From 79f15cac120a9b0c408c0763dc8216b4c791ad32 Mon Sep 17 00:00:00 2001
From: Rodrigo Argumedo <7613139+rodrigoargumedo@users.noreply.github.com>
Date: Thu, 9 Apr 2026 14:11:59 +0000
Subject: [PATCH 1/2] Remove Google Analytics scripts and validate URL fields
 in test.js for security

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 404.html   | 10 ----------
 index.html | 12 +-----------
 test.js    | 10 +++++++++-
 3 files changed, 10 insertions(+), 22 deletions(-)

diff --git a/404.html b/404.html
index 41b779d9..86cc6d3c 100644
--- a/404.html
+++ b/404.html
@@ -7,16 +7,6 @@
 		<meta name="description" content="An archive of hackathons from around the world (2014-2025).">
 		<meta name="keywords" content="hackathon, hackathons, list">
 		<link rel="shortcut icon" href="/images/favicon.ico" />
-		<!-- Start Google Javascript -->
-		<script>
-			(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
-			(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
-			m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
-			})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
-			ga('create', 'UA-51284668-3', 'auto');
-			ga('require', 'displayfeatures');
-			ga('send', 'pageview');
-		</script>
 		<link rel="stylesheet" type="text/css" href="css/skeleton.css">
 		<link rel="stylesheet" href="css/style.css">
 	</head>
diff --git a/index.html b/index.html
index 421445ff..fbff5f9c 100644
--- a/index.html
+++ b/index.html
@@ -7,16 +7,6 @@
 		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<meta name="description" content="An archive of hackathons from around the world (2014-2025).">
 		<meta name="keywords" content="hackathon, hackathons, list, directory">
-		<!-- Start Google Javascript -->
-		<script>
-			(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
-			(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
-			m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
-		})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
-			ga('create', 'UA-51284668-3', 'auto');
-			ga('require', 'displayfeatures');
-			ga('send', 'pageview');
-		</script>
 		<link rel="shortcut icon" href="images/favicon.ico" />
 		<link rel="stylesheet" type="text/css" href="css/skeleton.css">
 		<link rel="stylesheet" type="text/css" href="css/style.css">
@@ -217,6 +207,6 @@ <h2>{{hackathon.title}}</h2>
 		</div>
 	</body>
 
-	<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.2.23/angular.min.js"></script>
+	<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.8.3/angular.min.js"></script>
 	<script src="js/app.js"></script>
 </html>
diff --git a/test.js b/test.js
index 4e440f9b..0f780a83 100644
--- a/test.js
+++ b/test.js
@@ -44,8 +44,16 @@ for (const year of years) {
     let lastHackathon;
 
     for (const hackathon of obj[monthName]) {
+      // Validate URL fields don't use dangerous schemes (e.g. javascript:)
+      for (const field of ['url', 'facebookURL', 'twitterURL']) {
+        const val = (hackathon[field] || '').trim();
+        if (val && /^[a-z][a-z0-9+.-]*:/i.test(val) && !/^https?:/i.test(val)) {
+          bail(`${hackathon.title} has unsafe ${field}: ${val}`);
+        }
+      }
+
       let startDate = Date.parse(hackathon.startDate);
-      if (startDate !== undefined) {
+      if (!isNaN(startDate)) {
         if (lastStartDate > startDate) {
           bail(`${hackathon.title} should be before ${lastHackathon.title}`);
         }

From d5e7c42b3b3a6a06b6dfec9728b3423a80828999 Mon Sep 17 00:00:00 2001
From: Rodrigo Argumedo <7613139+rodrigoargumedo@users.noreply.github.com>
Date: Thu, 9 Apr 2026 14:24:17 +0000
Subject: [PATCH 2/2] Update Node.js CI workflow to use newer Node.js versions
 and action versions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/node.js.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
index 88cdbf32..db86c07d 100644
--- a/.github/workflows/node.js.yml
+++ b/.github/workflows/node.js.yml
@@ -16,12 +16,12 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [10.x, 12.x, 14.x]
+        node-version: [18.x, 20.x, 22.x]
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
     - run: node test.js