
to
45
| name: S'abonner a AI-Pulse / Subscribe to AI-Pulse | ||
| description: Recevez votre digest personnalise par email | ||
| title: "[SUBSCRIBE] " | ||
| labels: ["subscription"] | ||
| body: | ||
| - type: input | ||
| id: email | ||
| attributes: | ||
| label: Votre email / Your email | ||
| placeholder: "you@example.com" | ||
| validations: | ||
| required: true | ||
| - type: checkboxes | ||
| id: categories | ||
| attributes: | ||
| label: Categories souhaitees / Desired categories | ||
| label: Catégories souhaitées / Desired categories | ||
| options: | ||
| - label: AI / IA | ||
| - label: Cybersecurity | ||
| - label: IoT | ||
| - label: Windows | ||
| - label: Mac / Apple | ||
| - label: Linux | ||
| - label: Tech Generale | ||
| - label: Entrepreneuriat | ||
| - label: Bourse & Finance | ||
| - label: Crypto & Blockchain | ||
| - label: Open Source & GitHub | ||
| - label: Produits & Innovation | ||
| - type: dropdown | ||
| id: language | ||
| attributes: | ||
| label: Langue preferee / Preferred language | ||
| label: Langue préférée / Preferred language | ||
| options: | ||
| - Francais | ||
| - Français | ||
| - English | ||
| - Les deux / Both | ||
| validations: | ||
| required: true | ||
| - type: dropdown | ||
| id: frequency | ||
| attributes: | ||
| label: Frequence / Frequency | ||
| label: Fréquence / Frequency | ||
| options: | ||
| - Chaque mise a jour (toutes les 3h) / Every update |
There was a problem hiding this comment.
The French text on lines 1 and 2 still contains missing accents: "S'abonner a" should be "S'abonner à" and "personnalise" should be "personnalisé". Additionally on line 45, "mise a jour" should be "mise à jour" for consistency with the French language corrections made elsewhere in this PR.
Comment on lines
+452
to
+458
| const threshold = (typeof SETTINGS.deduplication.similarityThreshold === 'number' && | ||
| SETTINGS.deduplication.similarityThreshold > 0 && | ||
| SETTINGS.deduplication.similarityThreshold <= 1) | ||
| ? SETTINGS.deduplication.similarityThreshold | ||
| : 0.7; | ||
| const kept = []; | ||
| const normalizedTitles = []; |
There was a problem hiding this comment.
The deduplication refactoring is incomplete. While lines 452-458 introduce new variable names (threshold and normalizedTitles), the code below (lines 467-492) still references undefined variables: normalizedData (should be normalizedTitles), titleThreshold and contentThreshold (should be threshold). This will cause a runtime error when deduplication is enabled. The refactoring needs to be completed to update all references consistently.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Continue Tasks:▶️ 1 queued — View all