Why do you want to contribute?
I've been exploring the trigger.dev codebase and found a SQL injection vulnerability in the realtime runs API (#3739) — user-supplied tags were interpolated into the Electric where clause without escaping single quotes. I've already prepared a focused fix plus a unit test and a .server-changes/ note, in PR #4129 (auto-closed pending vouch). I'd like to be vouched so I can get that reviewed and continue contributing backend fixes.
Prior contributions or relevant experience
I've contributed to maximhq/bifrost with 2 merged PRs:
#4472 feat(mcp): add per-MCP-server tool execution timeout
#4418 fix: populate error message in OpenAI responses streaming error events
Why do you want to contribute?
I've been exploring the trigger.dev codebase and found a SQL injection vulnerability in the realtime runs API (#3739) — user-supplied tags were interpolated into the Electric where clause without escaping single quotes. I've already prepared a focused fix plus a unit test and a .server-changes/ note, in PR #4129 (auto-closed pending vouch). I'd like to be vouched so I can get that reviewed and continue contributing backend fixes.
Prior contributions or relevant experience
I've contributed to maximhq/bifrost with 2 merged PRs:
#4472 feat(mcp): add per-MCP-server tool execution timeout
#4418 fix: populate error message in OpenAI responses streaming error events