Skip to content

migrate to pino#153

Merged
UlisesGascon merged 1 commit intoOpenPathfinder:mainfrom
bjohansebas:pinojs
Dec 17, 2024
Merged

migrate to pino#153
UlisesGascon merged 1 commit intoOpenPathfinder:mainfrom
bjohansebas:pinojs

Conversation

@bjohansebas
Copy link
Contributor

@bjohansebas bjohansebas commented Dec 16, 2024

fixes: #132

@bjohansebas bjohansebas force-pushed the pinojs branch 2 times, most recently from 7b6257f to 7c73879 Compare December 16, 2024 23:18
@socket-security
Copy link

socket-security bot commented Dec 16, 2024
edited
Loading

New dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/pino-pretty@13.0.0 environment Transitive: filesystem +18 822 kB matteo.collina
npm/pino@9.5.0 environment, unsafe Transitive: eval, filesystem +12 1.19 MB matteo.collina

View full report↗︎

bjohansebas
bjohansebas commented Dec 16, 2024
View reviewed changes
src/providers/index.js
const start = new Date().getTime()
const { stdout, stderr } = await exec(`docker run -e GITHUB_AUTH_TOKEN=${process.env.GITHUB_TOKEN} --rm ${ossfScorecardSettings.dockerImage} --repo=${repo.html_url} --show-details --format=json`)
if (stderr) {
console.error(stderr)
Copy link
Contributor Author

@bjohansebas bjohansebas Dec 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not possible to parse a string, so the best option would be to remove this to prevent a token leak.

Or maybe I haven't found the option yet.

Copy link
Contributor Author

@bjohansebas bjohansebas Dec 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know there is redact to do that, but it only works at the object level, or that's the only way it has worked correctly for me.

https://github.com/pinojs/pino/blob/main/docs/redaction.md

Copy link
Member

@UlisesGascon UlisesGascon Dec 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are totally right! Let me see if I can use a hook for this, as the token pattern is clear.

@bjohansebas bjohansebas marked this pull request as ready for review December 16, 2024 23:24
@bjohansebas
Copy link
Contributor Author

bjohansebas commented Dec 16, 2024

Is there any reason why the CI is not running?

@UlisesGascon UlisesGascon self-assigned this Dec 17, 2024
@UlisesGascon
Copy link
Member

UlisesGascon commented Dec 17, 2024

Is there any reason why the CI is not running?

I was using a preview version an seems like there is a bug https://github.com/orgs/community/discussions/143787#discussioncomment-11593095. The CI is passing now 👍

@UlisesGascon UlisesGascon mentioned this pull request Dec 17, 2024
Merged
@UlisesGascon UlisesGascon merged commit dd2143f into OpenPathfinder:main Dec 17, 2024
3 checks passed
@bjohansebas bjohansebas deleted the pinojs branch December 17, 2024 20:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@UlisesGascon UlisesGascon UlisesGascon left review comments

Assignees

@UlisesGascon UlisesGascon

Labels

None yet

Projects

None yet

Milestone

Enable external collaboration

Development

Successfully merging this pull request may close these issues.

Logger Migration to Pino

2 participants

@bjohansebas @UlisesGascon