Heuristic estimate (AI scoring not configured). SecureBananaLabs/bug-bounty: Patch PostCSS audit advisory from Next dependency lockfile shows 0 engagement on ghbounties. Buildability is inferred from the description; add an AI gateway key for a tailored read.
A starter prompt for Claude Code, what you'll need, and how to reach them.
Build a minimal version of "SecureBananaLabs/bug-bounty: Patch PostCSS audit advisory from Next dependency lockfile". Read the original at https://github.com/SecureBananaLabs/bug-bounty/issues/1779 for the exact requirements, then scaffold a Next.js + Tailwind app, implement the smallest valuable slice first, and ship it. (Enable AI scoring for a tailored, detailed prompt.)
Part of the operator's house stack.
Depends on the find — enable AI scoring for specifics.
Learn it: Search getting-started ↗
Bounty (amount on the issue). ## Bug The web workspace resolves `postcss@8.4.31` through `next@16.2.6`, and `npm audit --omit=dev` reports GHSA-qx2v-qp2m-jg93 for PostCSS. This leaves the repository with a moderate XSS advisory in the production dependency tree. ## Evidence - `npm audit --omit=dev` reports `postcss` vulnerable for range `<8.5.10`. - `npm ls postcss --all` shows the web workspace resolves PostCSS through Next. ## Expected fix Add a root npm override for the patched PostCSS release and refresh `package-lock.json` so the workspace resolves `postcss@8.5.10` while preserving the existing Next version. This issue is limited only to the creator of this issue. This means that only the issue author can attempt to solve this issue. If you would like to work on it, please create another issue with the same contents and refer to issue #743 for more information. Parent bounty: #743
Comment /attempt on the GitHub issue, then open a PR to claim the bounty.
“Enable AI scoring for a tailored outreach angle.”
Open the original ↗