-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: added platform validation #12
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, tests will need to be updated as well
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
I added specific tests in b4f87da |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I'll wait for the security-wg PRs to merge before releasing this one
Thank you
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, @UlisesGascon, I think we need to receive an option checkEnvironment
in the Github Action and set it to false as default to prevent breaking changes. Most of cases the runner environment that will run the action will not be the same as will run in production, so it can lead to false positives.
Can you do it and document it in the README, please?
@RafaelGSS I updated the docs in 60fa37b. The argument I believe this is not a breaking change at all, so this can be the v1.3.0. |
The tests are failing until nodejs/security-wg#916 got merged as the index is using an old version of the database that used |
Main changes
affectedEnvironments
from the vuln database.platform
input as optional for Github Actionos.platform()
to the CLI by defaultNotes
@RafaelGSS I added some additional cognitive points to the
getVulnerabilityList
function and it is not easy to test with the current files structure. Should I movegetVulnerabilityList
andgetSystemEnvironment
to a utility file so I can include proper Unit Tests?Context
This PR is related to nodejs/security-wg#912, nodejs/security-wg#914 and close #9