pactflow / docs.pactflow.io Goto Github PK
View Code? Open in Web Editor NEWPactflow technical documentation
License: Other
Pactflow technical documentation
License: Other
JavaScript parser, mangler/compressor and beautifier toolkit for ES6+
Library home page: https://registry.npmjs.org/terser/-/terser-5.11.0.tgz
Path to dependency file: /website/package.json
Path to vulnerable library: /website/node_modules/terser/package.json
Dependency Hierarchy:
Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103
Found in base branch: master
The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.
Publish Date: 2022-07-15
URL: CVE-2022-25858
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858
Release Date: 2022-07-15
Fix Resolution: terser - 4.8.1,5.14.2
Hi Team,
Thank you very much for this great product. It helps a lot to my company.
I'm using a M1 mac book and tried to run the latest pactfoundation/pact-cli
image on my local machine to verify some pacts, but unfortunately the image is not supported on my architecture.
Can you please release it to ARM64 architecture?
Thank you,
Gergo
From initial query in slack
In our example repos for BDC, prior to uploading a provider contract,
we were using create-version-tag
However in our docs, we don't make mention of this.
- It doesn't support adding branches currently as part of the cURL call
- We don't make mention of creating a version tag.
The only mention of tags in the BDC guide is
which directs users to pact-broker docs page on tags
Question: assuming this is the correct step, should we advise in the docs, with a suggestion that this will be wrapped up in a pact cli tool for uploading the provider contracts?
All BDC providers
So to confirm for a BDC providers
branches tags should be created before publishing contracts
see https://github.com/pactflow/example-bi-directional-provider-postman/blob/fb4336d2e1a9cc1e7d5f5a94dc16a7a0d9655d40/Makefile#L33 for an example
Need to target all the areas in the docs for tags.
Maybe this PR is relevant over in docs.pact.io
Update docs for branches and environments
pact-foundation/docs.pact.io#136
Create your next immutable state by mutating the current one
Library home page: https://registry.npmjs.org/immer/-/immer-8.0.4.tgz
Path to dependency file: /website/package.json
Path to vulnerable library: /website/node_modules/immer/package.json
Dependency Hierarchy:
Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103
Found in base branch: master
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Publish Date: 2021-09-02
URL: CVE-2021-3757
Base Score Metrics:
Type: Upgrade version
Origin: https://huntr.dev/bounties/23d38099-71cd-42ed-a77a-71e68094adfa/
Release Date: 2021-09-02
Fix Resolution: immer - 9.0.6
Reading this tutorial
I wanted to try to follow it on Katacoda, and apparently it has been shutdown about a week ago.
As a result, we can no longer support katacoda.com for public use, and we’ll be shuttering the site on June 15, 2022.
Hi,
I'm getting puzzled by the current state of documentation about cypress integration with pact.
When I search for cypress in the pact flow university, I found two different entries - cypress example and Tooling integration which points to a github page with plugin.
That plugin however, has less capabilities than the first example.
For example, I'd prefer to use like matchers on the response as things like tokens change in time. Its not clear how to use matchers with new plugin. Maybe the new plugin is designed only bi-directional use case and there is no need for matchers in that case I presume?
Trim string whitespace
Library home page: https://registry.npmjs.org/trim/-/trim-0.0.1.tgz
Path to dependency file: /website/package.json
Path to vulnerable library: /website/node_modules/trim/package.json
Dependency Hierarchy:
Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103
Found in base branch: master
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
Publish Date: 2020-10-27
URL: CVE-2020-7753
Base Score Metrics:
The .NET API Provider tested with Pact Verifier link is broken in the demos table on the https://docs.pactflow.io/docs/examples page.
The example doesn't appear to exist.
performant nth-check parser & compiler
Library home page: https://registry.npmjs.org/nth-check/-/nth-check-1.0.2.tgz
Path to dependency file: /website/package.json
Path to vulnerable library: /website/node_modules/nth-check/package.json
Dependency Hierarchy:
Parses and compiles CSS nth-checks to highly optimized functions.
Library home page: https://registry.npmjs.org/nth-check/-/nth-check-2.0.0.tgz
Path to dependency file: /website/package.json
Path to vulnerable library: /website/node_modules/nth-check/package.json
Dependency Hierarchy:
Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103
Found in base branch: master
nth-check is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-09-17
URL: CVE-2021-3803
Base Score Metrics:
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.0.tgz
Path to dependency file: /website/package.json
Path to vulnerable library: /website/node_modules/loader-utils/package.json
Dependency Hierarchy:
Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103
Found in base branch: master
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.
Publish Date: 2022-10-14
URL: CVE-2022-37603
Base Score Metrics:
I'm trying to follow the CI/CD Workshop for PactFlow and I got stuck in the "Implementing the Provider Changes" part.
Step 4 says:
- Run PACT_URL= make test_webhook. This test should correctly fail with the error Could not find key "color" in the output.
But it seems there is no such command.
In-browser code editing made bearable
Library home page: https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.27.4/codemirror.js
Path to dependency file: /website/static/database/anomalies.html
Path to vulnerable library: /website/static/database/bower/codemirror/codemirror.js,/website/static/database/tables/../bower/codemirror/codemirror.js,/website/static/database/bower/codemirror/codemirror.js
Dependency Hierarchy:
Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103
Found in base branch: master
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/.?/)
Publish Date: 2020-10-30
URL: CVE-2020-7760
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7760
Release Date: 2020-10-30
Fix Resolution: codemirror - 5.58.2
Ideally we make it as simple as possible to get them running a consumer and provider build, (either consumer or provider first) and see the magic happen on github actions
With gh actions we’ve made the demos super easy. It’s easier running it via gh than peoples machines to get them on the platform and seeing the aha moment. Just thinking we can condense it down
We've got the BDC workshop in place now
It re-uses a load of the content from the BDC katacoda workshop
It has these three pages relating to GH actions interspersed
Note, that the consumer GH actions section is not showing, as there is a conflict between
We can remove the .md
file as the .mdx
contains the same data (from the katacoda) plus the consumer pipeline configuring shown above.
https://github.com/pactflow/docs.pactflow.io/tree/master/website/docs/docs/workshops/bi-directional
Create your next immutable state by mutating the current one
Library home page: https://registry.npmjs.org/immer/-/immer-8.0.4.tgz
Path to dependency file: /website/package.json
Path to vulnerable library: /website/node_modules/immer/package.json
Dependency Hierarchy:
Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103
Found in base branch: master
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "proto" || p === "constructor") in applyPatches_ returns false if p is ['proto'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type.
Publish Date: 2021-09-01
URL: CVE-2021-23436
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23436
Release Date: 2021-09-01
Fix Resolution: immer - 9.0.6
There's a broken link on the CI/CD Workshop
https://docs.pactflow.io/docs/workshops/ci-cd/
The GOALS button takes you to https://docs.pactflow.io/docs/workshops/ci-cd/set-up-ci/index (Which falls back to docs.pactflow.io)
I think it's supposed to be this instead: https://docs.pactflow.io/docs/workshops/ci-cd/set-up-ci/
Bi-directional pact example link at postman provider doc is a 404 page.
utils for webpack loaders
Library home page: https://registry.npmjs.org/loader-utils/-/loader-utils-2.0.0.tgz
Path to dependency file: /website/package.json
Path to vulnerable library: /website/node_modules/loader-utils/package.json
Dependency Hierarchy:
Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103
Found in base branch: master
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.
Publish Date: 2022-10-11
URL: CVE-2022-37599
Base Score Metrics:
Issue 1 : PAT tokens require SSO
From triggering job
https://github.com/pactflow/example-provider-dotnet/actions/runs/9223404200/job/25376545105
{
"message": "Resource protected by organization SAML enforcement. You must grant your Personal Access token access to this organization.",
"documentation_url": "https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/"
}
Issue 2: Main branch in docs is now write-protected, and as such the docs sync fails, as it attempts to write to master.
https://github.com/pactflow/docs.pactflow.io/actions/runs/9223601246/job/25377172271
Error: Error: To https://github.com/pactflow/docs.pactflow.io
! refs/heads/master:refs/heads/master [remote rejected] (protected branch hook declined)
Done
Pushing to https://github.com/pactflow/docs.pactflow.io
POST git-receive-pack (1007 bytes)
remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: error: Changes must be made through a pull request.
error: failed to push some refs to 'https://github.com/pactflow/docs.pactflow.io'
Need to relax for this job, or have this job write to a new branch and open a PR
a glob matcher in javascript
Library home page: https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz
Dependency Hierarchy:
Found in HEAD commit: a98a45935904d72b4a025c9a4880156c366ac103
Found in base branch: master
A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
Publish Date: 2022-10-17
URL: CVE-2022-3517
Base Score Metrics:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.