Noah Bates testing branch integration (intro day)#1062
Noah Bates testing branch integration (intro day)#1062noahsbates wants to merge 3 commits intomainfrom
Conversation
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 26951809 | Triggered | OpenSSH Private Key | ce82e46 | github_ssh_1 | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secret safely. Learn here the best practices.
- Revoke and rotate this secret.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: eb2eef90fd
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| @@ -0,0 +1,7 @@ | |||
| -----BEGIN OPENSSH PRIVATE KEY----- | |||
There was a problem hiding this comment.
This commit introduces a full OpenSSH private key into version control, which means anyone with read access to the repository (including forks, clones, and CI logs that surface diffs) can potentially use it to authenticate as that identity until the key is revoked. Even if this was for testing, secrets in git history are long-lived and should be treated as compromised immediately.
Useful? React with 👍 / 👎.
| "Unique comment id" | ||
| id: ID! | ||
| "Course identifier (cs-course-id)" | ||
| courseId: String! | ||
| "User id of the comment author" | ||
| createdBy: String! | ||
| "Comment body text" | ||
| body: String! | ||
| "When the comment was created (ISO 8601)" | ||
| createdAt: String! | ||
| "When the comment was last updated (ISO 8601)" | ||
| updatedAt: String! |
| courseComments: async (_, { courseId, userId }) => { | ||
| try { | ||
| const comments = await getCourseComments(courseId, userId ?? undefined); | ||
| return comments as unknown as DiscussionModule.DiscussionComment[]; |
There was a problem hiding this comment.
It's somewhat acceptable, but try to avoid the as unknown as pattern. The formatter should ensure comments are put into the correct format
|
|
||
| const _id = doc._id; | ||
| if (!_id) | ||
| throw new GraphQLError("Comment missing _id", { |
There was a problem hiding this comment.
I think this actually indicates that something went wrong with creating your document
2 participants
No description provided.