Skip to content

Fix signing #276

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Gudahtt merged 1 commit into from
Nov 21, 2023
Merged

Fix signing #276

Gudahtt merged 1 commit into from
Nov 21, 2023

Conversation

@Gudahtt
Copy link
Member

@Gudahtt Gudahtt commented Nov 21, 2023

The signing examples were broken as of the update to Webpack v5 (#264). The "verification" button for the signatures relies upon the Node.js assert and stream APIs. Polyfills have been added for both of these.

Additionally, the assert polyfill itself relies upon the Node.js process API, and expects process to be a global. A polyfill has been added for process, and it has been set as a global.

@Gudahtt
Fix signing
c2b7f3d 
The signing examples were broken as of the update to Webpack v5 (#264).
The "verification" button for the signatures relies upon the Node.js
`assert` and `stream` APIs. Polyfills have been added for both of
these.

Additionally, the `assert` polyfill itself relies upon the Node.js
`process` API, and expects `process` to be a global. A polyfill has
been added for `process`, and it has been set as a global.
@socket-security
Copy link

socket-security bot commented Nov 21, 2023

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
process 0.11.10 None +0 15.3 kB cwmma
stream-browserify 3.0.0 None +0 11.6 kB goto-bus-stop
assert 2.1.0 environment +19 1.61 MB ljharb

@socket-security
Copy link

socket-security bot commented Nov 21, 2023
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: assert@2.1.0, for-each@0.3.3, define-properties@1.2.1

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@Gudahtt
Copy link
Member Author

Gudahtt commented Nov 21, 2023

@SocketSecurity ignore assert@2.1.0
@SocketSecurity ignore for-each@0.3.3

This author is known and trusted

@Gudahtt
Copy link
Member Author

Gudahtt commented Nov 21, 2023

@SocketSecurity ignore define-properties@1.2.1

This warning appears to be an error. The warning says that this version does not exist, but it does.

mcmire
mcmire approved these changes Nov 21, 2023
View reviewed changes
Copy link
Collaborator

@mcmire mcmire left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@Gudahtt Gudahtt merged commit d618601 into main Nov 21, 2023
@Gudahtt Gudahtt deleted the fix-webpack-configuration branch November 21, 2023 23:28
@legobeat legobeat mentioned this pull request Nov 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcmire mcmire mcmire approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Gudahtt @mcmire