I have just signed up for Hacktoberfest 2024. I skipped Hacktoberfest in 2023, since I was in the midst of preparing for going trekking in Himalaya. This year will hopefully be different since I am not training for something just around the corner.
I am bit behind on assisting repositories to get going with:
- The Spelling checker GitHub Action
- Else I have no idea on what else to jump into
If you need help with anything under the banner of Hacktoberfest 2024, do reach out and I will see if I can help and/or contribute.
Do participate and Happy Hacktoberfest 2024 everyone
Top comments (3)
Here are some projects to consider!
Share us your project for Hacktoberfest 2024! 🎃
Thomas Bnt ☕ ・ Oct 2
Second day on the "job".
Have created PRs at several repositories and have commented on several with open PRs, where the spellcheck GitHub action is in use and using a very old version.
I am in the process of sunsetting the olders versions used in quite a few repositories as by the sunset policy I set up.
I try to inform some of the users on very old versions that version
0.32.0was a recommended security update.At the same time I have found some misconfigurations and other small things and I try to help the users to the best of my efforts.
Many versions to evaluate, many repositories to inspect and many PRs to create. Unfortunately none of them are participating in Hacktoberfest - but well it is still open source contribution.
Some of my repositories using GitHub Pages and the Ruby gem github-pages version 232 got a security alert.
I did some reading about the issue and saw that it had been patched and a new version of the dependency webrick had been released. But I could not find any issues or PRs in the repository for the github-pages gem.
I started out by patching my own repositories (4) with a hard-dependency on webrick 1.8.2, but after a few days of consideration and no news I decided to create a PR for a patch of the github-pages gem.
The issue is that webrick prior to 1.8.2, the patched release, suffers from a vulnerability named: HTTP Request Smuggling
The PR simply bumps the dependency, which is fairly trivial, I do not understand why nobody else reacted on this.
First PR created in the spirit and in the season of Hacktoberfest.