Skip to content

Update AngularJS to 1.8#631

Merged
rodrigoargumedo merged 2 commits intomasterfrom
security-updates
Apr 9, 2026
Merged

Update AngularJS to 1.8#631
rodrigoargumedo merged 2 commits intomasterfrom
security-updates

Conversation

@rodrigoargumedo
Copy link
Copy Markdown
Contributor

@rodrigoargumedo rodrigoargumedo commented Apr 9, 2026
edited
Loading

This PR updates AngularJS to 1.8 to address multiple CVEs and update test code. It also removes the legacy Google Analytics code.

@rodrigoargumedo @claude
Remove Google Analytics scripts and validate URL fields in test.js fo…
79f15ca 
…r security

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings April 9, 2026 14:22
@rodrigoargumedo @claude
Update Node.js CI workflow to use newer Node.js versions and action v…
d5e7c42 
…ersions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@rodrigoargumedo rodrigoargumedo merged commit 894d9a2 into master Apr 9, 2026
4 checks passed
Copilot AI reviewed Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the site’s frontend dependency (AngularJS) to a modern 1.8.x release to mitigate known vulnerabilities, and strengthens repository validation around hackathon data.

Changes:

  • Upgrade AngularJS CDN reference from 1.2.23 to 1.8.3.
  • Add URL scheme validation in test.js to reject non-HTTP(S) URLs in hackathon link fields.
  • Remove the embedded Google Analytics snippet from index.html and 404.html.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
test.js Adds validation for unsafe URL schemes and adjusts date-parse validity checks.
index.html Removes Google Analytics snippet and bumps AngularJS script to 1.8.3.
404.html Removes Google Analytics snippet.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

test.js
Comment on lines 55 to 59
let startDate = Date.parse(hackathon.startDate);
if (startDate !== undefined) {
if (!isNaN(startDate)) {
if (lastStartDate > startDate) {
bail(`${hackathon.title} should be before ${lastHackathon.title}`);
}
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Date.parse() returns NaN for invalid/missing dates, and lastStartDate is still updated later even when startDate is NaN. If a single entry has an unparseable startDate, subsequent chronological validation will silently stop working because lastStartDate becomes NaN and comparisons always fail. Consider only updating lastStartDate/lastHackathon when startDate is a valid number (or handle invalid dates explicitly).

Copilot uses AI. Check for mistakes.
index.html
Comment on lines 6 to 12
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="An archive of hackathons from around the world (2014-2025).">
<meta name="keywords" content="hackathon, hackathons, list, directory">
<!-- Start Google Javascript -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-51284668-3', 'auto');
ga('require', 'displayfeatures');
ga('send', 'pageview');
</script>
<link rel="shortcut icon" href="images/favicon.ico" />
<link rel="stylesheet" type="text/css" href="css/skeleton.css">
<link rel="stylesheet" type="text/css" href="css/style.css">
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change removes the Google Analytics snippet entirely. The PR description/title focus on updating AngularJS for CVEs; if the analytics removal is intentional, it should be called out in the PR description (or split into a separate PR) so reviewers understand the behavioral/ops impact.

Copilot uses AI. Check for mistakes.
404.html
Comment on lines 6 to 11
<meta charset="UTF-8">
<meta name="description" content="An archive of hackathons from around the world (2014-2025).">
<meta name="keywords" content="hackathon, hackathons, list">
<link rel="shortcut icon" href="/images/favicon.ico" />
<!-- Start Google Javascript -->
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-51284668-3', 'auto');
ga('require', 'displayfeatures');
ga('send', 'pageview');
</script>
<link rel="stylesheet" type="text/css" href="css/skeleton.css">
<link rel="stylesheet" href="css/style.css">
Copy link

Copilot AI Apr 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change removes the Google Analytics snippet entirely. The PR description/title focus on updating AngularJS for CVEs; if the analytics removal is intentional, it should be called out in the PR description (or split into a separate PR) so reviewers understand the behavioral/ops impact.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rodrigoargumedo