Yesterday, Griffin Byatt hit me up in Slack and let me know we had a few security holes. 😱

After a quick discussion about the magnitude of said holes, he informed me that he’d found them by running our code through his static analysis tool, Sobelow. Say what?

For security researchers, it is a useful tool for getting a quick view of points-of-interest. For project maintainers, it can be used to prevent the introduction of a number of common vulnerabilities.

I asked Griffin if he’d be kind enough to open a PR with the fixes so we can link it up and use it to show folks how handy this tool is. So that’s what he did and that’s what I’m doing! 💚