Skip to content

Fix signing#276

Merged
Gudahtt merged 1 commit into
mainfrom
fix-webpack-configuration
Nov 21, 2023
Merged

Fix signing#276
Gudahtt merged 1 commit into
mainfrom
fix-webpack-configuration

Conversation

@Gudahtt

@Gudahtt Gudahtt commented Nov 21, 2023

Copy link
Copy Markdown
Member

The signing examples were broken as of the update to Webpack v5 (#264). The "verification" button for the signatures relies upon the Node.js assert and stream APIs. Polyfills have been added for both of these.

Additionally, the assert polyfill itself relies upon the Node.js process API, and expects process to be a global. A polyfill has been added for process, and it has been set as a global.

@Gudahtt
Fix signing
c2b7f3d 
The signing examples were broken as of the update to Webpack v5 (#264).
The "verification" button for the signatures relies upon the Node.js
`assert` and `stream` APIs. Polyfills have been added for both of
these.

Additionally, the `assert` polyfill itself relies upon the Node.js
`process` API, and expects `process` to be a global. A polyfill has
been added for `process`, and it has been set as a global.
@socket-security

socket-security Bot commented Nov 21, 2023

Copy link
Copy Markdown

New dependencies detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives Size Publisher
process 0.11.10 None +0 15.3 kB cwmma
stream-browserify 3.0.0 None +0 11.6 kB goto-bus-stop
assert 2.1.0 environment +19 1.61 MB ljharb

@socket-security

socket-security Bot commented Nov 21, 2023
edited
Loading

Copy link
Copy Markdown

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Ignoring: assert@2.1.0, for-each@0.3.3, define-properties@1.2.1

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@Gudahtt

Gudahtt commented Nov 21, 2023

Copy link
Copy Markdown
Member Author

@SocketSecurity ignore assert@2.1.0
@SocketSecurity ignore for-each@0.3.3

This author is known and trusted

@Gudahtt

Gudahtt commented Nov 21, 2023

Copy link
Copy Markdown
Member Author

@SocketSecurity ignore define-properties@1.2.1

This warning appears to be an error. The warning says that this version does not exist, but it does.

mcmire
mcmire approved these changes Nov 21, 2023
View reviewed changes

@mcmire mcmire left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@Gudahtt Gudahtt merged commit d618601 into main Nov 21, 2023
@Gudahtt Gudahtt deleted the fix-webpack-configuration branch November 21, 2023 23:28
@legobeat legobeat mentioned this pull request Nov 22, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcmire mcmire mcmire approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Gudahtt @mcmire