Comments (15)
eladnava
commented on September 28, 2024
1
@mtrezza @ToothlessGear I think it would be great to have automated vulnerability fix PRs. I'm more inclined to use GitHub's built-in Dependabot, however only the repo owner (@ToothlessGear) can enable it, by visiting this page:
https://github.com/ToothlessGear/node-gcm/network/updates
Dependabot works similarly to Snyk by constantly scanning the project dependencies and alerting when a vulnerability is detected, and opening a PR with a fix if possible to do so in an automated way.
from node-gcm.
ToothlessGear
commented on September 28, 2024
1
@mtrezza: I think I've set everything up now.
Regardless, I also gave you Collaborator rights on the repo, as well as npm.
from node-gcm.
ToothlessGear
commented on September 28, 2024
1
@mtrezza Should be approved now.
from node-gcm.
mtrezza
commented on September 28, 2024
@eladnava @ToothlessGear What do you think?
from node-gcm.
ToothlessGear
commented on September 28, 2024
@mtrezza I'm open to give maintainer privileges to you, however maybe @eladnava and @hypesystem have some input too.
from node-gcm.
mtrezza
commented on September 28, 2024
@ToothlessGear Thanks, I'll be happy to hear any input and obviously we would discuss any suggested changes to find the best way forward for the repo.
from node-gcm.
mtrezza
commented on September 28, 2024
We usually use both in projects. snyk seems to be more aggressive when it comes to identifying vulnerabilities and seems to use a broader list. There are vulnerabilities that dependabot does not detect but snyk does, and sometimes vice versa, although snky tends to be more complete in my personal experience and as comparative studies show.
from node-gcm.
eladnava
commented on September 28, 2024
@mtrezza Sounds good, in both cases @ToothlessGear will need to set these up as the repo owner. Here are instructions for each one:
from node-gcm.
mtrezza
commented on September 28, 2024
@ToothlessGear How should we proceed with this?
from node-gcm.
mtrezza
commented on September 28, 2024
Thanks! I'll take a look soon.
from node-gcm.
PeterBurner
commented on September 28, 2024
Any news?
from node-gcm.
mtrezza
commented on September 28, 2024
It seems this has been addressed. I noticed Snyk just opened a PR. Closing.
It was a dependabot PR.
from node-gcm.
mtrezza
commented on September 28, 2024
@ToothlessGear I've requested org access on Snky to set this up, you may have received an email.
from node-gcm.
mtrezza
commented on September 28, 2024
It's strange that Snky doesn't seem to have opened even a single PR since it was added. But it seems to be set up properly. I've enabled Automatic dependency upgrade pull requests for the project (not the org), because I'd say we want dependencies always up-to-date, even if they don't have a vulnerability. Let's see if it creates more PRs now.
from node-gcm.
mtrezza
commented on September 28, 2024
Snky is opening PRs, closing this.
from node-gcm.
Related Issues (20)
- Address deprecation of request package HOT 2
- How to add analytics label to message? HOT 5
- Unable to send push to browser(firefox, chrome) always getting InvalidRegistration HOT 4
- Make send URI configurable HOT 1
- fcm_options and analytics_label fields are not sent to FCM servers? HOT 2
- TypeError: Cannot read property 'error' of undefined failed_tokens example HOT 1
- Not receiving notifications - ios HOT 2
- Add missing GitHub releases and version tags
- Add CI to require passing tests before release HOT 2
- didReceiveRemoteNotification:fetchCompletionHandler not called. HOT 6
- readme error in failedTokens snippets HOT 1
- Removing no longer valid FCM tokens HOT 1
- Add release automation HOT 2
- Support for Google Service Accounts authorization HOT 2
- Firebase Legacy HTTP API discontinued by June 20, 2024 HOT 12
- request package security issue. HOT 3
- Handle non-HTTP errors HOT 1
- Handle all HTTP errors
- Migration from legacy FCM to HTTP v1 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-gcm.