trunk-io[bot]
commented
1 month ago 😎 Merged successfully - details.
Closed e-moran closed 2 weeks ago
trunk-io[bot]
commented
1 month ago 😎 Merged successfully - details.
socket-security[bot]
commented
1 month ago New dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@arcjet/body@1.0.0-alpha.21 | None | 0 |
0 B | |
| npm/@types/react@18.3.3 | None | 0 |
437 kB | types |
| npm/autoprefixer@10.4.19 | environment | +2 |
2.47 MB | ai |
| npm/nextjs-14-sensitive-info@0.1.0 | None | 0 |
0 B | |
| npm/postcss@8.4.39 | environment, filesystem | 0 |
198 kB | ai |
| npm/tailwindcss@3.4.5 | environment, filesystem | 0 |
5.62 MB | adamwathan |
e-moran
commented
3 weeks ago @blaine-arcjet That latest push should address almost everything, its missing a few docs changes and adding tests for testing that we report to the server correctly. It's also failing to run npm ci... despite no package-lock changes happening when I run npm install locally. I'll look in to all of these tomorrow. But if you get the chance to look over it and let me know if anything else needs my attention that would be great!
blaine-arcjet
commented
3 weeks ago It's also failing to run npm ci... despite no package-lock changes happening when I run npm install locally.
The problem seemed to be that GitHub Actions creates a merge commit when run on PRs, so it found that the @rollup/wasm-node package was different in @arcjet/body than the rest of the repo which was a different lockfile. I'm sorry that I told you that I didn't think the dependency changes would be a problem when they were. Anyway, I merged main and updated that dependency and things look to be building.
Adds a new rule that can be used to detect sensitive information being sent in a request when it isn't expected.