Merge branch 'develop'

OpenConext · Oct 18, 2023 · d4b83b5 · d4b83b5
2 parents 9cde23c + 31ea14a
commit d4b83b5
Show file tree

Hide file tree

Showing 7 changed files with 137 additions and 29 deletions.
diff --git a/.github/workflows/daily-security-check.yml b/.github/workflows/daily-security-check.yml
@@ -0,0 +1,102 @@
+---
+name: Daily security check
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      # PHP checks
+      - name: Check for php composer project
+        id: check_composer
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "composer.lock"
+      - name: Run php local security checker
+        if: steps.check_composer.outputs.files_exists == 'true'
+        uses: symfonycorp/security-checker-action@v4
+
+      # node-yarn checks
+      - name: Check for node-yarn project
+        id: check_node_yarn
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "yarn.lock"
+      - name: Setup node
+        if: steps.check_node_yarn.outputs.files_exists == 'true'
+        uses: actions/setup-node@v3
+        with:
+          node-version: 14
+      - name: Yarn Audit
+        if: steps.check_node_yarn.outputs.files_exists == 'true'
+        run: yarn audit --level high --groups dependencies optionalDependencies
+
+      # node-npm checks
+      - name: Check for node-npm project
+        id: check_node_npm
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "package.lock"
+      - name: Setup node
+        if: steps.check_node_npm.outputs.files_exists == 'true'
+        uses: actions/setup-node@v3
+        with:
+          node-version: 14
+      - name: npm audit
+        if: steps.check_node_npm.outputs.files_exists == 'true'
+        run: npm audit --audit-level=high
+
+      # python checks
+      - name: Check for python project
+        id: check_python
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "requirements.txt"
+      - name: Safety checks Python dependencies
+        if: steps.check_python.outputs.files_exists == 'true'
+        uses: pyupio/safety@2.3.5
+
+      # java checks
+      - name: Check for java maven project
+        id: check_maven
+        uses: andstor/file-existence-action@v2
+        with:
+          files: "pom.xml"
+      - name: Setup java if needed
+        if: steps.check_maven.outputs.files_exists == 'true'
+        uses: actions/setup-java@v3
+        with:
+          java-version: 11
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Set up maven cache if needed
+        if: steps.check_maven.outputs.files_exists == 'true'
+        uses: actions/cache@v1
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Check java
+        if: steps.check_maven.outputs.files_exists == 'true'
+        run: mvn org.owasp:dependency-check-maven:check
+
+      # Send results
+      - name: Send to Slack if something failed
+        if: failure()
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_CHANNEL: surfconext-nightly-check
+          SLACK_COLOR: ${{ job.status }}
+          SLACK_ICON: https://static.surfconext.nl/logos/idp/surfnet.png
+          SLACK_MESSAGE: 'Dependency check failed :crying_cat_face:'
+          SLACK_TITLE: Dependency check wants attention
+          SLACK_USERNAME: NightlySecurityCheck
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
@@ -26,6 +26,11 @@ jobs:
         run: |
           echo ::set-output name=archive::$(find . -maxdepth 1 -name "$COMPONENT_NAME*.tar.bz2" -printf '%f\n')
           echo ::set-output name=shasum::$(find . -maxdepth 1 -name "$COMPONENT_NAME*.sha" -printf '%f\n')
+      - name: Build Changelog
+        id: changelog
+        uses: ardalanamini/auto-changelog@v3
+        with:
+          default-commit-type: New Features
       - name: Create Draft Release
         id: create_release
         uses: actions/create-release@v1
@@ -34,7 +39,8 @@ jobs:
         with:
           tag_name: ${{ steps.vars.outputs.tag }}
           release_name: ${{ steps.vars.outputs.tag }}
-          body: Auto generated release. Please update these release notes manually.
+          body: |
+            ${{ steps.changelog.outputs.changelog }}
           draft: true
           prerelease: false
       - uses: actions/upload-release-asset@v1.0.1

diff --git a/package.json b/package.json
@@ -31,7 +31,7 @@
         "bootstrap": "^3",
         "jquery": "^3.5.0",
         "popper.js": "^1.16.1",
-        "postcss": ">=8.2.13",
+        "postcss": ">=8.4.31",
         "select2": "^4.0.3"
     }
 }
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Form/Type/VerifySmsChallengeType.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Form/Type/VerifySmsChallengeType.php
@@ -35,7 +35,7 @@ public function buildForm(FormBuilderInterface $builder, array $options)
             'required' => true,
             'attr' => [
                 'autofocus' => true,
-                'autocomplete' => 'off',
+                'autocomplete' => 'one-time-code',
             ],
             'label_attr' => ['class' => 'pull-right'],
         ]);

diff --git a/...ce/SelfServiceBundle/Resources/views/registration/partial/generic_second_factor.html.twig b/...ce/SelfServiceBundle/Resources/views/registration/partial/generic_second_factor.html.twig
@@ -25,7 +25,7 @@
             }}
         </p>
         <p>
-            <form method="post" enctype="text/plain" accept-charset="UTF-8" action="{{ url }}">
+            <form method="post" accept-charset="UTF-8" action="{{ url }}">
                 <button type="submit" class="btn btn-primary">
                     {{ secondFactor.getButtonUse() }}
                 </button>

diff --git a/translations/messages.nl_NL.xliff b/translations/messages.nl_NL.xliff
@@ -46,7 +46,7 @@
       </trans-unit>
       <trans-unit id="83b04e2653917150804a1a71da678664e3e509b5" resname="sms">
         <source>sms</source>
-        <target>Hersteltelefoonnnummer</target>
+        <target>Hersteltelefoonnummer</target>
         <jms:reference-file line="63">/src/Surfnet/StepupSelfService/SelfServiceBundle/Resources/views/translations.twig</jms:reference-file>
       </trans-unit>
       <trans-unit id="b4adb3d9176c2fbdf293bee1b7dda2c6fb56c67c" resname="ss.flash.error_while_switching_locale">

diff --git a/yarn.lock b/yarn.lock
@@ -4806,10 +4806,10 @@ multicast-dns@^7.2.5:
     dns-packet "^5.2.2"
     thunky "^1.0.2"
 
-nanoid@^3.3.4:
-  version "3.3.4"
-  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.4.tgz#730b67e3cd09e2deacf03c027c81c9d9dbc5e8ab"
-  integrity sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==
+nanoid@^3.3.6:
+  version "3.3.6"
+  resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.3.6.tgz#443380c856d6e9f9824267d960b4236ad583ea4c"
+  integrity sha512-BGcqMMJuToF7i1rt+2PWSNVnWIkGCU78jBG3RxO/bZlnZPK2Cmi2QaffxGO/2RvWi9sL+FAiRiXMgsyxQ1DIDA==
 
 native-request@^1.0.5:
   version "1.1.0"
@@ -5377,12 +5377,12 @@ postcss-value-parser@^4.1.0, postcss-value-parser@^4.2.0:
   resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz#723c09920836ba6d3e5af019f92bc0971c02e514"
   integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==
 
-postcss@>=8.2.13, postcss@^8.2.14, postcss@^8.4.17, postcss@^8.4.19:
-  version "8.4.20"
-  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.20.tgz#64c52f509644cecad8567e949f4081d98349dc56"
-  integrity sha512-6Q04AXR1212bXr5fh03u8aAwbLxAQNGQ/Q1LNa0VfOI06ZAlhPHtQvE4OIdpj4kLThXilalPnmDSOD65DcHt+g==
+postcss@>=8.4.31, postcss@^8.2.14, postcss@^8.4.17, postcss@^8.4.19:
+  version "8.4.31"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d"
+  integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==
   dependencies:
-    nanoid "^3.3.4"
+    nanoid "^3.3.6"
     picocolors "^1.0.0"
     source-map-js "^1.0.2"
 
@@ -5777,21 +5777,21 @@ selfsigned@^2.1.1:
     node-forge "^1"
 
 semver@7.x, semver@^7.2.1, semver@^7.3.2, semver@^7.3.4, semver@^7.3.8:
-  version "7.3.8"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-7.3.8.tgz#07a78feafb3f7b32347d725e33de7e2a2df67798"
-  integrity sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==
+  version "7.5.4"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e"
+  integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==
   dependencies:
     lru-cache "^6.0.0"
 
 semver@^5.6.0:
-  version "5.7.1"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7"
-  integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==
+  version "5.7.2"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8"
+  integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==
 
 semver@^6.0.0, semver@^6.1.1, semver@^6.1.2, semver@^6.3.0:
-  version "6.3.0"
-  resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
-  integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==
+  version "6.3.1"
+  resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.1.tgz#556d2ef8689146e46dcea4bfdd095f3434dffcb4"
+  integrity sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==
 
 send@0.18.0:
   version "0.18.0"
@@ -6238,9 +6238,9 @@ toidentifier@1.0.1:
   integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==
 
 tough-cookie@^4.0.0:
-  version "4.1.2"
-  resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-4.1.2.tgz#e53e84b85f24e0b65dd526f46628db6c85f6b874"
-  integrity sha512-G9fqXWoYFZgTc2z8Q5zaHy/vJMjm+WV0AkAeHxVCQiEB1b+dGvWzFW6QV07cY5jQ5gRkeid2qIkzkxUnmoQZUQ==
+  version "4.1.3"
+  resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-4.1.3.tgz#97b9adb0728b42280aa3d814b6b999b2ff0318bf"
+  integrity sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==
   dependencies:
     psl "^1.1.33"
     punycode "^2.1.1"
@@ -6688,9 +6688,9 @@ wildcard@^2.0.0:
   integrity sha512-JcKqAHLPxcdb9KM49dufGXn2x3ssnfjbcaQdLlfZsL9rH9wgDQjUtDxbo8NE0F6SFvydeu1VhZe7hZuHsB2/pw==
 
 word-wrap@^1.2.3, word-wrap@~1.2.3:
-  version "1.2.3"
-  resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.3.tgz#610636f6b1f703891bd34771ccb17fb93b47079c"
-  integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==
+  version "1.2.4"
+  resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.4.tgz#cb4b50ec9aca570abd1f52f33cd45b6c61739a9f"
+  integrity sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA==
 
 wrap-ansi@^7.0.0:
   version "7.0.0"