-
Notifications
You must be signed in to change notification settings - Fork 106
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ASI-614] Consume @audius/libs pkg v1.2.26 in dapp #1966
Conversation
closing because covered by #1986 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changes look good to me if you can update PR description to reflect
didn't approve only bc idk latest team thinking around bumping libs in services, historically we have only bumped libs version in services when there are specific changes we want consumed
might be fine now to just auto bump whenever
|
Secret | Commit | Filename | Detected At | |
---|---|---|---|---|
PostgreSQL Credentials | c49f967 | identity-service/docker-compose/development.env | 21:48 October 26th, 2021 | View secret |
🛠 How to resolve this
-
Understand the implications of revoking this secret by examining where it is used in your code.
-
Replace and store your secret safely. Learn here the best practices
-
Revoke and rotate this secret
-
If possible, rewrite your git history to remove all evidence of the secret leak. Please beware this is not a trivial operation. You might completely break other contributing developers’ workflow and you risk accidentally deleting work in progress.
💡 To avoid such incidents in the future, consider following these best practices for managing and storing secrets including API keys and other credentials.
You are seeing this because you or someone else has authorized GitGuardian to scan pull requests
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i noticed identity service has a package lock change but no package.json change. is that intentional?
No description provided.