Fix1

[alexss200010]

Note

Removes CodeQL/Snyk workflows and exploit/test files, adds several plaintext key files, and introduces the form-data@1.0.1 dependency with lockfile updates.

• CI/Repo config:
  • Remove CodeQL and Snyk GitHub Actions (.github/workflows/*.yml) and delete .github/CODEOWNERS.
• App/Deps:
  • Add dependency form-data@1.0.1 in package.json with corresponding package-lock.json updates (including integrity metadata changes for some packages).
• Files removed:
  • Delete multiple exploit scripts/assets under exploits/ and a spec file tests/authentication.component.spec.js.
• New files:
  • Add plaintext key/secret files: fake.aws.file, jit_secret_test_tile.py, and keys.
  • Add test_file.txt.

^{Written by Cursor Bugbot for commit 4d55fd7. This will update automatically on new commits. Configure here.}

[cursor]

This PR is being reviewed by Cursor Bugbot

Details

Your team is on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle for each member of your team.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Bug: Dependency Hell: Form-Data Version Incompatibility

Adding form-data version 1.0.1 as a direct dependency conflicts with the request package's dependency on form-data ~2.3.2. This major version downgrade (from 2.x to 1.x) will cause npm to install two different versions of form-data, potentially leading to unexpected behavior, increased bundle size, and API incompatibilities since version 1.0.1 is significantly older and has different APIs than 2.3.x.

 

[cursor]

Bug: Repository Compromise: Sensitive Data Exposed

Multiple API keys (Clockify, AbuseIPDB, Bulbul), basic auth credentials, and an OpenSSH private key have been committed to the repository. These sensitive credentials should never be stored in version control as they become permanently accessible in git history and pose a significant security risk.