sourcefuse / loopback4-helmet Goto Github PK

Describe the bug

• Loopback version update

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
   To reproduce,
   npm uninstall loopback4-helmet

Configure application, put this.component(Loopback4HelmetComponent);

Setup bind
this.bind(HelmetSecurityBindings.CONFIG).to({
referrerPolicy: {
policy: 'same-origin',
},
contentSecurityPolicy: {
directives: {
frameSrc: ["'self'"],
},
},
});

In a sequence constructor
@Inject(HelmetSecurityBindings.HELMET_SECURITY_ACTION)
protected helmetAction: HelmetAction,

Handle
await this.helmetAction(request, response);

When I try to request any endpoint I receive error:
GET /api/v1/animal/1/10?sort=order&direction=asc failed with status code 500. TypeError: Cannot read property 'constructor' of null

Expected behavior

The expectation is to intercept all requests and use this for security, mainly avoiding XSS attacks

Screenshots

@loopback/cli version: 3.0.0

Describe the bug
Changes for semantic-release
when dependencies are updated with chore type new version is not released

To Reproduce
try updating the dependencies using chore(deps)

Expected behavior
when dependencies are updated with chore type new version must be released

Describe the bug
Cross origin Error in Application, but api-explorer works fine

To Reproduce
Steps to reproduce the behavior:

1. In application.ts file :-
   this.bind(HelmetSecurityBindings.CONFIG).to({
   referrerPolicy: {
   policy: 'same-origin',
   },
   contentSecurityPolicy: {
   directives: {
   frameSrc: ["'self'"],
   },
   },
   });

2. Also throw has been blocked by CORS policy: Response header

Describe the bug
Loopback version update

Is your feature request related to a problem? Please describe.
Node v14 reaching its end of life this month. Loopback removes support for node v14 in all of its packages we depend on.

Sourceloop packages/services also currently have v12 and v14 as the supported versions.

Describe the solution you'd like
Remove the support for node v14 and v12. And add the support for the latest LTS version v18.

Describe alternatives you've considered
__

Additional context
__

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you can benefit from your bug fixes and new features again.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can fix this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here are some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

Invalid npm token.

The npm token configured in the NPM_TOKEN environment variable must be a valid token allowing to publish to the registry https://registry.npmjs.org/.

If you are using Two Factor Authentication for your account, set its level to "Authorization only" in your account settings. semantic-release cannot publish with the default "
Authorization and writes" level.

Please make sure to set the NPM_TOKEN environment variable in your CI with the exact value of the npm token.

Good luck with your project ✨

Your semantic-release bot 📦🚀

Describe the bug
loopback version update

To have a consistent header in all sourceloop packages.
Reference readme: https://www.npmjs.com/package/@sourceloop/cache

Is your feature request related to a problem? Please describe.

1. Remove support for node 16 and lower versions
2. update package deps.

Describe the solution you'd like
Changes in the node property of package.json
This will be a breaking change.

Is your feature request related to a problem? Please describe.
Adding semantic release for automatic release of packages.

Describe the solution you'd like
Using npm semantic-release

Describe alternatives you've considered

Additional context

Describe the bug
Loopback version updates.

See: sourcefuse/arc-docs#26

Describe the bug
Right now Issue description is not visible in the changelog
To Reproduce
Steps to reproduce the behavior:

1. Release a new version
2. check the changelog
3. Issue Description not visible
4. Issue link not clickable

Describe the bug
Update lb4 dependencies in the package

For further information refer to the link below:
sourcefuse/loopback4-soft-delete#197

Is your feature request related to a problem? Please describe.
After the sourceloop release processes regression on jenkins the release of packages needs to be done locally.

Describe the solution you'd like
Set up a manually dispatch-able github action to publish releases.

Describe alternatives you've considered
The possible alternate is to publish packages locally but that requires keeping the credentials environment already setup.

Additional context
__

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Your documentation is outdated. It still assumes people use the Action based sequence, but that's deprecated. The LB4 CLI generates Middleware sequences now, but you don't have instructions for that.

Describe the solution you'd like
A clear and concise description of what you want to happen.

Please provide up-to-date instruction on how to use this with Loopback 4. How to use this component in a Middleware sequence?
The LB4 documentation on this is insufficient and confusing.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
While putting the following code in sequence.ts file

export class MySequence implements SequenceHandler {

@Inject(SequenceActions.INVOKE_MIDDLEWARE, {optional: true})
protected invokeMiddlewareN: InvokeMiddleware = () => false;

constructor(
@Inject(SequenceActions.FIND_ROUTE) protected findRoute: FindRoute,
@Inject(SequenceActions.PARSE_PARAMS) protected parseParams: ParseParams,
@Inject(SequenceActions.INVOKE_METHOD) protected invoke: InvokeMethod,
@Inject(SequenceActions.SEND) public send: Send,
@Inject(SequenceActions.REJECT) public reject: Reject,
@Inject(HelmetSecurityBindings.HELMET_SECURITY_ACTION)
protected helmetAction: HelmetAction,
) { }

async handle(context: RequestContext) {
const requestTime = Date.now();
try {
const {request, response} = context;
const route = this.findRoute(request);
const args = await this.parseParams(request, route);

  // Helmet Action here
  //await this.helmetAction(request, response);

  const result = await this.invoke(route, args);
  this.send(response, result);
} catch (err) {
  console.log();
} finally {
  console.log();
}

}
}

I am getting an error

"Resolution Error: The key 'sf.security.helmet.actions' is not bound to any value in context RequestContext-gY0uhFUWRMyqzs2bXcksWw-3"

I want to use helmet for Strict Transport Security Policy and Cross Origin Resource Sharing Configuration, but I am stuck here only.

Please help me, I am new to loop back. Thank you in advance.

Describe the bug
loopback version update

Describe the bug
Add Sonar and Synk Badges

• update all dependencies ( including dev and peer dependencies)
• use node version 16 for the same

Describe the bug

• License and Copyright Headers’ Year Upgradation

Describe the bug
Test case coverage missing and not up to the mark

To Reproduce
We should have at least 75% unit test case coverage for this package.

Hi Team,
I am getting this error in application.ts while initialize the Loopback4HelmetComponent.

versions:
"@loopback/boot": "^3.4.2",
"@loopback/context": "^5.0.7",
"@loopback/core": "^2.16.2",
"@loopback/repository": "^3.7.1",
"@loopback/rest": "^10.0.0",
"@loopback/rest-explorer": "^3.3.2",
"@loopback/service-proxy": "^3.2.2",
"loopback4-helmet": "^4.2.0",

please help me on this issue.

Describe the bug
remove all current vulnerability of loopback4-helmet

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

I am getting error in the following line

// Helmet Action here
await this.helmetAction(request, response);

Argument of type 'import("//node_modules/@types/express/index").Request<import("/home/surabhi/Documents/ /node_modules/@types/express-serve-static-core/index").ParamsDictionary, any, any, qs.ParsedQs, Record<string, any>>' is not assignable to parameter of type 'import /node_modules/@loopback/express/node_modules/@types/express/index").Request<import("//node_modules/@loopback/express/node_modules/@types/express-serve-static-core/index").ParamsDictionary, any, any, qs.ParsedQs, Record<...>>'.
The types of 'app.get' are incompatible between these types.
Type '((name: string) => any) & IRouterMatcher<Application, any>' is not assignable to type '((name: string) => any) & IRouterMatcher<Application<Record<string, any>>, any>'.
Type '((name: string) => any) & IRouterMatcher<Application, any>' is not assignable to type 'IRouterMatcher<Application<Record<string, any>>, any>'.
Types of parameters 'name' and 'path' are incompatible.
Type 'PathParams' is not assignable to type 'string'.
Type 'RegExp' is not assignable to type 'string'.ts(2345)

I appreciate your help.

Sequence.ts file:

at console err, it is giving me this error,
anyone have idea about that

Describe the bug
Loopback version updates

Can not import component to lb4 application.Please help

Describe the bug
Currently the issues and PR never closed even if inactive.
They should be closed automatically.

To Reproduce
Steps to reproduce the behavior:

1. Create a new issue/Pr
2. Observe it.
3. Even after no activity it stays open.

Expected behavior
Inactive issues/Pr should be closed automatically.

Describe the bug
This issue is supposed to be used for all deps update and chore PRs.

Is your feature request related to a problem? Please describe.
Right now the changelog created for releases is not well in detail and informative.
Request to generate detailed changelog.

Describe the solution you'd like
Can use different npm packages available