Release v0.95.0 #1471
Release v0.95.0 #1471
Conversation
…1467) * fix(review): prevent users from specifying themselves as reivewers * test(review): add test toe ensure users cannot specify themselves for review request * chore: remove extra `.list.mock` call
|
|
There was a problem hiding this comment.
Pull request overview
This is a release PR that bumps the version from 0.93.0 to 0.95.0 and includes important security fixes and infrastructure updates.
Key Changes:
- Enhanced path traversal protection by adding
isSafePathvalidation to file and directory creation/rename operations - Added validation to prevent users from requesting themselves as reviewers
- Updated IAM deployment roles for both staging and production environments
Reviewed changes
Copilot reviewed 9 out of 10 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Version bumped from 0.93.0 to 0.95.0 |
| package-lock.json | Version bumped to match package.json |
| CHANGELOG.md | Added release notes for v0.95.0 and v0.94.0 with PR references and dates |
| src/services/fileServices/MdPageServices/SubcollectionPageService.js | Added isSafePath validation to prevent path traversal in subcollection page create and rename operations |
| src/services/fileServices/MdPageServices/ResourcePageService.js | Added isSafePath validation to prevent path traversal in resource page metadata validation |
| src/services/directoryServices/ResourceDirectoryService.js | Added isSafePath validation to prevent path traversal in resource directory create and rename operations |
| src/routes/v2/authenticated/review.ts | Added validation to reject review requests where the user attempts to add themselves as a reviewer |
| src/routes/v2/authenticated/tests/review.spec.ts | Added test coverage for the self-review prevention feature |
| .github/workflows/deploy_staging.yml | Updated CICD role ARN from generic GitHub OIDC role to environment-specific staging deploy role |
| .github/workflows/deploy_prod.yml | Updated CICD role ARN from generic GitHub OIDC role to environment-specific production deploy role |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| !isSafePath( | ||
| `/${collectionName}/${subcollectionName}/${newFileName}`, | ||
| `/${collectionName}` | ||
| ) | ||
| ) |
There was a problem hiding this comment.
The new isSafePath validation is a critical security feature that prevents path traversal attacks, but it lacks test coverage. Consider adding tests that verify this validation rejects malicious paths like those containing .., \0, or backslashes.
| const tokenArray = fileNameArray.split("-") | ||
| const date = tokenArray.slice(0, 3).join("-") | ||
| if (!isDateValid(date)) | ||
| if (!isDateValid(date) || !isSafePath(`/${fileName}`, "/")) |
There was a problem hiding this comment.
The new isSafePath validation is a critical security feature that prevents path traversal attacks, but it lacks test coverage. Consider adding tests that verify this validation rejects malicious paths like those containing .., \0, or backslashes.
| !isSafePath( | ||
| `/${resourceRoomName}/${resourceCategoryName}`, | ||
| `/${resourceRoomName}` | ||
| ) | ||
| ) { |
There was a problem hiding this comment.
The new isSafePath validation is a critical security feature that prevents path traversal attacks, but it lacks test coverage. Consider adding tests that verify this validation rejects malicious paths like those containing .., \0, or backslashes.
| !isSafePath( | ||
| `/${resourceRoomName}/${newDirectoryName}`, | ||
| `/${resourceRoomName}` | ||
| ) | ||
| ) { |
There was a problem hiding this comment.
The new isSafePath validation is a critical security feature that prevents path traversal attacks, but it lacks test coverage. Consider adding tests that verify this validation rejects malicious paths like those containing .., \0, or backslashes.
| (hasSpecialCharInTitle({ title: fileName, isFile: true }) || | ||
| !isSafePath( | ||
| `/${collectionName}/${subcollectionName}/${fileName}`, | ||
| `/${collectionName}` | ||
| )) |
There was a problem hiding this comment.
The new isSafePath validation is a critical security feature that prevents path traversal attacks, but it lacks test coverage. Consider adding tests that verify this validation rejects malicious paths like those containing .., \0, or backslashes.
Problem
Closes [insert issue #]
Solution
Breaking Changes
Features:
Improvements:
Bug Fixes:
Before & After Screenshots
BEFORE:
AFTER:
Tests
Deploy Notes
New environment variables:
env var: env var detailsfetch_ssm_parameters.sh)New scripts:
script: script detailsNew dependencies:
dependency: dependency detailsNew dev dependencies:
dependency: dependency details