Skip to content

Instantly share code, notes, and snippets.

@SamSaffron

SamSaffron/commit-report-2026-01-30.md

Created January 29, 2026 21:50
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save SamSaffron/e2a78acf8f66c0d73a6f88676e1dc9f5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save SamSaffron/e2a78acf8f66c0d73a6f88676e1dc9f5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
commit-report-2026-01-30.md

Commit Quality Report: discourse

Period: 2026-01-23 to 2026-01-30
Generated: 2026-01-30 08:15

Summary

Metric Value
Total commits 89
Contributors 29
Lines added +8,225
Lines removed -1,789
Net change +6,436
Files changed 392

Breakdown by Type

Type Count
SECURITY 11
FIX 20
FEATURE 7
UX 15
DEV 25
PERF 1
I18N 4
WIP 2
Other 4

πŸ”’ Security Commits (11)

Strong security week with multiple permission enforcement fixes:

SHA Description
9c0642a2e7 Download allowlist for uploaded files
e26dbdda29 Secure subscription endpoints
c4be081373 Loose hostname matching in FinalDestination
3d0119bae5 Enforce group-access restrictions to AI discover's continue convo
e4dc4c3b85 Add maximum length limit for new_username param
8f82f1206f AdminDetailedUserSerializer#latest_export leaking user exports
357febfb47 Better protection for drafts
bcd5a7ae04 Ensure moderator can see post/topic before allowing them to change owner
9e088bc3c7 Add guardian check on PM to topic conversion
9892628a50 Restrict staff action logs visibility for moderators
bd46c2e64a Moderators can no longer edit user's emails
250c54e302 Prevent permalink redirects from leaking restricted slugs

βœ… Assessment: Comprehensive security batch with proper test coverage (259 new test lines in download allowlist alone).

🚨 Problematic Commits (5)

1. [7e3b5cc490] UX: Fix color-palette input styling on non-default themes

Author: Penar Musaraj
Issue: Invalid CSS value border-radius: none;

// ❌ Current (invalid)
border-radius: none;

// βœ… Should be
border-radius: 0;

Impact: Low - browsers ignore invalid property, but stylelint should catch this.

2. [5058610ad3] DEV: Lint-to-the-future ember/no-side-effects

Author: Jarek Radosz
Issue: Enables rule globally but adds blanket /* eslint-disable ember/no-side-effects */ to 15 files.

Files affected:

  • composer.js
  • site-setting.gjs
  • admin-nav-manager.js
  • post/menu.gjs
  • d-multi-select.gjs
  • Multiple AI plugin components

Recommendation: Prefer scoped disables or refactor the actual side effects rather than file-wide suppressions.

3. [75650d306c] DEV: Refactor ai-category-suggester

Author: Jarek Radosz
Issues:

  • Getter showSuggestionButton mutates DOM (classList.toggle)
  • Getter showDropdown calls this.dMenu.close() (side effect)
// ❌ Side effect in getter
get showDropdown() {
  if (this.suggestions?.length === 0) {
    this.dMenu.close();  // <-- side effect
    return false;
  }
  return !this.loading;
}

Recommendation: Move DOM manipulation to actions triggered by {{did-update}} modifiers.

4. [06b80444a8] DEV: Refactor ai-tag-suggester

Author: Jarek Radosz
Issues:

  • Same showSuggestionButton getter DOM mutation issue
  • tagSelectorHasValues getter assumes this.model exists (potential null access)
// ❌ Missing null check
get tagSelectorHasValues() {
  return this.model.get("tags")?.length > 0;
}

// βœ… Safer
get tagSelectorHasValues() {
  return this.model?.get?.("tags")?.length > 0;
}

5. [e9fcab6675] DEV: Await async button actions in chat composer dropdown

Author: Rafael dos Santos Silva
Issue: Behavior change in action ordering without test coverage.

// Before: action() called after closeFn
// After: action() called before closeFn (sync) or awaited after (async)

Recommendation: Add test to verify expected ordering behavior.

🌟 Excellent Commits (8)

1. [52db81bd55] UX: update formkit validation summary error styles

Author: Kris
Why excellent:

  • βœ… Accessibility improvement: error links now focus the associated field
  • βœ… Proper i18n pluralization (count=this.errorCount)
  • βœ… Strong test coverage (49 new test lines)
  • βœ… Smooth scroll behavior with focusVisible: true

2. [66e4ac59de] DEV: Handle filesystem hardlink limits during backup deduplication

Author: Jake Goldsborough
Why excellent:

  • βœ… Real-world robustness for Errno::EMLINK (hardlink limits vary by filesystem)
  • βœ… Graceful fallback to copy
  • βœ… Improved logging with new copied stat
  • βœ… Clean error handling

3. [01cdbcf413] FIX: do not remove uploads from posts still in review queue

Author: Arpit Jalan
Why excellent:

  • βœ… Correct edge case handling for moderation workflow
  • βœ… Two new specs: pending reviewable + resolved reviewable cases
  • βœ… SQL query properly checks Reviewable.statuses[:pending]

4. [9c0642a2e7] SECURITY: Download allowlist for uploaded files

Why excellent:

  • βœ… 259 new test lines
  • βœ… Covers S3 and local storage paths
  • βœ… Proper URL validation

5. [90f3dc738e] FIX: Enforce tag group permissions for non-admin staff

Why excellent:

  • βœ… Permission enforcement at correct layer
  • βœ… Addresses real security gap for moderators

6. [af3e686989] FEATURE: Simplify category creation, hide settings

Why excellent:

  • βœ… Large UX improvement with good default behaviors
  • βœ… Progressive disclosure pattern

7. [dacf3c09d9] UX: Wizard dark mode

Why excellent:

  • βœ… Consistent dark mode support
  • βœ… Respects user preferences

8. [4662ad419a] DEV: Remove the deprecated UserStreamItem component

Author: Jarek Radosz
Why excellent:

  • βœ… Clean deprecation removal (was deprecated in 3.4.0.beta4)
  • βœ… Reduces maintenance surface

Top Contributors This Week

Contributor Commits Focus Area
Kris 10 UX/Styling
Martin Brennan 9 Core
Alan Guo Xiang Tan 7 Core
RΓ©gis Hanol 7 Security
Jake Goldsborough 6 Backend
David Battersby 5 Features
Jarek Radosz 5 Refactoring

Recommendations

  1. Fix invalid CSS: border-radius: none β†’ border-radius: 0 in color-palette-editor.scss

  2. Reduce lint suppression scope: Instead of file-wide /* eslint-disable ember/no-side-effects */, either:

    • Refactor getters to be pure (move side effects to actions/modifiers)
    • Use line-specific disables with explanatory comments

  3. Address getter side effects in AI suggester components:

    • Move DOM class toggling to {{did-insert}}/{{did-update}} modifiers
    • Move menu closing to explicit actions

  4. Add test for chat composer button ordering: The async/sync behavior change in chat-composer-dropdown.gjs should have test coverage.

  5. Run stylelint: Consider adding stylelint rule to catch invalid CSS values like border-radius: none.

Files with Most Churn

plugins/discourse-ai/  - Multiple refactors
frontend/discourse/    - FormKit, composer, admin components
lib/backup_restore/    - Hardlink handling
app/assets/stylesheets/ - Various UX fixes

Report generated from git history analysis

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment