Test server workflows #4339
Closed
Test server workflows #4339
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CodeQL keeps yelling at us about this… I’m not sure if the filter is smart enough to use this rate limit middleware to remove the warnings, but at least we will be setting a reasonable bound on attempts to crack the server password.
Co-authored-by: Matiss Janis Aboltins <[email protected]>
…192) Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
…(#190) Helps with actualbudget#919 by adding the `all` field wit both pending and booked transactions to the output of `getTransactionsWithBalance()` and, by extension, the `/nordigen/transactions` endpoint. I could alter the `getTransactions()` to return the `all` field as well but I figured that keeping it such that it returns the output from Nordigen API 1:1 might be better so I left it as is. If you don't agree, let me know and I'll update this.
Co-authored-by: Henrik Maaland <[email protected]>
A small fix: returning JSON response instead of plain-text. The frontend always expects a JSON response. So a tiny fix here..
Previously, the latest artifact list was requested unauthenticated using `ADD "https://api.github.com/..." /tmp/artifacts.json`. While this works locally, on GitHub’s servers it seems that the per-IP rate limit was exceeded. There isn’t a way to get Docker to pass the `Authorization` header that I know of, so this work has been moved to an external shell script that pulls down the relevant data.
Web: actualbudget#1087 Server: actualbudget/actual-server#207 Docs: actualbudget/docs#179 --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Remove the bulk in favour of links to our core docs. --------- Co-authored-by: Jed Fox <[email protected]>
Replaced contributing link <!-- Thank you for submitting a pull request! Make sure to follow the instructions to write release notes for your PR — it should only take a minute or two: https://github.com/actualbudget/docs#writing-good-release-notes -->
This allows running a health check from inside the container. Usage: `npm run health-check`. That may not work inside of Alpine containers, so you can do `node src/scripts/health-check.js` directly instead. Fixes actualbudget#213.
Using the new CRDT package instead of API.
- web: actualbudget#1280 - server: actualbudget/actual-server#222 - docs: actualbudget/docs#223 --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
1. upgrade `nordigen-node` to 1.2.6 (which uses the new gocardless domain) 2. allow accessing `nordigen` functionality via `/gocardless` to unblock using the new API path in actual-web
Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/jonschlinkert/word-wrap/releases">word-wrap's releases</a>.</em></p> <blockquote> <h2>1.2.4</h2> <h2>What's Changed</h2> <ul> <li>Remove default indent by <a href="https://github.com/mohd-akram"><code>@mohd-akram</code></a> in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/24">jonschlinkert/word-wrap#24</a></li> <li>🔒fix: CVE 2023 26115 (2) by <a href="https://github.com/OlafConijn"><code>@OlafConijn</code></a> in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/41">jonschlinkert/word-wrap#41</a></li> <li>:lock: fix: CVE-2023-26115 by <a href="https://github.com/aashutoshrathi"><code>@aashutoshrathi</code></a> in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/33">jonschlinkert/word-wrap#33</a></li> <li>chore: publish workflow by <a href="https://github.com/OlafConijn"><code>@OlafConijn</code></a> in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/42">jonschlinkert/word-wrap#42</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mohd-akram"><code>@mohd-akram</code></a> made their first contribution in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/24">jonschlinkert/word-wrap#24</a></li> <li><a href="https://github.com/OlafConijn"><code>@OlafConijn</code></a> made their first contribution in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/41">jonschlinkert/word-wrap#41</a></li> <li><a href="https://github.com/aashutoshrathi"><code>@aashutoshrathi</code></a> made their first contribution in <a href="https://redirect.github.com/jonschlinkert/word-wrap/pull/33">jonschlinkert/word-wrap#33</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4">https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/jonschlinkert/word-wrap/commit/f64b188c7261d26b99e1e2075d6b12f21798e83a"><code>f64b188</code></a> run verb to generate README</li> <li><a href="https://github.com/jonschlinkert/word-wrap/commit/03ea08256ba0c8e8b02b1b304f0f5bd2b1863207"><code>03ea082</code></a> Merge pull request <a href="https://redirect.github.com/jonschlinkert/word-wrap/issues/42">#42</a> from jonschlinkert/chore/publish-workflow</li> <li><a href="https://github.com/jonschlinkert/word-wrap/commit/420dce9a2412b21881202b73a3c34f0edc53cb2e"><code>420dce9</code></a> Merge pull request <a href="https://redirect.github.com/jonschlinkert/word-wrap/issues/41">#41</a> from jonschlinkert/fix/CVE-2023-26115-2</li> <li><a href="https://github.com/jonschlinkert/word-wrap/commit/bfa694edf55bb84ff84512f13da6d68bf7593f06"><code>bfa694e</code></a> Update .github/workflows/publish.yml</li> <li><a href="https://github.com/jonschlinkert/word-wrap/commit/ace0b3c78f81aaf43040bab3bc91d3c5546d3fd2"><code>ace0b3c</code></a> chore: bump version to 1.2.4</li> <li><a href="https://github.com/jonschlinkert/word-wrap/commit/6fd727594676f3e1b196b08a320908bec2f4ca02"><code>6fd7275</code></a> chore: add publish workflow</li> <li><a href="https://github.com/jonschlinkert/word-wrap/commit/30d6daf60fce429f5f559252fa86ee78200652c4"><code>30d6daf</code></a> chore: fix test</li> <li><a href="https://github.com/jonschlinkert/word-wrap/commit/655929cabea6299dddf3b4a21fc3713fca701b48"><code>655929c</code></a> chore: remove package-lock</li> <li><a href="https://github.com/jonschlinkert/word-wrap/commit/49e08bbc32a84da5d79e6b7e0fa74ff6217f6d81"><code>49e08bb</code></a> chore: added an additional testcase</li> <li><a href="https://github.com/jonschlinkert/word-wrap/commit/9f626935f3fac6ec0f3c4b26baea4eb9740d9645"><code>9f62693</code></a> fix: cve 2023-26115</li> <li>Additional commits viewable in <a href="https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/actualbudget/actual-server/network/alerts). </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Just renaming things from Nordigen to Gocardless.
Removing env var/config file support for Nordigen secrets. These have been migrated to the new `secrets` db table a while ago. We can now clean up the legacy implementation for these secrets.
…albudget#238) - web: actualbudget#1444 - server: actualbudget/actual-server#238 - docs: actualbudget/docs#257 --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* Add health check to docker compose * Added release note for PR * Readded the mistakenly-deleted array to the release note author
actualbudget#553) * remove non-booked transactions from import * Add release notes * minor fix to please the linter * Add coderabbit suggestions * add test file * fix test * add coderabbit fixes to test file * fix mock console * Correct consoleSpy to make linter happy * Add mock cleanup
* 🔖 (25.2.0) * Remove used release notes * Pull in newly built npm package --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* dynamically load GoCardless handlers * note
…epo (actualbudget#560) * Update README.md * Create 560.md * Update README.md Co-authored-by: Julian Dominguez-Schatz <[email protected]> --------- Co-authored-by: Julian Dominguez-Schatz <[email protected]>
* fix esm error on windows * release notes * renaming release note
✅ Deploy Preview for actualbudget ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| throw new Error( | ||
| 'accountId and startDate must either both be arrays or both be strings', | ||
| ); | ||
| } |
Check failure
Code scanning / CodeQL
Use of externally-controlled format string High
| throw new Error('accountId and startDate arrays must be the same length'); | ||
| } | ||
|
|
||
| const earliestStartDate = Array.isArray(startDate) |
Check failure
Code scanning / CodeQL
Use of externally-controlled format string High
| let username = null; | ||
| let password = null; | ||
| let baseUrl = null; | ||
| if (!accessKey || !accessKey.match(/^.*\/\/.*:.*@.*$/)) { |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
Comment on lines
+293
to
+297
| const req = https.request(new URL(token), options, (res) => { | ||
| res.on('data', (d) => { | ||
| resolve(d.toString()); | ||
| }); | ||
| }); |
Check failure
Code scanning / CodeQL
Server-side request forgery Critical
Comment on lines
+361
to
+386
| const req = https.request( | ||
| new URL(`${sfin.baseUrl}/accounts${queryString}`), | ||
| options, | ||
| (res) => { | ||
| let data = ''; | ||
| res.on('data', (d) => { | ||
| data += d; | ||
| }); | ||
| res.on('end', () => { | ||
| if (res.statusCode === 403) { | ||
| reject(new Error('Forbidden')); | ||
| } else { | ||
| try { | ||
| const results = JSON.parse(data); | ||
| results.sferrors = results.errors; | ||
| results.hasError = false; | ||
| results.errors = {}; | ||
| resolve(results); | ||
| } catch (e) { | ||
| console.log(`Error parsing JSON response: ${data}`); | ||
| reject(e); | ||
| } | ||
| } | ||
| }); | ||
| }, | ||
| ); |
Check failure
Code scanning / CodeQL
Server-side request forgery Critical
| syncVersion: syncFormatVersion, | ||
| name: name, | ||
| encryptMeta: encryptMeta, | ||
| owner: |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
| res.status(400).send('Single file ID is required'); | ||
| return; | ||
| } | ||
|
|
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High
| // Source: https://expressjs.com/en/guide/error-handling.html | ||
| return next(err); | ||
| } | ||
| console.log(`Error on endpoint ${req.url}`, err.message, err.stack); |
Check failure
Code scanning / CodeQL
Use of externally-controlled format string High
Bundle Stats — desktop-clientHey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle. As this PR is updated, I'll keep you updated on how the bundle size is impacted. Total
Changeset
View detailed bundle breakdownAdded No assets were added Removed No assets were removed Bigger
Smaller No assets were smaller Unchanged
|
Bundle Stats — loot-coreHey there, this message comes from a GitHub action that helps you and reviewers to understand how these changes affect the size of this project's bundle. As this PR is updated, I'll keep you updated on how the bundle size is impacted. Total
Changeset
View detailed bundle breakdownAdded No assets were added Removed No assets were removed Bigger No assets were bigger Smaller No assets were smaller Unchanged
|
…litch/actual into test-server-workflows
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.