open-git/cnpmcore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: security support >= 3.0.0 (#732)

Browse Source 
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

- **Documentation**
- Updated the "Supported Versions" section in the SECURITY.md file to
reflect that security updates are now provided for versions 3.0.0 and
above.
- Minor formatting adjustments made in the "Disclosure Policy" section
for consistency.
- **Chores**
- Simplified debugger configurations by removing explicit protocol and
port settings from the `.vscode/launch.json` file.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---------

Co-authored-by: elrrrrrrr <elrrrrrrr@gmail.com>
This commit is contained in:
fengmk2
2024-11-24 12:59:15 +08:00
committed by GitHub
parent 71cc3381d7
commit b808ebcd60
3 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.vscode/launch.json vendored
View File

@@ -17,8 +17,6 @@
], ],
"console": "integratedTerminal", "console": "integratedTerminal",
"restart": true, "restart": true,
"protocol": "auto",
"port": 9229,
"autoAttachChildProcesses": true "autoAttachChildProcesses": true
}, },
{ {
@@ -32,8 +30,6 @@
"--", "--",
"--inspect-brk" "--inspect-brk"
], ],
"protocol": "auto",
"port": 9229,
"autoAttachChildProcesses": true "autoAttachChildProcesses": true
} }
] ]

8
SECURITY.md
View File

@@ -6,7 +6,7 @@ Currently being supported with security updates.
| Version | Supported | | Version | Supported |
| -------- | ------------------ | | -------- | ------------------ |
| >= 1.0.0 | :white_check_mark: | | >= 3.0.0 | :white_check_mark: |
## Reporting a Vulnerability ## Reporting a Vulnerability
@@ -35,7 +35,7 @@ When the security team receives a security bug report, they will assign it
to a primary handler. This person will coordinate the fix and release to a primary handler. This person will coordinate the fix and release
process, involving the following steps: process, involving the following steps:
* Confirm the problem and determine the affected versions. * Confirm the problem and determine the affected versions.
* Audit code to find any potential similar problems. * Audit code to find any potential similar problems.
* Prepare fixes for all releases still under maintenance. These fixes * Prepare fixes for all releases still under maintenance. These fixes
will be released as fast as possible to NPM. will be released as fast as possible to NPM.

3
app/repository/SearchRepository.ts
View File

@@ -1,6 +1,7 @@
import { SingletonProto, AccessLevel, Inject } from '@eggjs/tegg'; import { SingletonProto, AccessLevel, Inject } from '@eggjs/tegg';
import { SearchAdapter } from '../common/typing'; import { SearchAdapter } from '../common/typing';
import { AuthorType, CnpmcorePatchInfo, PackageManifestType } from './PackageRepository'; import { AuthorType, CnpmcorePatchInfo, PackageManifestType } from './PackageRepository';
import { estypes } from '@elastic/elasticsearch';
export type SearchJSONPickKey = '_rev' | 'name' | 'description' | 'keywords' | 'license' | 'maintainers' | 'dist-tags' | '_source_registry_name'; export type SearchJSONPickKey = '_rev' | 'name' | 'description' | 'keywords' | 'license' | 'maintainers' | 'dist-tags' | '_source_registry_name';
@@ -34,7 +35,7 @@ export class SearchRepository {
private readonly searchAdapter: SearchAdapter; private readonly searchAdapter: SearchAdapter;
async searchPackage(query) { async searchPackage(query): Promise<estypes.SearchHitsMetadata<SearchManifestType>> {
return await this.searchAdapter.search<SearchManifestType>(query); return await this.searchAdapter.search<SearchManifestType>(query);
} }