Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add security pull request from Dependabot #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jan 16, 2020
Merged

Add security pull request from Dependabot #6

merged 3 commits into from
Jan 16, 2020

Conversation

arnested
Copy link
Member

@arnested arnested commented Jan 13, 2020
edited
Loading

Det her tilføjer et tjek af pull requests oprettet af Dependabot der har fået label "Security".

Der dannes et unik id for sårbarheden af PR'et. Id'et der matcher det id der dannes for Security Alerts og derved forsøger vi at undgå at oprette den samme sårbarhed to gange (én for alerts og én for PR). Dette er ikke helt skudsikkert idet security alerts viser første sikre version, mens Dependabots PR viser nyeste sikre version. Oftest må de forventes at være identisk med den hyppighed vi kører checket med.

Fordi jeg alligevel måtte refaktorere lidt i den eksisterende kodebase mht. oprettelse af Jira issue har jeg i samme ombæring introduceret https://github.com/reload/jira-security-issue til dette (som Fini har lavet og brugt i CocoaPod checkeren).

Det betyder at der er lidt andre oplysninger i de oprettede issues end hidtil. Men det bør være tilstrækkeligt med info.

Slutteligt har jeg kørt koden gennem phpcs, phpstan og markdownlint og rettet op på findings fra disse.

Testkørsler

$ bin/ghsec-jira -vvv --dry-run
2020-01-15T09:43:24+0000 - TEST - Would have created an issue for rubyzip:ios:1.3.0 if not a dry run.
2020-01-15T09:43:24+0000 - TEST - Would have created an issue for excon:ios:0.71.0 if not a dry run.
2020-01-15T09:43:25+0000 - TEST - Would have created an issue for excon:ios:0.71.1 if not a dry run.
$ bin/ghsec-jira -vvv
2020-01-15T09:43:32+0000 - TEST - Created issue TEST-2318 for rubyzip:ios:1.3.0.
2020-01-15T09:43:34+0000 - TEST - Created issue TEST-2319 for excon:ios:0.71.0.
2020-01-15T09:43:36+0000 - TEST - Created issue TEST-2320 for excon:ios:0.71.1.
$ bin/ghsec-jira -vvv
2020-01-15T09:43:39+0000 - TEST - Existing issue TEST-2318 covers rubyzip:ios:1.3.0.
2020-01-15T09:43:39+0000 - TEST - Existing issue TEST-2319 covers excon:ios:0.71.0.
2020-01-15T09:43:40+0000 - TEST - Existing issue TEST-2320 covers excon:ios:0.71.1.
$ bin/ghsec-jira -vvv --dry-run
2020-01-15T09:43:43+0000 - TEST - Existing issue TEST-2318 covers rubyzip:ios:1.3.0.
2020-01-15T09:43:44+0000 - TEST - Existing issue TEST-2319 covers excon:ios:0.71.0.
2020-01-15T09:43:44+0000 - TEST - Existing issue TEST-2320 covers excon:ios:0.71.1.

Bemærk der ikke er oprettet et issue ud fra rubzip:ios:1.3.0 pull requestet da versionerne og dermed de dannede id'er stemmer overens.

@arnested arnested force-pushed the pull_request branch 4 times, most recently from c6cb5c9 to 21cdc32 Compare January 15, 2020 10:04
@arnested arnested changed the title WIP: Add security pull request from Dependabot Add security pull request from Dependabot Jan 15, 2020
@arnested arnested requested review from achton and xendk January 15, 2020 10:06
xendk
xendk approved these changes Jan 16, 2020
View reviewed changes
Copy link
Member

@xendk xendk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

achton
achton reviewed Jan 16, 2020
View reviewed changes
achton
achton requested changes Jan 16, 2020
View reviewed changes
Copy link
Member

@achton achton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arnested 👍 for the refactor, but the README was mangled in the process - can haz fix plz?

@arnested
Cleanup code style
44c5b15 
* phpcs (rules based on @xendk's appocular standard)
* phpstan
* markdownlint
@arnested
Add Makefile for running linters etc.
873c1af
@arnested
Copy link
Member Author

The README has most of the mangling restored now, @achton.

@achton achton merged commit 48135eb into v1.x Jan 16, 2020
@achton achton deleted the pull_request branch January 16, 2020 09:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@achton achton achton approved these changes

@xendk xendk xendk approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arnested @achton @xendk