Giter Club home page Giter Club logo

docs.pactflow.io's People

Contributors

aliciaforeman avatar anubhutishrivastava avatar b3nnyl avatar bethesque avatar bewuethr avatar dependabot[bot] avatar frankkilcommins avatar ilia avatar inksprout avatar jersonzc avatar joaogfarias avatar jp-ellis avatar k-ong avatar liambutler avatar lucasfvera avatar lulubobst avatar mefellows avatar mend-for-github-com[bot] avatar ouvreboite avatar rholshausen avatar saup21 avatar tuan-pham avatar uglyog avatar vwong avatar you54f avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

kudosqujo ilia aliciaforeman frankkilcommins joaogfarias lsantarelli-ut lucasfvera ruan92 liambutler johnson1s poszenda

docs.pactflow.io's Issues

CVE-2020-7760 (High) detected in codemirror-5.27.4.js

CVE-2020-7760 - High Severity Vulnerability

Vulnerable Library - codemirror-5.27.4.js

In-browser code editing made bearable

Library home page: https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.27.4/codemirror.js

Path to dependency file: /website/static/database/anomalies.html

Path to vulnerable library: /website/static/database/bower/codemirror/codemirror.js,/website/static/database/tables/../bower/codemirror/codemirror.js,/website/static/database/bower/codemirror/codemirror.js

Dependency Hierarchy:

  • codemirror-5.27.4.js (Vulnerable Library)

Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103

Found in base branch: master

Vulnerability Details

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/.?/)

Publish Date: 2020-10-30

URL: CVE-2020-7760

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760

Release Date: 2020-10-30

Fix Resolution: codemirror - 5.58.2

Clarity on provider publishing workflow for BDC

BDC provider publishing workflow clarification

From initial query in slack

Initial State

In our example repos for BDC, prior to uploading a provider contract,

we were using create-version-tag

However in our docs, we don't make mention of this.

  • Publishing oas contracts page is here
  • It doesn't support adding branches currently as part of the cURL call
  • We don't make mention of creating a version tag.

The only mention of tags in the BDC guide is

which directs users to pact-broker docs page on tags

Question: assuming this is the correct step, should we advise in the docs, with a suggestion that this will be wrapped up in a pact cli tool for uploading the provider contracts?

Current State

BDC Examples

All BDC providers

So to confirm for a BDC providers

  1. create_branch_version
  2. create_version_tag
  3. publish_contracts

branches tags should be created before publishing contracts

see https://github.com/pactflow/example-bi-directional-provider-postman/blob/fb4336d2e1a9cc1e7d5f5a94dc16a7a0d9655d40/Makefile#L33 for an example

Docs

Need to target all the areas in the docs for tags.

  • to add

Community

Maybe this PR is relevant over in docs.pact.io

Update docs for branches and environments

pact-foundation/docs.pact.io#136

Target State

  • Get this all wrapped up in the CLI! (what do I need to do)

Update BDC Workshop to be Get started with a demo in 10 easy steps

Lets make the BDC workshop, quick and easy to get stuck into and see the AHA moment via GH actions

Ideally we make it as simple as possible to get them running a consumer and provider build, (either consumer or provider first) and see the magic happen on github actions

With gh actions we’ve made the demos super easy. It’s easier running it via gh than peoples machines to get them on the platform and seeing the aha moment. Just thinking we can condense it down

Target state

Get started with a demo in 10 easy steps

  1. Get a GitHub account
  2. Get a Pactflow account
  3. Pick a provider or consumer
  4. Fork the repo
  5. Get your broker base url
  6. Get your broker token
  7. Add your token to GitHub actions
  8. Add your url to GitHub actions
  9. Run the build workflow
  10. Pick a consumer and run step 4-7
  1. Kick off a provider build from a pre-baked branch with a breaking change example
  2. Kick off a provider build from a pre-baked branch with a non-breaking change
  3. Kick off a consumer build from a pre-baked branch with a breaking change example
  4. Kick off a consumer build from a pre-baked branch with a non-breaking change

Current state

We've got the BDC workshop in place now

It re-uses a load of the content from the BDC katacoda workshop

It has these three pages relating to GH actions interspersed

  1. https://docs.test.pactflow.io/docs/workshops/ci-cd/set-up-ci/fork-and-clone-the-repositories
  2. https://docs.test.pactflow.io/docs/workshops/ci-cd/set-up-ci/test-the-builds-in-github-actions
  3. https://docs.test.pactflow.io/docs/workshops/ci-cd/set-up-ci/configure-consumer-and-provider-pipelines

Note, that the consumer GH actions section is not showing, as there is a conflict between

  • step6.mdx
  • step6.md

We can remove the .md file as the .mdx contains the same data (from the katacoda) plus the consumer pipeline configuring shown above.

https://github.com/pactflow/docs.pactflow.io/tree/master/website/docs/docs/workshops/bi-directional

CVE-2022-3517 (High) detected in minimatch-3.0.4.tgz

CVE-2022-3517 - High Severity Vulnerability

Vulnerable Library - minimatch-3.0.4.tgz

a glob matcher in javascript

Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz

Dependency Hierarchy:

  • redocusaurus-1.4.0.tgz (Root Library)
    • docusaurus-theme-redoc-1.4.0.tgz
      • copyfiles-2.4.1.tgz
        • glob-7.2.0.tgz
          • minimatch-3.0.4.tgz (Vulnerable Library)

Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103

Found in base branch: master

Vulnerability Details

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.

Publish Date: 2022-10-17

URL: CVE-2022-3517

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-17

Fix Resolution: minimatch - 3.0.5

CVE-2021-3757 (High) detected in immer-8.0.4.tgz - autoclosed

CVE-2021-3757 - High Severity Vulnerability

Vulnerable Library - immer-8.0.4.tgz

Create your next immutable state by mutating the current one

Library home page: https://registry.npmjs.org/immer/-/immer-8.0.4.tgz

Path to dependency file: /website/package.json

Path to vulnerable library: /website/node_modules/immer/package.json

Dependency Hierarchy:

  • core-2.0.0-beta.18.tgz (Root Library)
    • react-dev-utils-12.0.0.tgz
      • immer-8.0.4.tgz (Vulnerable Library)

Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103

Found in base branch: master

Vulnerability Details

immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Publish Date: 2021-09-02

URL: CVE-2021-3757

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa/

Release Date: 2021-09-02

Fix Resolution: immer - 9.0.6

Update CI/CD workshop

  • The workshop is unnecessarily confusing because it compares the with pending/without pending and with WIP/without WIP flows. Now that these are standard features, we should just teach people how to coordinate the implementation of new features with Pact, assuming they are enabled.
  • It needs to be renamed from "CI/CD workshop" to something like "Pact feature workflow workshop" (except, better), as it's really about how to get new features out rather than the full CI/CD set up (it doesn't cover can-i-deploy in any depth as there's another workshop for that).

docker pactfoundation/pact-cli is not compatible with arm64

Hi Team,

Thank you very much for this great product. It helps a lot to my company.

I'm using a M1 mac book and tried to run the latest pactfoundation/pact-cli image on my local machine to verify some pacts, but unfortunately the image is not supported on my architecture.

Can you please release it to ARM64 architecture?

Thank you,
Gergo

CVE-2022-37603 (High) detected in loader-utils-2.0.0.tgz - autoclosed

CVE-2022-37603 - High Severity Vulnerability

Vulnerable Library - loader-utils-2.0.0.tgz

utils for webpack loaders

Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.0.tgz

Path to dependency file: /website/package.json

Path to vulnerable library: /website/node_modules/loader-utils/package.json

Dependency Hierarchy:

  • core-2.0.0-beta.18.tgz (Root Library)
    • file-loader-6.2.0.tgz
      • loader-utils-2.0.0.tgz (Vulnerable Library)

Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103

Found in base branch: master

Vulnerability Details

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

Publish Date: 2022-10-14

URL: CVE-2022-37603

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-10-14

Fix Resolution: loader-utils - 3.0.0

Cypress - which plugin to use?

Hi,
I'm getting puzzled by the current state of documentation about cypress integration with pact.
When I search for cypress in the pact flow university, I found two different entries - cypress example and Tooling integration which points to a github page with plugin.
That plugin however, has less capabilities than the first example.
For example, I'd prefer to use like matchers on the response as things like tokens change in time. Its not clear how to use matchers with new plugin. Maybe the new plugin is designed only bi-directional use case and there is no need for matchers in that case I presume?

Katacoda shutdown

Reading this tutorial
I wanted to try to follow it on Katacoda, and apparently it has been shutdown about a week ago.

As a result, we can no longer support katacoda.com for public use, and we’ll be shuttering the site on June 15, 2022.

CVE-2021-23436 (High) detected in immer-8.0.4.tgz - autoclosed

CVE-2021-23436 - High Severity Vulnerability

Vulnerable Library - immer-8.0.4.tgz

Create your next immutable state by mutating the current one

Library home page: https://registry.npmjs.org/immer/-/immer-8.0.4.tgz

Path to dependency file: /website/package.json

Path to vulnerable library: /website/node_modules/immer/package.json

Dependency Hierarchy:

  • core-2.0.0-beta.18.tgz (Root Library)
    • react-dev-utils-12.0.0.tgz
      • immer-8.0.4.tgz (Vulnerable Library)

Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103

Found in base branch: master

Vulnerability Details

This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "proto" || p === "constructor") in applyPatches_ returns false if p is ['proto'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type.

Publish Date: 2021-09-01

URL: CVE-2021-23436

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23436

Release Date: 2021-09-01

Fix Resolution: immer - 9.0.6

CVE-2022-25858 (High) detected in terser-5.11.0.tgz - autoclosed

CVE-2022-25858 - High Severity Vulnerability

Vulnerable Library - terser-5.11.0.tgz

JavaScript parser, mangler/compressor and beautifier toolkit for ES6+

Library home page: https://registry.npmjs.org/terser/-/terser-5.11.0.tgz

Path to dependency file: /website/package.json

Path to vulnerable library: /website/node_modules/terser/package.json

Dependency Hierarchy:

  • core-2.0.0-beta.18.tgz (Root Library)
    • terser-webpack-plugin-5.3.1.tgz
      • terser-5.11.0.tgz (Vulnerable Library)

Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103

Found in base branch: master

Vulnerability Details

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

Publish Date: 2022-07-15

URL: CVE-2022-25858

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858

Release Date: 2022-07-15

Fix Resolution: terser - 4.8.1,5.14.2

CVE-2022-37599 (High) detected in loader-utils-2.0.0.tgz - autoclosed

CVE-2022-37599 - High Severity Vulnerability

Vulnerable Library - loader-utils-2.0.0.tgz

utils for webpack loaders

Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.0.tgz

Path to dependency file: /website/package.json

Path to vulnerable library: /website/node_modules/loader-utils/package.json

Dependency Hierarchy:

  • core-2.0.0-beta.18.tgz (Root Library)
    • file-loader-6.2.0.tgz
      • loader-utils-2.0.0.tgz (Vulnerable Library)

Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103

Found in base branch: master

Vulnerability Details

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

Publish Date: 2022-10-11

URL: CVE-2022-37599

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

CVE-2020-7753 (High) detected in trim-0.0.1.tgz - autoclosed

CVE-2020-7753 - High Severity Vulnerability

Vulnerable Library - trim-0.0.1.tgz

Trim string whitespace

Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz

Path to dependency file: /website/package.json

Path to vulnerable library: /website/node_modules/trim/package.json

Dependency Hierarchy:

  • core-2.0.0-beta.18.tgz (Root Library)
    • mdx-loader-2.0.0-beta.18.tgz
      • mdx-1.6.22.tgz
        • remark-parse-8.0.3.tgz
          • trim-0.0.1.tgz (Vulnerable Library)

Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103

Found in base branch: master

Vulnerability Details

All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().

Publish Date: 2020-10-27

URL: CVE-2020-7753

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2020-10-27

Fix Resolution: trim - 0.0.3

CVE-2021-3803 (High) detected in nth-check-1.0.2.tgz, nth-check-2.0.0.tgz - autoclosed

CVE-2021-3803 - High Severity Vulnerability

Vulnerable Libraries - nth-check-1.0.2.tgz, nth-check-2.0.0.tgz

nth-check-1.0.2.tgz

performant nth-check parser & compiler

Library home page: https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz

Path to dependency file: /website/package.json

Path to vulnerable library: /website/node_modules/nth-check/package.json

Dependency Hierarchy:

  • core-2.0.0-beta.18.tgz (Root Library)
    • static-site-generator-webpack-plugin-4.0.4.tgz
      • cheerio-0.22.0.tgz
        • css-select-1.2.0.tgz
          • nth-check-1.0.2.tgz (Vulnerable Library)
nth-check-2.0.0.tgz

Parses and compiles CSS nth-checks to highly optimized functions.

Library home page: https://registry.npmjs.org/nth-check/-/nth-check-2.0.0.tgz

Path to dependency file: /website/package.json

Path to vulnerable library: /website/node_modules/nth-check/package.json

Dependency Hierarchy:

  • core-2.0.0-beta.18.tgz (Root Library)
    • webpack-6.2.1.tgz
      • plugin-svgo-6.2.0.tgz
        • svgo-2.8.0.tgz
          • css-select-4.1.3.tgz
            • nth-check-2.0.0.tgz (Vulnerable Library)

Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103

Found in base branch: master

Vulnerability Details

nth-check is vulnerable to Inefficient Regular Expression Complexity

Publish Date: 2021-09-17

URL: CVE-2021-3803

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2021-09-17

Fix Resolution: nth-check - v2.0.1

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.