Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable ESLint rules for Node Security #2029

Merged
merged 10 commits into from
Sep 20, 2024
Merged

Enable ESLint rules for Node Security #2029

merged 10 commits into from
Sep 20, 2024

Conversation

holgerkoser
Copy link
Member

@holgerkoser holgerkoser commented Aug 8, 2024
edited by petersutter
Loading

What this PR does / why we need it:
With this PR we enable ESLint rules for Node Security which replaces the checkmarx cecks.

Which issue(s) this PR fixes:
Fixes #2004

Special notes for your reviewer:

Release note:

@holgerkoser holgerkoser marked this pull request as draft August 8, 2024 07:54
@gardener-robot gardener-robot added needs/review Needs review size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) labels Aug 8, 2024
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 8, 2024
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 8, 2024
@gardener-robot gardener-robot added size/l Size of pull request is large (see gardener-robot robot/bots/size.py) needs/second-opinion Needs second review by someone else and removed size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) labels Aug 8, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 8, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 8, 2024
@gardener-robot gardener-robot added size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py) and removed size/l Size of pull request is large (see gardener-robot robot/bots/size.py) labels Aug 13, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 13, 2024
@petersutter petersutter mentioned this pull request Aug 15, 2024
Open
@gardener-robot-ci-2 gardener-robot-ci-2 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Aug 15, 2024
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 15, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Aug 15, 2024
@holgerkoser holgerkoser marked this pull request as ready for review August 15, 2024 18:35
@petersutter petersutter mentioned this pull request Aug 16, 2024
Merged
petersutter
petersutter reviewed Aug 23, 2024
View reviewed changes
backend/lib/routes/config.js Outdated Show resolved Hide resolved
backend/lib/security/index.js Outdated Show resolved Hide resolved
backend/lib/services/members/SubjectList.js Show resolved Hide resolved
frontend/src/utils/crypto.js Outdated Show resolved Hide resolved
packages/kube-client/lib/cache/Informer.js Show resolved Hide resolved
packages/request/lib/SessionId.js Outdated Show resolved Hide resolved
packages/request/lib/SessionId.js Outdated Show resolved Hide resolved
packages/request/lib/errors.js Outdated Show resolved Hide resolved
packages/request/lib/SessionId.js Show resolved Hide resolved
@gardener-robot gardener-robot added the needs/rebase Needs git rebase label Sep 3, 2024
@gardener-robot
Copy link

@holgerkoser You need rebase this pull request with latest master branch. Please check.

@gardener-robot-ci-1 gardener-robot-ci-1 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Sep 18, 2024
petersutter
petersutter approved these changes Sep 19, 2024
View reviewed changes
Copy link
Member

@petersutter petersutter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm, however the conflicts need to be resolved

grolu
grolu approved these changes Sep 19, 2024
View reviewed changes
Copy link
Contributor

@grolu grolu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/rebase Needs git rebase needs/review Needs review needs/second-opinion Needs second review by someone else labels Sep 19, 2024
@gardener-robot-ci-1 gardener-robot-ci-1 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Sep 19, 2024
@holgerkoser
Merge branch 'master' into enh/eslint-plugin-security
a337100 
# By Gardener Prow Robot (50) and others
# Via GitHub
* master: (62 commits)
  Update dependency codemirror to v5.65.18 (#2101)
  Update dependency vite to v5.4.6 [SECURITY] (#2096)
  Fix issues with hibernation schedule dialog (#2076)
  Hide SSH keypair rotation when SSH access disabled (#2077)
  remove unnecessary model-value binding (#2080)
  Fix vite warning (#2090)
  Update dependency vuetify to v3.7.2 (#2095)
  Update vueuse monorepo to v11.1.0 (#2094)
  Update dependency @vueuse/core to v11.1.0 (#2091)
  Update dependency chokidar to v4 (#2081)
  Update dependency @fontsource/roboto to v5.1.0 (#2078)
  Update dependency jose to v5.9.2 (#2087)
  Update dependency express to v4.20.0 [SECURITY] (#2084)
  Update dependency vue to v3.5.6 (#2089)
  Update Yarn to v4.5.0 (#2088)
  Update dependency vue to v3.5.5 (#2086)
  Update dependency vue-router to v4.4.5 (#2083)
  Update dependency express-static-gzip to v2.1.8 (#2082)
  Update dependency vue-router to v4.4.4 (#2075)
  Update dependency openid-client to v5.7.0 (#2069)
  ...

# Conflicts:
#	.pnp.cjs
#	backend/package.json
#	frontend/package.json
#	frontend/src/components/ShootAddons/GManageAddons.vue
#	packages/kube-client/package.json
#	packages/kube-config/package.json
#	packages/logger/package.json
#	packages/monitor/package.json
#	packages/request/package.json
#	yarn.lock
@gardener-robot gardener-robot added needs/second-opinion Needs second review by someone else and removed reviewed/lgtm Has approval for merging labels Sep 20, 2024
@gardener-robot-ci-3 gardener-robot-ci-3 removed the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Sep 20, 2024
@holgerkoser holgerkoser merged commit 250b586 into master Sep 20, 2024
8 checks passed
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Sep 20, 2024
@holgerkoser holgerkoser deleted the enh/eslint-plugin-security branch September 20, 2024 12:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@petersutter petersutter petersutter approved these changes

@grolu grolu grolu approved these changes

Assignees
No one assigned
Labels
needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) needs/second-opinion Needs second review by someone else size/xl Size of pull request is huge (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Migrate to eslint version 9 and flat config
7 participants
@holgerkoser @gardener-robot @petersutter @grolu @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot-ci-3