Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • May 07 2021 22:01
    dependabot[bot] labeled #757
  • May 07 2021 22:01
    dependabot[bot] opened #757
  • May 07 2021 22:01

    dependabot[bot] on npm_and_yarn

    Bump lodash from 4.17.20 to 4.1… (compare)

  • May 06 2021 21:22
    dependabot[bot] labeled #756
  • May 06 2021 21:22
    dependabot[bot] opened #756
  • May 06 2021 21:22

    dependabot[bot] on npm_and_yarn

    Bump handlebars from 4.5.3 to 4… (compare)

  • Mar 08 2021 23:08
    dependabot[bot] labeled #755
  • Mar 08 2021 23:08
    dependabot[bot] opened #755
  • Mar 08 2021 23:08

    dependabot[bot] on npm_and_yarn

    Bump elliptic from 6.5.3 to 6.5… (compare)

  • Mar 03 2021 02:44
    dependabot[bot] labeled #754
  • Mar 03 2021 02:44
    dependabot[bot] opened #754
  • Mar 03 2021 02:44

    dependabot[bot] on npm_and_yarn

    Bump pug from 2.0.3 to 3.0.1 B… (compare)

  • Mar 03 2021 02:29

    dependabot[bot] on npm_and_yarn

    Bump pug-code-gen from 2.0.1 to… (compare)

  • Mar 03 2021 02:29
    dependabot[bot] labeled #753
  • Mar 03 2021 02:29
    dependabot[bot] opened #753
  • Dec 31 2020 09:34
    phanect closed #267
  • Dec 31 2020 09:34
    phanect commented #267
  • Sep 24 2020 04:41

    dependabot[bot] on npm_and_yarn

    (compare)

  • Sep 24 2020 04:41

    ckhatton on master

    Bump lodash from 4.17.11 to 4.1… Merge pull request #752 from ge… (compare)

  • Sep 24 2020 04:41
    ckhatton closed #752
E.J. Bevenour
@ejb1123
This message was deleted
This message was deleted
This message was deleted
Ondrej Brinkel
@der-On
@ejb1123 if we include the new generators some things might be a little bit different. Other then that no braking changes should be included.
Jumpei Ogawa
@phanect
I'm working for #682 bug. Should I merge it to v13 or v14? If 13.0.8 will be released, I think I should merge to v13, but if not, I will start from v14 branch.
BTW I forgot to merge IRC -> Gitter migration PR. (#686)
Is it OK to merge it and deprecate IRC?
Ondrej Brinkel
@der-On
@phanect what is the source branch you are working from?
Jumpei Ogawa
@phanect
@der-On I haven't start code modification. Not decided yet which (v13 or v14) to start.
Ondrej Brinkel
@der-On
actually IRC seems to be pretty dead and so many people are migrating to gitter/slack, that I think it's safe to move to gitter. Not sure what mde is thinking about that (he seems to be more traditional).
@phanect we could release a v13.0.8 as a bugfix release before v14. This would make things a bit easier. So base it on v13. I can still merge it from there into master/v14.
currently v14 is == master
Jumpei Ogawa
@phanect
@der-On OK. Then I will start from v13.

@der-On

IRC

OK, Then I will wait for @mde's response.

And maybe I should wait for some days to merge.
Ondrej Brinkel
@der-On
mde is currently hard to reach.
Jumpei Ogawa
@phanect
Oh, yes.
Hmm... but he seems working for Jake recently...
https://github.com/jakejs/jake/commits/master
Jumpei Ogawa
@phanect
@der-On OK, I will wait for some days and then if no one disagree, I will merge the PR even @mde has no response.
If @mde didn't agree with it after I merged it, we can roll back README.
Ondrej Brinkel
@der-On
exactly
Jumpei Ogawa
@phanect
Fixed. #695
Ondrej Brinkel
@der-On
@phanect thank you
Jumpei Ogawa
@phanect
@der-On Can you review #699? Directory traversal is reported and it should be released ASAP.
I found npm release permission is given all members of Geddy. We can release it tomorrow.
Jumpei Ogawa
@phanect
I have reported to Node Security Project.
Ondrej Brinkel
@der-On
@phanect thank you. Just commented on it.
Jumpei Ogawa
@phanect
@der-On Thanks.
I just fixed it and after all CI tests passed, I will merge it, tag it as 13.0.8, and release it as npm.
Ondrej Brinkel
@der-On
wonderfull
Ondrej Brinkel
@der-On
@phanect can you add a test for this?
Jumpei Ogawa
@phanect
@der-On Ah... Sorry, I have already published
Ondrej Brinkel
@der-On
no problem. We can push another release 13.0.9
security holes should actually have tests :)
Jumpei Ogawa
@phanect
@der-On Ah, maybe we don't need 13.0.9 only for test coz' users will have nothing.
We can included it in the release which includes other updates.
I confirmed test directory and I felt there are not so many files.
Maybe we should create test for all changes to Geddy.

Well, and about test for this security hall...
I considered to add test, but I have no idea how to create unit test.

I'm wondering if we can create E2E test. (Not sure I should call this as E2E...)
I expect like this:

"Prevent Directory Traversal": function() {
  geddy();

  fetch("http://localhost:3000/../../test.csv", {
    method: "GET",
    body: // ...
  }).then(function(res) {
    expect(res.status).to.be(404);
})
Ondrej Brinkel
@der-On
@phanect yes. Actually In one of my projects I'm using some utils for geddy testing. I might just include it in core. For real HTTP tests I recommend supertest
I need to polish things up
and think about a nicer API
testing in geddy has been a bit of a pain
Jumpei Ogawa
@phanect
Year, current tests are traditional unit test, but it is a little bit different from real world usage.
In my corporate project, I used superagent for API testing and recently switched to WHATWG fetch, but supertest seems also good.
Ondrej Brinkel
@der-On
This message was deleted
Geddy-unit
Ondrej Brinkel
@der-On
I will try to extract my testing tools into a new "geddy-unit" module.
Ondrej Brinkel
@der-On
Anyone here with experience in postgres? I could need a helping hand with #263
Ondrej Brinkel
@der-On
That one is currently causing real trouble in a production app.
Jumpei Ogawa
@phanect
@der-On I have a little experience in postgres, but I don't know what is related to Postgres in #263.
Jumpei Ogawa
@phanect
@der-On Ah, sorry, something wrong in linking in my env. You meant geddy/model#263, right?
Ondrej Brinkel
@der-On
yeah
Jumpei Ogawa
@phanect

@mde @der-On Sorry for my slow action, but I just applied directory traversal fixes in #699 to v13 & v14 branches.

I haven't applied to master yet. I'm not sure how to apply the changes to master.
Is following way OK?:

git clone git@github.com:geddy/geddy.git
git checkout v13
git rebase master
git push --force origin master
Ondrej Brinkel
@der-On
I think we do not rebase. I personally do not like rebasing very much.