jared
9c4dd5df51
Lint / Python (flake8) (push) Successful in 40s
Lint / JS (eslint) (push) Successful in 7s
Security / Python Security (bandit) (push) Successful in 44s
Test / Python Tests (pytest) (push) Successful in 49s
Lint / Notify on failure (push) Has been skipped
Lint / Deploy (push) Successful in 3s
Security: add require_admin decorator; apply to POST/DELETE /api/suppressions and /suppressions page. Previously any user in allowed_groups could create or delete suppressions even though the nav restricts the UI to admins. Bug: links.html "Updated:" timestamp and stale-warning both produced Invalid Date because the raw "YYYY-MM-DD HH:MM:SS UTC" string was appended with 'Z' instead of being normalised through _toIso(). Fix both call sites to use _toIso(), and remove the now-redundant local _toIso redefinition. Style: use `with open(sentinel, 'w'): pass` consistently (was open().close() at avatar JPEG validation path). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>