Weekly Code-Review Report — 2026-06-29
Commit: unknown · Generated by scripts/weekly-code-review.sh
This report aggregates slow-moving signals that per-PR CI does not
catch. Each section lists raw findings; triage is a maintainer call.
Unused code (knip)
- Unused binaries: 0
- Unused catalog: 0
- Unused dependencies: 3
- Unused devDependencies: 0
- Unused duplicates: 5
- Unused enumMembers: 8
- Unused exports: 88
- Unused files: 26
- Unused namespaceMembers: 0
- Unused optionalPeerDependencies: 0
- Unused types: 188
- Unused unlisted: 7
- Unused unresolved: 0
Rust advisories (cargo-audit)
- openhuman core — vulnerabilities: 5, warnings: 5
lopdf@0.38.0 — RUSTSEC-2026-0187: Stack overflow in lopdf via deeply nested PDF objects
postgres-protocol@0.6.11 — RUSTSEC-2026-0180: Panic decoding a malformed hstore value allows denial of service
postgres-protocol@0.6.11 — RUSTSEC-2026-0179: Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service
quinn-proto@0.11.14 — RUSTSEC-2026-0185: Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly
tokio-postgres@0.7.17 — RUSTSEC-2026-0178: Panic on a DataRow with fewer fields than columns allows denial of service
- Tauri shell — vulnerabilities: 4, warnings: 18
postgres-protocol@0.6.11 — RUSTSEC-2026-0180: Panic decoding a malformed hstore value allows denial of service
postgres-protocol@0.6.11 — RUSTSEC-2026-0179: Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service
quinn-proto@0.11.14 — RUSTSEC-2026-0185: Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly
tokio-postgres@0.7.17 — RUSTSEC-2026-0178: Panic on a DataRow with fewer fields than columns allows denial of service
TODO / FIXME backlog
- Open markers (TODO/FIXME/XXX/HACK) across
src/ + app/src/: 23
Runbook
Run log: https://github.com/ElioNeto/openhuman/actions/runs/28365325325
Weekly Code-Review Report — 2026-06-29
Commit:
unknown· Generated byscripts/weekly-code-review.shThis report aggregates slow-moving signals that per-PR CI does not
catch. Each section lists raw findings; triage is a maintainer call.
Unused code (knip)
Rust advisories (cargo-audit)
lopdf@0.38.0— RUSTSEC-2026-0187: Stack overflow in lopdf via deeply nested PDF objectspostgres-protocol@0.6.11— RUSTSEC-2026-0180: Panic decoding a malformedhstorevalue allows denial of servicepostgres-protocol@0.6.11— RUSTSEC-2026-0179: Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of servicequinn-proto@0.11.14— RUSTSEC-2026-0185: Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassemblytokio-postgres@0.7.17— RUSTSEC-2026-0178: Panic on aDataRowwith fewer fields than columns allows denial of servicepostgres-protocol@0.6.11— RUSTSEC-2026-0180: Panic decoding a malformedhstorevalue allows denial of servicepostgres-protocol@0.6.11— RUSTSEC-2026-0179: Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of servicequinn-proto@0.11.14— RUSTSEC-2026-0185: Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassemblytokio-postgres@0.7.17— RUSTSEC-2026-0178: Panic on aDataRowwith fewer fields than columns allows denial of serviceTODO / FIXME backlog
src/+app/src/: 23Runbook
live in
docs/WEEKLY-CODE-REVIEW.md.Run log: https://github.com/ElioNeto/openhuman/actions/runs/28365325325