Skip to content

[DO NOT MERGE]: unstable to hotfixes, Q1 major release #5750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
marcellamaki wants to merge 774 commits into
base: hotfixes
Choose a base branch
from

[Remove Vuetify from Studio] Checkboxes and chips in the library side…

bbeeea9
Select commit
Loading
Failed to load commit list.
Draft

[DO NOT MERGE]: unstable to hotfixes, Q1 major release #5750

[Remove Vuetify from Studio] Checkboxes and chips in the library side…
bbeeea9
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL succeeded Mar 17, 2026 in 3s

6 new alerts including 6 medium severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 6 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 12 in .github/workflows/call-contributor-pr-reply.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Check warning on line 11 in .github/workflows/call-pull-request-target.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Check warning on line 15 in .github/workflows/call-update-pr-spreadsheet.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Check warning on line 111 in contentcuration/contentcuration/views/base.py

See this annotation in the file changed.

Code scanning / CodeQL

Reflected server-side cross-site scripting High

Cross-site scripting vulnerability due to a
user-provided value
Loading
.

Check warning on line 406 in contentcuration/contentcuration/views/base.py

See this annotation in the file changed.

Code scanning / CodeQL

Reflected server-side cross-site scripting High

Cross-site scripting vulnerability due to a
user-provided value
Loading
.

Check warning on line 472 in contentcuration/contentcuration/viewsets/channel.py

See this annotation in the file changed.

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.