From 46aefd03bdd2577e0f5a59701d69af57b1d09475 Mon Sep 17 00:00:00 2001 From: Phileco <132178579+krishnprakash@users.noreply.github.com> Date: Thu, 27 Mar 2025 19:08:49 +0530 Subject: [PATCH 1/3] Potential fix for code scanning alert no. 3: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- public/cloudflare-one/static/authenticated-doh.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/public/cloudflare-one/static/authenticated-doh.py b/public/cloudflare-one/static/authenticated-doh.py index 746e4c70016f8bc..83ea1b0b8a68b54 100644 --- a/public/cloudflare-one/static/authenticated-doh.py +++ b/public/cloudflare-one/static/authenticated-doh.py @@ -145,8 +145,7 @@ def request(method, url, body): if client_id == "new": service_token_name = input('Please input name for service token > ') client_id, client_secret = request_create_service_token(service_token_name) - print( - f"Created service token with client_id {client_id} and client_secret {client_secret}. You may want to save these secrets.") + print("Created service token. You may want to save the client_id and client_secret securely.") if len(client_secret) == 0: From 30cfccfe2dbb21fa2f732dcb85bd4722d09f1cae Mon Sep 17 00:00:00 2001 From: Phileco <132178579+krishnprakash@users.noreply.github.com> Date: Thu, 27 Mar 2025 19:22:11 +0530 Subject: [PATCH 2/3] Potential fix for code scanning alert no. 1: Clear-text logging of sensitive information Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- public/cloudflare-one/static/authenticated-doh.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/public/cloudflare-one/static/authenticated-doh.py b/public/cloudflare-one/static/authenticated-doh.py index 83ea1b0b8a68b54..9cb3f0c2dbf0adb 100644 --- a/public/cloudflare-one/static/authenticated-doh.py +++ b/public/cloudflare-one/static/authenticated-doh.py @@ -69,7 +69,8 @@ def request_doh_token(account_tag, user_id, client_id, client_secret): '-H', f"Cf-Access-Client-Id: {client_id}", '-H', f"Cf-Access-Client-Secret: {client_secret}"] if verbose: - print(f"Issuing request {' '.join(command)}") + sanitized_command = [part if "Cf-Access-Client-Secret" not in part else "Cf-Access-Client-Secret: [REDACTED]" for part in command] + print(f"Issuing request {' '.join(sanitized_command)}") response = json.loads(subprocess.check_output(command)) if verbose: print("Got response:") From 0f917e7bfc83f9cc9350c0c5c64a07f164937452 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 27 Mar 2025 20:07:04 +0000 Subject: [PATCH 3/3] [Docs Site] Bump @types/react from 19.0.7 to 19.0.12 Bumps [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) from 19.0.7 to 19.0.12. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) --- updated-dependencies: - dependency-name: "@types/react" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1a0e3ac7fe1014d..000247d14d23a82 100644 --- a/package-lock.json +++ b/package-lock.json @@ -30,7 +30,7 @@ "@types/hast": "3.0.4", "@types/he": "1.2.3", "@types/node": "22.13.13", - "@types/react": "19.0.7", + "@types/react": "19.0.12", "@types/react-dom": "19.0.4", "@typescript-eslint/parser": "8.28.0", "algoliasearch": "5.23.0", @@ -4731,9 +4731,9 @@ "license": "MIT" }, "node_modules/@types/react": { - "version": "19.0.7", - "resolved": "https://registry.npmjs.org/@types/react/-/react-19.0.7.tgz", - "integrity": "sha512-MoFsEJKkAtZCrC1r6CM8U22GzhG7u2Wir8ons/aCKH6MBdD1ibV24zOSSkdZVUKqN5i396zG5VKLYZ3yaUZdLA==", + "version": "19.0.12", + "resolved": "https://registry.npmjs.org/@types/react/-/react-19.0.12.tgz", + "integrity": "sha512-V6Ar115dBDrjbtXSrS+/Oruobc+qVbbUxDFC1RSbRqLt5SYvxxyIDrSC85RWml54g+jfNeEMZhEj7wW07ONQhA==", "dev": true, "license": "MIT", "dependencies": { diff --git a/package.json b/package.json index 13af89d9e0dcb29..904b921b25bb711 100644 --- a/package.json +++ b/package.json @@ -48,7 +48,7 @@ "@types/hast": "3.0.4", "@types/he": "1.2.3", "@types/node": "22.13.13", - "@types/react": "19.0.7", + "@types/react": "19.0.12", "@types/react-dom": "19.0.4", "@typescript-eslint/parser": "8.28.0", "algoliasearch": "5.23.0",