Remove test files from module build #79
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
January 29, 2021 19:49
|
Hi @ja30278 @pol @chrisscott @jstrutz - could you review this pr please. I install your module in an application, it copies over .pem and .key files that are in your tests. This means that when we put our application through security scans, it fails because it finds these files and classifies them as sensitive data. What I'm asking is whether you can not include these in the bundled version of the application. To resolve it, you can have a section in the package.json that doesn't pull the test files over to the build of the module when it is pulled in. |
|
Hi @dosullivan557, changes look good. Do you mind signing the commit since we have that enabled in order to merge the changes. Thanks for the contribution! |
|
Hey @gkwang - I pushed a signed commit up - lemme know if there's anything else |
|
Hey @gkwang - any update on this? |
gkwang
previously approved these changes
Feb 8, 2021
|
@dosullivan557, Sorry I missed your last message. All commits needs to be signed, so you'll need to squash the commits, sign it and do a force push. |
commit 3bf0d4d Author: Daniel OSullivan <dosullivan557@gmail.com> Date: Tue Feb 2 09:37:59 2021 +0000 Signed commit commit cd7a776 Author: Daniel O'Sullivan <daniel.o'sullivan@lloydsbanking.com> Date: Mon Feb 1 23:08:24 2021 +0000 Sorted out whitespace commit e992195 Author: Daniel O'Sullivan <daniel.o'sullivan@lloydsbanking.com> Date: Fri Jan 29 19:50:02 2021 +0000 Formatting commit 960eda2 Author: Daniel O'Sullivan <daniel.o'sullivan@lloydsbanking.com> Date: Fri Jan 29 19:49:03 2021 +0000 Update package.json commit f412aac Merge: 52183cb 9b6df94 Author: Eva Sarafianou <eva.sarafianou@gmail.com> Date: Wed Sep 9 09:11:19 2020 +0200 Merge pull request #76 from auth0/update_forge Update node-forge to the latest version commit 9b6df94 Author: Eva Sarafianou <eva.sarafianou@auth0.com> Date: Tue Sep 8 19:59:05 2020 +0200 Bumps a new patch version commit cd9c41d Author: Eva Sarafianou <eva.sarafianou@auth0.com> Date: Tue Sep 8 19:50:32 2020 +0200 Update node-forge to the latest version Updating it addresses a secuity issue: https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677 commit 52183cb Merge: 1f013c5 62abb0f Author: matauth0 <60881036+matauth0@users.noreply.github.com> Date: Wed Jul 8 11:09:46 2020 +0200 Merge pull request #73 from auth0/esarafianou-codeql-scan Create codeql-analysis.yml to trigger scans commit 62abb0f Author: Eva Sarafianou <eva.sarafianou@gmail.com> Date: Wed Jul 8 09:55:36 2020 +0200 Create codeql-analysis.yml to trigger scans commit 1f013c5 Author: George <george.wang@auth0.com> Date: Thu May 7 15:22:26 2020 -0700 release 1.2.0 (#72) commit b5a912b Author: Chris West <solo-github@goeswhere.com> Date: Wed May 6 22:44:24 2020 +0100 feat: sinon is a dev dependency (#71) commit 30edc80 Author: George <george.wang@auth0.com> Date: Tue Mar 31 14:55:16 2020 -0700 fix(utils): fix accidental duplicate export. (#70) Fix for styling; no behavior impact. commit 77efd10 Author: George <george.wang@auth0.com> Date: Wed Mar 25 12:33:27 2020 -0700 chore: release 1.1.0 (#69) Also updated README to fix formatting. Added a release section. commit 25d22fd Author: George <george.wang@auth0.com> Date: Wed Mar 25 11:38:51 2020 -0700 feat: Add warning when insecure algorithm is used. (#68) The warning is piped to stderr using console.warn(). Added option to turn it off; defaults to true. commit f5651cc Author: George <george.wang@auth0.com> Date: Tue Mar 24 10:02:24 2020 -0700 feat: Add support for AES-GCM family (#67) Also bumped mocha version for dependency fix. Signed-off-by: Daniel OSullivan <dosullivan557@gmail.com>
* Fix typo in readme and tests for for insecure algorithm options * Fix a missing check in encryption for encrypt call Fix a callback to match callback error signature Add additional tests Fix README and test typos
commit 3bf0d4d Author: Daniel OSullivan <dosullivan557@gmail.com> Date: Tue Feb 2 09:37:59 2021 +0000 Signed commit commit cd7a776 Author: Daniel O'Sullivan <daniel.o'sullivan@lloydsbanking.com> Date: Mon Feb 1 23:08:24 2021 +0000 Sorted out whitespace commit e992195 Author: Daniel O'Sullivan <daniel.o'sullivan@lloydsbanking.com> Date: Fri Jan 29 19:50:02 2021 +0000 Formatting commit 960eda2 Author: Daniel O'Sullivan <daniel.o'sullivan@lloydsbanking.com> Date: Fri Jan 29 19:49:03 2021 +0000 Update package.json commit f412aac Merge: 52183cb 9b6df94 Author: Eva Sarafianou <eva.sarafianou@gmail.com> Date: Wed Sep 9 09:11:19 2020 +0200 Merge pull request #76 from auth0/update_forge Update node-forge to the latest version commit 9b6df94 Author: Eva Sarafianou <eva.sarafianou@auth0.com> Date: Tue Sep 8 19:59:05 2020 +0200 Bumps a new patch version commit cd9c41d Author: Eva Sarafianou <eva.sarafianou@auth0.com> Date: Tue Sep 8 19:50:32 2020 +0200 Update node-forge to the latest version Updating it addresses a secuity issue: https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677 commit 52183cb Merge: 1f013c5 62abb0f Author: matauth0 <60881036+matauth0@users.noreply.github.com> Date: Wed Jul 8 11:09:46 2020 +0200 Merge pull request #73 from auth0/esarafianou-codeql-scan Create codeql-analysis.yml to trigger scans commit 62abb0f Author: Eva Sarafianou <eva.sarafianou@gmail.com> Date: Wed Jul 8 09:55:36 2020 +0200 Create codeql-analysis.yml to trigger scans commit 1f013c5 Author: George <george.wang@auth0.com> Date: Thu May 7 15:22:26 2020 -0700 release 1.2.0 (#72) commit b5a912b Author: Chris West <solo-github@goeswhere.com> Date: Wed May 6 22:44:24 2020 +0100 feat: sinon is a dev dependency (#71) commit 30edc80 Author: George <george.wang@auth0.com> Date: Tue Mar 31 14:55:16 2020 -0700 fix(utils): fix accidental duplicate export. (#70) Fix for styling; no behavior impact. commit 77efd10 Author: George <george.wang@auth0.com> Date: Wed Mar 25 12:33:27 2020 -0700 chore: release 1.1.0 (#69) Also updated README to fix formatting. Added a release section. commit 25d22fd Author: George <george.wang@auth0.com> Date: Wed Mar 25 11:38:51 2020 -0700 feat: Add warning when insecure algorithm is used. (#68) The warning is piped to stderr using console.warn(). Added option to turn it off; defaults to true. commit f5651cc Author: George <george.wang@auth0.com> Date: Tue Mar 24 10:02:24 2020 -0700 feat: Add support for AES-GCM family (#67) Also bumped mocha version for dependency fix. Signed-off-by: Daniel OSullivan <dosullivan557@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.
Description
References
Testing
Checklist
master