Skip to content

Add CRUD endpoints for user profiles and patch critical dependency vulnerabilities #108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Copilot wants to merge 6 commits into
base: master
Choose a base branch
from
Draft

Add CRUD endpoints for user profiles and patch critical dependency vulnerabilities #108

Copilot wants to merge 6 commits into from

Conversation

Copy link

Copilot AI commented Nov 19, 2025
edited
Loading

Implements REST API for user profile management and updates vulnerable dependencies (body-parser, debug, ejs, morgan) to patched versions.

User Profile CRUD Endpoints

Added 5 REST endpoints at /api/profiles:

  • POST / - Create profile (requires username, email)
  • GET / - List all profiles
  • GET /:username - Get profile by username
  • PUT /:username - Update profile (requires email)
  • DELETE /:username - Delete profile

Implementation:

  • model/user_profiles.js - Parameterized queries for CRUD operations
  • routes/user_profiles.js - Express routes with authentication via check_logged
  • model/init_db.js - Creates user_profiles table (username PK, email, full_name, bio, avatar_url)
// Example: Create profile
POST /api/profiles
{
  "username": "jdoe",
  "email": "jdoe@example.com",
  "full_name": "John Doe",
  "bio": "Software engineer"
}

Security Fixes

Updated vulnerable dependencies:

  • body-parser: 1.13.2 → 1.20.3 (DoS via URL encoding)
  • debug: 2.2.0 → 2.6.9 (ReDoS)
  • ejs: 2.4.2 → 3.1.10 (template injection)
  • morgan: 1.6.1 → 1.10.1 (code injection)

Added npm overrides to force ejs-locals to use patched ejs version. Reduced total vulnerabilities from 24 to 19.

Original prompt

Create CRUD endpoints for user profiles:

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI and others added 5 commits November 19, 2025 16:57
@austenstone
Initial plan for CRUD endpoints for user profiles
afb0fda 
Co-authored-by: austenstone <22425467+austenstone@users.noreply.github.com>
@austenstone
Add CRUD endpoints for user profiles
68427dd 
Co-authored-by: austenstone <22425467+austenstone@users.noreply.github.com>
@austenstone
Add documentation comment to user profile routes
3d6b72d 
Co-authored-by: austenstone <22425467+austenstone@users.noreply.github.com>
@austenstone
Add comprehensive API documentation for user profile endpoints
d7a86a1 
Co-authored-by: austenstone <22425467+austenstone@users.noreply.github.com>
@austenstone
Fix security vulnerabilities in dependencies (body-parser, debug, ejs…
089078a 
…, morgan)

Co-authored-by: austenstone <22425467+austenstone@users.noreply.github.com>
Copilot AI changed the title [WIP] Add CRUD endpoints for user profiles Add CRUD endpoints for user profiles and patch critical dependency vulnerabilities Nov 19, 2025
Copilot AI requested a review from austenstone November 19, 2025 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@austenstone austenstone Awaiting requested review from austenstone

At least 2 approving reviews are required to merge this pull request.

Assignees

@austenstone austenstone

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@austenstone