some possible security issues from an automated scan
@rachel@transitory.social ran Gitlab/nodejs-scan-sast on this repo, and obtained the attached report.
I've asked for details on how to reproduce the report, but in the meantime we could look at what it says. I'm pretty sure those XSS are not real, but still.