[PROD RELEASE] - WorkManager Changes - Connect Decommission #1631
Conversation
…ression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
PM-971 Allow hyphen in url - asset library
fix(PM-974) Allow project managers to view all projects
feat(PM-974): allow PM to view users and delete users from project
fix(PM-974): projects list in challenges tab
PM-973 invite by mail
PM-973 - add missing assets
.github/workflows/code_reviewer.yml
Outdated
| types: | ||
| - opened | ||
| - synchronize | ||
| permissions: write-all |
There was a problem hiding this comment.
The permission write-all is quite broad. Consider specifying more granular permissions to adhere to the principle of least privilege. Refer to GitHub's permissions documentation for more details.
.github/workflows/code_reviewer.yml
Outdated
| types: | ||
| - opened | ||
| - synchronize | ||
| permissions: write-all |
There was a problem hiding this comment.
The permission write-all is quite broad. Consider specifying more granular permissions to adhere to the principle of least privilege. Refer to GitHub's permissions documentation for more details.
| - name: TC AI PR Reviewer | ||
| uses: topcoder-platform/tc-ai-pr-reviewer@master | ||
| with: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # The GITHUB_TOKEN is there by default so you just need to keep it like it is and not necessarily need to add it as secret as it will throw an error. [More Details](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret) |
There was a problem hiding this comment.
The comment about the GITHUB_TOKEN is informative but might be better placed in documentation or a README file rather than in the workflow file itself. Consider removing it from here to keep the workflow file clean.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| types: | ||
| - opened | ||
| - synchronize | ||
| permissions: |
There was a problem hiding this comment.
The change from permissions: write-all to specifying pull-requests: write is more restrictive, which is generally a good practice for security. However, ensure that this change does not inadvertently remove necessary permissions for other actions that might be required by the workflow. Double-check if additional permissions are needed for other parts of the workflow.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| * regex for url validation | ||
| */ | ||
| const urlRegex = /((https?):\/\/)?(www.)?[a-z0-9]+(\.[a-z]{2,}){1,3}(#?\/?(?:[a-zA-Z0-9#]+))*\/?(\?[a-zA-Z0-9-_]+=[a-zA-Z0-9-%]+&?)?$/ | ||
| const urlRegex = /((https?):\/\/)?(www\.)?[\w-]+(\.[a-z]{2,}){1,3}(#?\/?(?:[a-zA-Z0-9#-]+))*\/?(\?[a-zA-Z0-9-_]+=[a-zA-Z0-9-%]+&?)?$/ |
Check failure
Code scanning / CodeQL
Inefficient regular expression High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 8 months ago
To fix the problem, we need to modify the regular expression to remove the ambiguity that causes exponential backtracking. Specifically, we can replace the ambiguous character class [a-zA-Z0-9#-] with a more precise character class that avoids ambiguity. Additionally, we can simplify the regular expression to ensure it performs efficiently.
- Replace
[a-zA-Z0-9#-]+with a more specific character class that avoids ambiguity. - Ensure the regular expression still matches valid URLs without causing performance issues.
| @@ -60,3 +60,3 @@ | ||
| */ | ||
| const urlRegex = /((https?):\/\/)?(www\.)?[\w-]+(\.[a-z]{2,}){1,3}(#?\/?(?:[a-zA-Z0-9#-]+))*\/?(\?[a-zA-Z0-9-_]+=[a-zA-Z0-9-%]+&?)?$/ | ||
| const urlRegex = /((https?):\/\/)?(www\.)?[\w-]+(\.[a-z]{2,}){1,3}(#?\/?(?:[\w-]+))*\/?(\?[a-zA-Z0-9-_]+=[a-zA-Z0-9-%]+&?)?$/ | ||
|
|
Changes to be done in Work Manager while decommissioning Connect.
Updates: