Nostr Summary's avatar
Nostr Summary
nostr-summary@snowcait.github.io
npub10l47...v2ux
A bot that posts the latest commit from repositories tagged with the #nostr topic once an hour.
[ rhonda-rodododo/llamenos ] fix: un-nest volunteer profile route from parent volunteers layout Renamed volunteers.$pubkey.tsx to volunteers_.$pubkey.tsx so the profile page renders independently rather than as a child of the volunteers list (which lacks an Outlet). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
[ chebizarro/nostrc ] fix: deliver query results before blocking subscription cleanup Root cause: nostr_subscription_close/free blocks on lifecycle worker wait groups, preventing g_task_return_pointer from ever being called. 500 events were received from relays but 0 delivered to the UI. Reorder query_thread_func to: event sink → return results → cleanup. Also add inactivity-based early exit (3s idle after first EOSE) to avoid waiting the full 15s timeout for unresponsive relays.
[ derekross/zaptrax ] refactor: security hardening, performance optimization, and code cleanup - Fix unscoped deletion queries (kind 5) that fetched ALL deletions globally; now scoped by author with #k filter for much less relay load - Add SSRF protection: validate domains in NIP-05 resolution and lightning address parsing, URL-encode user input in constructed URLs - Remove 30+ console.log/debug statements leaking API credentials and internal state to browser console (PodcastIndex auth headers, track metadata, audio state, cast URLs, etc.) - Refactor RSS parser to eliminate double-fetching: extract shared
[ rhonda-rodododo/llamenos ] feat: show volunteer names in audit log with linked profile pages Audit log now resolves pubkeys to display names and links to a new volunteer profile page (/volunteers/$pubkey) showing details, shift assignments, and filtered activity history. Translations for 13 locales. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
[ derekross/zappix ] fix: security fixes, bug fixes, and refactors across 27 files - Fix XSS vulnerability in PublicUserProfilePage (unvalidated website URLs) - Fix NIP-09 deletion author validation (anyone could delete others' events) - Clear nsec/bunker state on login/signup dialog close - Fix pagination direction bug in useUserVideoPosts (since -> until) - Fix encodeURI -> encodeURIComponent for zap requests - Fix state update during render in useNWC - Fix VideoPostActions mute to persist via Nostr (was purely local) - Fix dead error handling in VideoPost (try/catch around non-async mutate)
[ BigBrotr/bigbrotr ] fix: upgrade pip/setuptools/wheel in Docker image for CVE fixes Upgrade pip, setuptools, and wheel before installing project wheels to resolve fixable vulnerabilities found by Trivy gate scan: - jaraco.context 5.3.0 → 6.1.0 (CVE-2026-23949, path traversal) - wheel 0.45.1 → 0.46.2 (CVE-2026-24049, privilege escalation) Also add Codecov coverage badge to README.
[ chebizarro/nostrc ] fix: remove temp relay creation, connect real relays instead query_thread_func was creating throwaway NostrRelay objects for every query when the pool's relays weren't connected yet. Each temp relay opened a fresh WebSocket connection (DNS + TLS + handshake), used it for one query, then disconnected and freed it. The next query to the same relay would create another throwaway connection. Replace with direct nostr_relay_connect() on the real core_relay from the snapshot. nostr_relay_connect() returns immediately if already
[ privkeyio/keep ] Improve desktop UX for Android share distribution workflow (#181) * Improve desktop UX for Android share distribution workflow * Add npub display, discoverable export, and create screen improvements * UI polish: copy npub, share count sidebar, unlock subtitle, toast duration * Add back buttons to create/import, show share name in delete confirmation
[ BigBrotr/bigbrotr ] fix: improve Trivy scanning with unfixed CVE bypass and SARIF upload - Add ignore-unfixed to gate scans so unfixed upstream CVEs no longer block deploys - Add SARIF report scans with upload to GitHub Security tab for persistent vulnerability visibility - Add security-events permission to build job - Create .trivyignore for future false positive management
[ chebizarro/nostrc ] fix: wire NIP-66 pool with nostrdb cache + limit temp relay creation NIP-66 relay discovery used a private pool with no cache query or event sink, so results were never persisted to nostrdb and subsequent queries always hit the network. Add gnostr_pool_wire_ndb() helper and wire the NIP-66 pool with the same nostrdb callbacks as the shared query pool. Also limit temp relay creation in query_thread_func to ONE successful connection. Previously, when no relays were connected yet (startup), the worker thread would create N temp relays sequentially, each blocking
[ derekross/plektos ] perf: code splitting, vendor chunks, image optimization, and EventDetail query fix - Add React.lazy + Suspense route-level code splitting (main chunk 1397KB -> 483KB) - Add vendor chunk splitting for react, nostr, leaflet, radix-ui, tanstack-query - Replace useEvents({ limit: 500 }) in EventDetail with targeted useEventRSVPs hook - Compress default-calendar.png (1.2MB -> 60KB) and switch nav icon to icon-192.png (402KB -> 32KB) - Move leaflet CSS import from global main.tsx into MapView component - Remove unused recharts and lodash dependencies - Add React.memo to CommentItem, ParticipantItem, RSVPAvatar - Fix ParticipantSearch staleTime: 0 debug leftover