profile
viewpoint
Raphaël Huchet rap2hpoutre @forestadmin Nantes, France http://raph.site Stodgy mixture of Rust, JS, PHP, Forth, SQL, GFA Basic, music and more https://twitter.com/rap2h

betagouv/react-elasticsearch 57

🛁 React + Elasticsearch - UI components for building data-driven search experiences

rap2hpoutre/create-user-command 21

🦀 Create User with artisan

betagouv/pop 10

Plateforme Ouverte du Patrimoine

rap2hpoutre/convert-accent-characters 4

Converts all UTF-8 accent characters to ASCII characters

betagouv/eac 3

La Plateforme de l'Éducation Artistique et Culturelle

betagouv/pop-shared 1

Composants partagés pour les différentes applications POP

issue commentForestAdmin/lumber

view codes does not work

Feel free to reopen this issue if required.

perfectwebtech

comment created time in 6 days

issue closedForestAdmin/lumber

view codes does not work

hello

is it view code not work in production or development on self hosted solution ?

must pay 250 usd for database generated code success but view does not generated

in app.forestadmin.com works fine but on my selfhosted solution does not apear view

but apear models and middleware offcourse

anybody can help me ? how can done in community edition ?

closed time in 6 days

perfectwebtech

issue commentForestAdmin/lumber

Lumber not allowing pass-through of dialectOptions for Sequelize

Feel free to re-open if you still have any issues.

antoniojtorres

comment created time in 6 days

issue closedForestAdmin/lumber

Lumber not allowing pass-through of dialectOptions for Sequelize

This may be more of a feature request / limitation than a bug. Thanks in advance.

Expected behavior

Setting up ForestAdmin using lumber for the first time. Have a backend service in heroku using Heroku Postgres. When generating the lumber command and adding my database connection. Once that runs I expect lumber to run successfully.

Actual behavior

When running the command I received the error "SequelizeConnectionError: self signed certificate". This is because heroku postgres uses self-signed certificates for this database.

When specifying ssl as true, lumber-generate.js generates these options for Sequelize { logging: false, dialectOptions: { ssl: true } }

This isn't enough for my scenario.

The installation can be pushed through with { logging: false, dialectOptions: { ssl: true, rejectUnauthorized: false } }

This issue is not about what is right or wrong in terms on how to connect. What I am suggesting is providing the ability to have a pass-through for database specific flags so users can tackle their edge cases. The current implementation in lumber-generate has a very narrow set of options.

Failure Logs

? Does your database require a SSL connection? Yes ✖ Connecting to your database

Cannot connect to the database due to the following error: SequelizeConnectionError: self signed certificate

Context

Node 12.16.3 NPM 6.14.4

  • Lumber Package Version: 3.6.4
  • Database Dialect: PostgreSQL
  • Database Version: 12.3

Thank you all for the wonderful code and product. Big fan.

PS: As you may have figured, when I launched the admin the cert validation error is also present there. I am stuck :(

closed time in 6 days

antoniojtorres

issue closedForestAdmin/lumber

DATABASE_URL hard-coded in docker-compose.yml

Expected behavior

Expect services.app in docker-compose.yml to source environment variables from .env.

Actual behavior

It was surprising to see that our DATABASE_URL was directly added to the services.app.environment property (hard-coded) when the docker-compose.yml was generated by lumber.

Failure Logs

Not a failure, just a security concern because many users likely will create a Git repo out of this and the docker-compose.yml would part of that codebase with a DATABASE_URL hard-coded in.

I wouldn't have known this if I didn't thoroughly inspect every file generated by lumber.

Context

  • Lumber Package Version: 3.6.0
  • Database Dialect: PostgreSQL
  • Database Version: 11.6

closed time in 6 days

albertinator

issue commentForestAdmin/lumber

DATABASE_URL hard-coded in docker-compose.yml

A new version of lumber has just been released thanks to your suggestion: https://github.com/ForestAdmin/lumber/pull/464#issuecomment-709057240 🎉

Thank you for your feedback! 🙏

Feel free to re-open this issue if you have any issue!

albertinator

comment created time in 6 days

push eventForestAdmin/lumber

Raphaël Huchet

commit sha 96742758f518513b6c6848cce2cd5c5fc9489b9c

feat(security): use env variables in docker-compose.yml (#464)

view details

push time in 6 days

delete branch ForestAdmin/lumber

delete branch : feat(security)--use-env-variables-in-docker-compose.yml

delete time in 6 days

PR merged ForestAdmin/lumber

feat(security): use env variables in docker-compose.yml

It seems it works. Not tested on Linux though. See: https://github.com/ForestAdmin/lumber/issues/439

Pull Request checklist:

  • [x] Write an explicit title for the Pull Request, following Conventional Commits specification
  • [ ] Create automatic tests
  • [x] No automatic tests failures
  • [x] Test manually the implemented changes
  • [x] Review my own code (indentation, syntax, style, simplicity, readability)
  • [x] Wonder if you can improve the existing code
+30 -25

4 comments

4 changed files

rap2hpoutre

pr closed time in 6 days

push eventForestAdmin/lumber

Raphaël Huchet

commit sha 6bd91a3a5427da274810cf6dd4393a04b70a5c7e

fix: use APPLICATION_PORT in Dockerfile

view details

push time in 13 days

startedetalab/transport-validator

started time in 15 days

pull request commentForestAdmin/lumber

feat(security): use env variables in docker-compose.yml

Not sure why I can't make docker-compose up properly work on a fresh install on my computer (master or this branch) still it seems the env variable replacement works. Could you try to test it @guillaumedeslandes ?

rap2hpoutre

comment created time in 19 days

push eventForestAdmin/lumber

Raphaël Huchet

commit sha aa6f95d34c444ee1ad6a41c9fe066c5379843768

fix: review fix

view details

push time in 19 days

pull request commentrap2hpoutre/laravel-log-viewer

Exception thrown if file is not readable

Thank you for this contribution! I'll try to release it soon!

hulkur

comment created time in 20 days

push eventrap2hpoutre/laravel-log-viewer

Jaanus Vapper

commit sha 1a11c77d005670ac195a53f56bcda73f4d81ebb1

Check that file is readable (#243)

view details

push time in 20 days

PR merged rap2hpoutre/laravel-log-viewer

Exception thrown if file is not readable

In case log file is not readable (generated by some other process, cron etc) exception is thrown.

This PR checks for that and returns message about it as log content.

Thoughts on what would be the best way to make it clear it is an error message from package and not actual log file content?

It would also be possible to mark files as unreadable in file list but that requires checking all files at every load and might not be advisable. Thoughts?

+10 -0

0 comment

1 changed file

hulkur

pr closed time in 20 days

pull request commentnpm/validate-npm-package-name

chore: update misleading naming rule

Hello?

rap2hpoutre

comment created time in 20 days

pull request commentrap2hpoutre/vue-picture-swipe

Fix condition to display figures properly

Thank you @LodrikMtl! Sorry for the delay.

@alditis @kfrederix @maurosanjo @LodrikMtl Available in 2.0.2 (update your package)

LodrikMtl

comment created time in 20 days

push eventrap2hpoutre/vue-picture-swipe

Raphaël Huchet

commit sha 448eedf2835f1aadddb613df64819f494db6addc

Release 2.0.2

view details

push time in 20 days

created tagrap2hpoutre/vue-picture-swipe

tag2.0.2

🖼 Vue Picture Swipe Gallery (a gallery of image with thumbnails, lazy-load and swipe) backed by photoswipe

created time in 20 days

push eventrap2hpoutre/vue-picture-swipe

Karl

commit sha de0c272d47eff399a75b77a86d81696ecfd09121

Fix condition to display figures properly (#32)

view details

push time in 20 days

PR merged rap2hpoutre/vue-picture-swipe

Fix condition to display figures properly

The current implementation is missing the first image. The condition was incorrect.

+2 -2

1 comment

2 changed files

LodrikMtl

pr closed time in 20 days

pull request commentrap2hpoutre/fast-excel

Update README.md (variable naming)

Thank you!

mashkovtsevlx

comment created time in 20 days

push eventrap2hpoutre/fast-excel

Alexander

commit sha 20187771e2b3df1861bb5a060983d1bbfd6b75ec

Update README.md (#187)

view details

push time in 20 days

PR merged rap2hpoutre/fast-excel

Update README.md (variable naming)

Fix variable naming

+1 -1

0 comment

1 changed file

mashkovtsevlx

pr closed time in 20 days

PullRequestReviewEvent

issue commentForestAdmin/lumber

Lumber not allowing pass-through of dialectOptions for Sequelize

@bartjoyce It has just been fixed thanks to your comment!

Could you try again with the latest version of lumber? (v3.7.2)


If you want to fix your actual project without re-running the install command, add this line to your .env file:

DATABASE_REJECT_UNAUTHORIZED=false

Then edit models/index.js (here):

-  databaseOptions.dialectOptions.ssl = true;
+ const rejectUnauthorized = process.env.DATABASE_REJECT_UNAUTHORIZED;
+ if (rejectUnauthorized && (JSON.parse(rejectUnauthorized.toLowerCase()) === false)) {
+   databaseOptions.dialectOptions.ssl = { rejectUnauthorized: false };
+ } else {
+   databaseOptions.dialectOptions.ssl = true;
+ }

Let me know if it fixed your issue :pray:

antoniojtorres

comment created time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha 9e91eb277b47ad9572360ab263b2e983b89480b0

fix: fix rejectUnauthorized handling (#474)

view details

push time in a month

delete branch ForestAdmin/lumber

delete branch : fix-rejectUnauthorized

delete time in a month

PR merged ForestAdmin/lumber

fix: fix rejectUnauthorized handling

Woops. See: https://github.com/ForestAdmin/lumber/issues/452#issuecomment-697213142

Pull Request checklist:

  • [x] Write an explicit title for the Pull Request, following Conventional Commits specification
  • [ ] Create automatic tests
  • [x] No automatic tests failures
  • [ ] Test manually the implemented changes
  • [x] Review my own code (indentation, syntax, style, simplicity, readability)
  • [x] Wonder if you can improve the existing code
+4 -2

0 comment

2 changed files

rap2hpoutre

pr closed time in a month

Pull request review commentForestAdmin/ember-uploader

feat: allow returning response headers alongside date via didUpload.withHeaders

 module('EmberUploader.Uploader', function(hooks) {       assert.ok(true);     }); +    uploader.on('didUpload.withHeaders', function(data) {+      assert.ok(true);+    });

:)

guillaumedeslandes

comment created time in a month

Pull request review commentForestAdmin/ember-uploader

feat: allow returning response headers alongside date via didUpload.withHeaders

 uploader.on('didUpload', e => { }); ``` +```js+uploader.on('didUpload.withHeaders', e => {+  // Handle finished upload
  // Handle finished upload (you could use: e.data, e.headers, e.status and e.xhr).
guillaumedeslandes

comment created time in a month

Pull request review commentForestAdmin/ember-uploader

feat: allow returning response headers alongside date via didUpload.withHeaders

 export default EmberObject.extend(Evented, {   },    /**-   * Triggers didUpload event with given params and sets isUploading to false+   * Triggers didUpload and didUpload.withHeaders events with given params+   * and sets isUploading to false    *    * @param {object} data Object of data supplied to the didUpload event+   * @param {object} status Status of the request+   * @param {object} xhr XMLHttpRequest instance for this request    * @return {object} Returns the given data    */-  didUpload (data) {+  didUpload (data, status, xhr) {     set(this, 'isUploading', false);     this.trigger('didUpload', data);++    const headers = {};+    xhr+      .getAllResponseHeaders().trim().split(/[\r\n]+/)+      .map((header) => {+        const [key, value] = header.split(': ');+        headers[key] = value;+      }),

This is not a super candidate for map since:

  • it does not return anything
  • it alters the values of something else.

Maybe we could have a map (to get key+value) then a reduce:

// Get headers as a key-value object.
const headers = xhr
  .getAllResponseHeaders().trim().split(/[\r\n]+/)
  .map((header) => header.split(': '))
  .reduce((headers, [key, value]) => {
    headers[key] = value;
  }, {});

Or Object.fromEntries:

// Get headers as a key-value object.
const headers = Object.fromEntries(
  xhr.getAllResponseHeaders().trim().split(/[\r\n]+/)
  .map((header) => header.split(': '))
);

Or if you prefer your first approach, you should change to a forEach:

// Get headers as a key-value object.
const headers = {};
xhr
  .getAllResponseHeaders().trim().split(/[\r\n]+/)
  .forEach((header) => {
    const [key, value] = header.split(': ');
    headers[key] = value;
  });

Warning: don't forget to change the , with a ; line 129

guillaumedeslandes

comment created time in a month

PullRequestReviewEvent
PullRequestReviewEvent

issue commentForestAdmin/lumber

Lumber not allowing pass-through of dialectOptions for Sequelize

@bartjoyce Whoops. Thank you for spotting this, and sorry for the mess. A new PR is on its way!

antoniojtorres

comment created time in a month

PR opened ForestAdmin/lumber

fix: fix rejectUnauthorized handling

Pull Request checklist:

  • [x] Write an explicit title for the Pull Request, following Conventional Commits specification
  • [ ] Create automatic tests
  • [x] No automatic tests failures
  • [ ] Test manually the implemented changes
  • [x] Review my own code (indentation, syntax, style, simplicity, readability)
  • [x] Wonder if you can improve the existing code
+4 -2

0 comment

2 changed files

pr created time in a month

create barnchForestAdmin/lumber

branch : fix-rejectUnauthorized

created branch time in a month

pull request commentForestAdmin/ember-uploader

feat: allow returning response headers alongside date via didUpload.withHeaders

@guillaumedeslandes Could we try to open a PR even if the package is not that maintained? I tried to desperate ping on Github

guillaumedeslandes

comment created time in a month

issue openedbenefitcloud/ember-uploader

Is this package still maintained?

Is this package still maintained? Is there a competitor?

created time in a month

PullRequestReviewEvent

pull request commentForestAdmin/lumber

feat(security): use env variables in docker-compose.yml

You are right: docker-compose should not contain generated values anymore: it should entirely rely on .env file so users understand where to update their conf. Let me update this PR!

rap2hpoutre

comment created time in a month

issue commentForestAdmin/lumber

Lumber not allowing pass-through of dialectOptions for Sequelize

Hi @antoniojtorres @djpate @snwfdhmp

We just released a new version of Lumber that adds a DATABASE_REJECT_UNAUTHORIZED parameter in Lumber generated projects (it is set to false by default to ease users onboarding). If you update Lumber to the latest version then start a new project, you should not be annoyed anymore with the SequelizeConnectionError: self-signed certificate message.

If you want to fix your actual project without re-running the install command, add this line to your .env file:

DATABASE_REJECT_UNAUTHORIZED=false

Then edit models/index.js (here):

-  databaseOptions.dialectOptions.ssl = true;
+  if (process.env.DATABASE_REJECT_UNAUTHORIZED === false) {
+    databaseOptions.dialectOptions.ssl = { rejectUnauthorized: false };
+  } else {
+    databaseOptions.dialectOptions.ssl = true;
+  }

A quick note about the chosen implementation: I first created an implementation with a dialectOptions for Lumber, but after some discussion with other members of the team, we finally decided to implement a fix for this need only (the main argument is that we do not need to develop something heavy for problems that are not identified yet).

TL;DR: Issue fixed, update to latest Lumber version.

Let me know if you have any issue, I would be glad to help you!

antoniojtorres

comment created time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha 2cf7e6bcbe40e762fabf2f038e4e1188c509887f

feat: trust SSL certificate by default to ease users onboarding (#472)

view details

push time in a month

delete branch ForestAdmin/lumber

delete branch : feat/reject-unauthorized

delete time in a month

PR merged ForestAdmin/lumber

feat: trust SSL certificate by default to ease users onboarding

As suggested by @arnaudbesnier, we do not add a dialectOptions option. See two dead PRs here: #471 & #468

Let's add DATABASE_REJECT_UNAUTHORIZED=false every time, for each case. It solves P1 and it doesn't try to solve problems that don't exist.

See:

  • https://github.com/ForestAdmin/lumber/issues/452
  • https://app.clickup.com/t/82nzna
  • https://community.forestadmin.com/t/ssl-issues-with-forestadmin/837
  • https://forestadmin.productboard.com/roadmap/1782065-roadmap-forest-by-lanes/features/5553384/insights
  • https://forestadmin.slack.com/archives/GCYMMU085/p1599721557051000

Pull Request checklist:

  • [x] Write an explicit title for the Pull Request, following Conventional Commits specification
  • [x] Create automatic tests
  • [x] No automatic tests failures
  • [x] Test manually the implemented changes
  • [x] Review my own code (indentation, syntax, style, simplicity, readability)
  • [x] Wonder if you can improve the existing code
+98 -24

0 comment

6 changed files

rap2hpoutre

pr closed time in a month

Pull request review commentForestAdmin/lumber

feat: trust SSL certificate by default to ease users onboarding

 DATABASE_URL={{ databaseUrl }} DATABASE_SCHEMA={{ dbSchema }} {{/if}} DATABASE_SSL={{ ssl }}+# This should be removed in production environment.+DATABASE_REJECT_UNAUTHORIZED=false

Shouldn't this env var be added only when DATABASE_SSL is true?

You may be right. Still, assuming users could switch DATABASE_SSL to true/false, they also should be able to change this options (or at least to be aware it exists).

As discussed, not a big fan of REJECT_UNAUTHORIZED=false by default (Especially when a user ask specifically for SSL), but I guess this has been discussed

Yes, it has been done by design. It is in .env so the developer will not miss it when creating a new environment (eg: prod, staging). So I guess it's OK.

rap2hpoutre

comment created time in a month

PullRequestReviewEvent

Pull request review commentForestAdmin/lumber

feat: trust SSL certificate by default to ease users onboarding

 function Database() {      const connectionOptionsSequelize = { logging: false }; -    // NOTICE: mysql2 does not accepts unwanted options anymore.-    //         See: https://github.com/sidorares/node-mysql2/pull/895-    if (databaseDialect === 'mysql') {-      // NOTICE: Add SSL options only if the user selected SSL mode.-      if (isSSL) {-        // TODO: Lumber should accept certificate file (CRT) to work with SSL.-        //       Since it requires to review onboarding, it is not implemented yet.-        //       See: https://www.npmjs.com/package/mysql#ssl-options-        connectionOptionsSequelize.dialectOptions = {-          ssl: { rejectUnauthorized: isSSL },-        };-      }-    } else if (databaseDialect === 'mssql') {-      connectionOptionsSequelize.dialectOptions = {-        options: {-          encrypt: isSSL,-        },-      };-    } else {-      connectionOptionsSequelize.dialectOptions = {-        ssl: isSSL,-      };+    if (databaseDialect === 'mssql') {+      connectionOptionsSequelize.dialectOptions = { options: { encrypt: isSSL } };+    } else if (isSSL) {+      // Add SSL options only if the user selected SSL mode.+      // SSL Cerificate is always trusted during `lumber generate` command to ease their onboarding.+      connectionOptionsSequelize.dialectOptions = { ssl: { rejectUnauthorized: false } };

mssql was already considered different and doesn't have the same options. However, the default behavior is already to trust certificates. Source: http://tediousjs.github.io/tedious/api-connection.html

options.trustServerCertificate If "true", the SQL Server SSL certificate is automatically trusted when the communication layer is encrypted using SSL. If "false", the SQL Server validates the server SSL certificate. If the server certificate validation fails, the driver raises an error and terminates the connection. Make sure the value passed to serverName exactly matches the Common Name (CN) or DNS name in the Subject Alternate Name in the server certificate for an SSL connection to succeed. (default: true).

rap2hpoutre

comment created time in a month

PullRequestReviewEvent

push eventForestAdmin/lumber

Raphaël Huchet

commit sha b63c959badfbbd5b44ac821af8b181829f0d2db9

test: add tests

view details

push time in a month

issue commentsequelize/sequelize

SequelizeConnectionError: self signed certificate

@manoellribeiro Thanks! Is require: true, necessary? I did not see any occurrence in the documentation, I may have missed something!

Dave3of5

comment created time in a month

PR opened ForestAdmin/lumber

feat: trust SSL certificate by default to ease users onboarding

Pull Request checklist:

  • [ ] Write an explicit title for the Pull Request, following Conventional Commits specification
  • [ ] Create automatic tests
  • [ ] No automatic tests failures
  • [ ] Test manually the implemented changes
  • [ ] Review my own code (indentation, syntax, style, simplicity, readability)
  • [ ] Wonder if you can improve the existing code
+14 -24

0 comment

3 changed files

pr created time in a month

create barnchForestAdmin/lumber

branch : feat/reject-unauthorized

created branch time in a month

PR closed ForestAdmin/lumber

Reviewers
feat: add dialectOptions to allow users to choose their connection options

An alternative version of https://github.com/ForestAdmin/lumber/pull/468

See:

  • https://github.com/ForestAdmin/lumber/issues/452
  • https://forest.slite.com/app/channels/-KdBU14ToWBAerCk_HGS/notes/q24dZlQGGK
  • https://app.clickup.com/t/82nzna
  • https://community.forestadmin.com/t/ssl-issues-with-forestadmin/837
  • https://forestadmin.productboard.com/roadmap/1782065-roadmap-forest-by-lanes/features/5553384/insights
  • https://forestadmin.slack.com/archives/GCYMMU085/p1599721557051000

Pull Request checklist:

  • [x] Write an explicit title for the Pull Request, following Conventional Commits specification
  • [x] Create automatic tests
  • [x] No automatic tests failures
  • [x] Test manually the implemented changes
  • [x] Review my own code (indentation, syntax, style, simplicity, readability)
  • [x] Wonder if you can improve the existing code
+235 -25

0 comment

15 changed files

rap2hpoutre

pr closed time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha 492d92bc2ba589c87eea919384a02d0a1bb628e7

fix: preserve legacy options

view details

push time in a month

Pull request review commentForestAdmin/lumber

feat: add dialectOptions to allow users to choose their connection options

 const defaultValuesModel = require('../../../test-expected/sequelize/db-analysis  const Dumper = require('../../../services/dumper'); -function getDumper() {+function getDumper(options = {}) {

Fixed via: https://github.com/ForestAdmin/lumber/pull/471/commits/eab7fc01787e75ac3a4ed7c9c93d1610a0b007b0

It now makes sense to add options see: https://github.com/ForestAdmin/lumber/pull/471/commits/eab7fc01787e75ac3a4ed7c9c93d1610a0b007b0#diff-614379289d3345516dbe409537ed835fR114

rap2hpoutre

comment created time in a month

PullRequestReviewEvent

push eventForestAdmin/lumber

Raphaël Huchet

commit sha eab7fc01787e75ac3a4ed7c9c93d1610a0b007b0

fix: fix tests

view details

push time in a month

push eventForestAdmin/lumber

Guillaume Deslandes

commit sha 3114f845e70f987adf44574b3eb32fa97023f3f8

fix(models): add missing association aliases (#469)

view details

Forest

commit sha e823d77705ec1690da5026a83910538e3bf47147

chore(release): 3.6.10 [skip ci] ## [3.6.10](https://github.com/ForestAdmin/lumber/compare/v3.6.9...v3.6.10) (2020-09-16) ### Bug Fixes * **models:** add missing association aliases ([#469](https://github.com/ForestAdmin/lumber/issues/469)) ([3114f84](https://github.com/ForestAdmin/lumber/commit/3114f845e70f987adf44574b3eb32fa97023f3f8))

view details

Guillaume Deslandes

commit sha ae116742cc0d8c9c248240d4023acae585a0e2c3

fix(models): enforce string type for default value when 'NULL' (#470)

view details

Forest

commit sha c351ab33221707c49eed8cea963a036be429ae11

chore(release): 3.6.11 [skip ci] ## [3.6.11](https://github.com/ForestAdmin/lumber/compare/v3.6.10...v3.6.11) (2020-09-17) ### Bug Fixes * **models:** enforce string type for default value when 'NULL' ([#470](https://github.com/ForestAdmin/lumber/issues/470)) ([ae11674](https://github.com/ForestAdmin/lumber/commit/ae116742cc0d8c9c248240d4023acae585a0e2c3))

view details

Raphaël Huchet

commit sha d89a86e3a3ff23215fbca32eb560fc0feb4ae67c

Merge branch 'master' into feat/dialect-options-alt

view details

push time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha 57b476671abd08fa27f1a946515b663359f8b4a3

fix: again

view details

push time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha b47dd1cfa15fef04e43fd43bb4262d09538dc2b2

fix: fix

view details

push time in a month

PR closed ForestAdmin/lumber

Reviewers
feat: add dialectOptions to allow users to choose their connection options

See:

  • https://github.com/ForestAdmin/lumber/issues/452
  • https://forest.slite.com/app/channels/-KdBU14ToWBAerCk_HGS/notes/q24dZlQGGK
  • https://app.clickup.com/t/82nzna
  • https://community.forestadmin.com/t/ssl-issues-with-forestadmin/837
  • https://forestadmin.productboard.com/roadmap/1782065-roadmap-forest-by-lanes/features/5553384/insights
  • https://forestadmin.slack.com/archives/GCYMMU085/p1599721557051000

⚠️ Issue

I see one big issue with this implementation. Users could miss that a dialectOptions option has been configured since it is only referenced in models/index.js. For instance, if they selected postgreSQL during their onboarding (see specs), it will automatically add the line above in their code, and they could forget to remove it when going to production, which is a security issue since they are not protected about man in the middle attack:

dialectOptions: {"rejectUnauthorized":false},

Reviewer, before testing and reading code, could you help me decide how to address this issue?

Solution 1

Adding a comment such as:

// You will have to review dialect options when switching environment.
// For instance, if you set `rejectUnauthorized` to false in development mode, 
// you should remove it in production to avoid security issues.
dialectOptions: {"rejectUnauthorized":false},

Caveat: User can still miss this comment (but Forest Admin has done its job: users may be aware thanks to this comment).

Solution 2

Move dialectOptions JSON string in .env.

DATABASE_DIALECT_OPTIONS={"rejectUnauthorized":false}

Then in models/index.js

dialectOptions: JSON.parse(process.env.DATABASE_DIALECT_OPTIONS || '{}'),

Caveat: writing JSON in .env is not that common I guess.

Pull Request checklist:

  • [x] Write an explicit title for the Pull Request, following Conventional Commits specification
  • [x] Create automatic tests
  • [x] No automatic tests failures
  • [ ] Test manually the implemented changes
  • [x] Review my own code (indentation, syntax, style, simplicity, readability)
  • [x] Wonder if you can improve the existing code
+199 -13

2 comments

12 changed files

rap2hpoutre

pr closed time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha b5d074f1c68010968e125ff5af1c7bc593201be4

fix: fix

view details

push time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha dd822b48268f889019ecf7454c256e0aeb186771

fix: fix

view details

push time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha 3e5cbf56ddaff0ad93316f6517c55906ee1506aa

fix: add docker-compose

view details

push time in a month

PR opened ForestAdmin/lumber

feat: add dialectOptions to allow users to choose their connection options

Alternative version of https://github.com/ForestAdmin/lumber/pull/468

Pull Request checklist:

  • [ ] Write an explicit title for the Pull Request, following Conventional Commits specification
  • [ ] Create automatic tests
  • [ ] No automatic tests failures
  • [ ] Test manually the implemented changes
  • [ ] Review my own code (indentation, syntax, style, simplicity, readability)
  • [ ] Wonder if you can improve the existing code
+141 -13

0 comment

12 changed files

pr created time in a month

create barnchForestAdmin/lumber

branch : feat/dialect-options-alt

created branch time in a month

pull request commentForestAdmin/lumber

feat: add dialectOptions to allow users to choose their connection options

If I am right

@arnaudbesnier Fortunately, you are wrong 🎉

👉 BONUS: Do you want to be my reviewer? 🥰 (I failed to find one!)

rap2hpoutre

comment created time in a month

issue commentrap2hpoutre/fast-excel

Upgrade to Spout 3.0 ?

It should be considered. Still, I read the updgrade documentation and it seems it's not that simple. We would have to adapt some code, adapt tests, and check benchmark again (since creating a new row for each read line could consume some more memory and time).

johanrosenson

comment created time in a month

push eventrap2hpoutre/fast-excel

Raphaël Huchet

commit sha 70d5cc35d9f86977aec3fb8f011d4d13f9417b2f

Update README.md

view details

push time in a month

issue openedbox/spout

Spout V2 documentation

Since V3 has been released, I can't see the V2 documentation again. Is there a way to view it? I may have missed something.

created time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha 9fc030767f534b28095bd5c75981b12eb88519ed

fix: use dialect option in lumber itself too

view details

push time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha bef8c95af754aac9aa13066e3678760a8804844b

test: fix tests

view details

push time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha f4083533c6cd8d0beca9bc6fbe88afe082446a38

test: add tests

view details

push time in a month

push eventForestAdmin/lumber

Raphaël Huchet

commit sha 928e7be392fd0965bbfc80be725f2b69d3d7c28a

fix: disable sonarjs/no-duplicate-string

view details

push time in a month

PR opened ForestAdmin/lumber

feat: add dialectOptions to allow users to choose their connection options

Pull Request checklist:

  • [ ] Write an explicit title for the Pull Request, following Conventional Commits specification
  • [ ] Create automatic tests
  • [ ] No automatic tests failures
  • [ ] Test manually the implemented changes
  • [ ] Review my own code (indentation, syntax, style, simplicity, readability)
  • [ ] Wonder if you can improve the existing code
+71 -1

0 comment

7 changed files

pr created time in a month

create barnchForestAdmin/lumber

branch : feat/dialect-options

created branch time in a month

issue commentForestAdmin/lumber

Lumber not allowing pass-through of dialectOptions for Sequelize

Related issue here: https://community.forestadmin.com/t/ssl-issues-with-forestadmin/837

(Side note: I'm working on a patch, I hope to release it this week).

antoniojtorres

comment created time in a month

PullRequestReviewEvent

push eventrap2hpoutre/museomap

dependabot[bot]

commit sha e54739f4c0f9eaf9ec3cfce83b733e1e78cda74c

Bump http-proxy from 1.17.0 to 1.18.1 Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.17.0 to 1.18.1. - [Release notes](https://github.com/http-party/node-http-proxy/releases) - [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md) - [Commits](https://github.com/http-party/node-http-proxy/compare/1.17.0...1.18.1) Signed-off-by: dependabot[bot] <support@github.com>

view details

Raphaël Huchet

commit sha 73189c1c30242588ef84a156b148d985e685a60f

Merge pull request #11 from rap2hpoutre/dependabot/npm_and_yarn/http-proxy-1.18.1 Bump http-proxy from 1.17.0 to 1.18.1

view details

push time in a month

PR merged rap2hpoutre/museomap

Bump http-proxy from 1.17.0 to 1.18.1 dependencies

Bumps http-proxy from 1.17.0 to 1.18.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md">http-proxy's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/http-party/node-http-proxy/compare/1.18.0...v1.18.1">v1.18.1</a> - 2020-05-17</h2> <h3>Merged</h3> <ul> <li>Skip sending the proxyReq event when the expect header is present <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1447"><code>#1447</code></a></li> <li>Remove node6 support, add node12 to build <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1397"><code>#1397</code></a></li> </ul> <h2><a href="https://github.com/http-party/node-http-proxy/compare/1.17.0...1.18.0">1.18.0</a> - 2019-09-18</h2> <h3>Merged</h3> <ul> <li>Added in auto-changelog module set to keepachangelog format <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1373"><code>#1373</code></a></li> <li>fix 'Modify Response' readme section to avoid unnecessary array copying <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1300"><code>#1300</code></a></li> <li>Fix incorrect target name for reverse proxy example <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1135"><code>#1135</code></a></li> <li>Fix modify response middleware example <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1139"><code>#1139</code></a></li> <li>[dist] Update dependency async to v3 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1359"><code>#1359</code></a></li> <li>Fix path to local http-proxy in examples. <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1072"><code>#1072</code></a></li> <li>fix reverse-proxy example require path <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1067"><code>#1067</code></a></li> <li>Update README.md <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/970"><code>#970</code></a></li> <li>[dist] Update dependency request to ~2.88.0 [SECURITY] <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1357"><code>#1357</code></a></li> <li>[dist] Update dependency eventemitter3 to v4 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1365"><code>#1365</code></a></li> <li>[dist] Update dependency colors to v1 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1360"><code>#1360</code></a></li> <li>[dist] Update all non-major dependencies <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1356"><code>#1356</code></a></li> <li>[dist] Update dependency agentkeepalive to v4 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1358"><code>#1358</code></a></li> <li>[dist] Update dependency nyc to v14 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1367"><code>#1367</code></a></li> <li>[dist] Update dependency concat-stream to v2 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1363"><code>#1363</code></a></li> <li>x-forwarded-host overwrite for mutli level proxies <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1267"><code>#1267</code></a></li> <li>[refactor doc] Complete rename to http-party org. <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1362"><code>#1362</code></a></li> <li>Highlight correct lines for createProxyServer <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1117"><code>#1117</code></a></li> <li>Fix docs for rewrite options - 201 also handled <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1147"><code>#1147</code></a></li> <li>Update .nyc_output <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1339"><code>#1339</code></a></li> <li>Configure Renovate <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1355"><code>#1355</code></a></li> <li>[examples] Restream body before proxying, support for Content-Type of application/x-www-form-urlencoded <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1264"><code>#1264</code></a></li> </ul> <h3>Commits</h3> <ul> <li>[dist] New test fixtures. <a href="https://github.com/http-party/node-http-proxy/commit/7e4a0e511bc30c059216860153301de2cdd1e97f"><code>7e4a0e5</code></a></li> <li>[dist] End of an era. <a href="https://github.com/http-party/node-http-proxy/commit/a9b09cce43f072db99fb5170030a05536177ccb7"><code>a9b09cc</code></a></li> <li>[dist] Version bump. 1.18.0 <a href="https://github.com/http-party/node-http-proxy/commit/9bbe486c5efcc356fb4d189ef38eee275bbde345"><code>9bbe486</code></a></li> <li>[fix] Latest versions. <a href="https://github.com/http-party/node-http-proxy/commit/59c4403e9dc15ab9b19ee2a3f4aecbfc6c3d94c4"><code>59c4403</code></a></li> <li>[fix test] Update tests. <a href="https://github.com/http-party/node-http-proxy/commit/dd1d08b6319d1def729554446a5b0176978a8dad"><code>dd1d08b</code></a></li> <li>[dist] Update dependency ws to v3 [SECURITY] <a href="https://github.com/http-party/node-http-proxy/commit/b00911c93740a00c5cfbacbb91565cb6912ed255"><code>b00911c</code></a></li> <li>[dist] .gitattributes all the things. <a href="https://github.com/http-party/node-http-proxy/commit/fc93520d741ec80be8ae31ca005f3e9c199e330e"><code>fc93520</code></a></li> <li>[dist] Regenerate package-lock.json. <a href="https://github.com/http-party/node-http-proxy/commit/16d4f8a95162b2e2e4ee6657c500f1208c044b2d"><code>16d4f8a</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/http-party/node-http-proxy/commit/9b96cd725127a024dabebec6c7ea8c807272223d"><code>9b96cd7</code></a> 1.18.1</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/335aeeba2f0c286dc89c402eeb76af47834c89a3"><code>335aeeb</code></a> Skip sending the proxyReq event when the expect header is present (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1447">#1447</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/dba39668ba4c9ad461316e834b2d64b77e1ca88e"><code>dba3966</code></a> Remove node6 support, add node12 to build (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1397">#1397</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/9bbe486c5efcc356fb4d189ef38eee275bbde345"><code>9bbe486</code></a> [dist] Version bump. 1.18.0</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/6e4bef4d1cd96e7a284717941e0fc274acbd3712"><code>6e4bef4</code></a> Added in auto-changelog module set to keepachangelog format (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1373">#1373</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/d05624167ce75e860770c13afeacec2ce0f67add"><code>d056241</code></a> fix 'Modify Response' readme section to avoid unnecessary array copying (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1300">#1300</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/244303b994525684e1ec8dff2e8055f89b62b1ee"><code>244303b</code></a> Fix incorrect target name for reverse proxy example (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1135">#1135</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/b4028ba78bc4616e6969e0e66b0fe4634849b68b"><code>b4028ba</code></a> Fix modify response middleware example (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1139">#1139</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/77a98159d2da0f20a03e2819c79662f36069f234"><code>77a9815</code></a> [dist] Update dependency async to v3 (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1359">#1359</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/c662f9ebcd8d623db374dbc7bef231b2b0af0c3a"><code>c662f9e</code></a> Fix path to local http-proxy in examples. (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1072">#1072</a>)</li> <li>Additional commits viewable in <a href="https://github.com/http-party/node-http-proxy/compare/1.17.0...1.18.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+11 -20

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

push eventrap2hpoutre/react-fairy-tale-emoji

dependabot[bot]

commit sha 840bd5cef7db5b09feb060c0df25d8ebde1b6eb0

Bump http-proxy from 1.17.0 to 1.18.1 Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.17.0 to 1.18.1. - [Release notes](https://github.com/http-party/node-http-proxy/releases) - [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md) - [Commits](https://github.com/http-party/node-http-proxy/compare/1.17.0...1.18.1) Signed-off-by: dependabot[bot] <support@github.com>

view details

Raphaël Huchet

commit sha fbae1972277470bcf4ed28b2da0efedd9c132092

Merge pull request #10 from rap2hpoutre/dependabot/npm_and_yarn/http-proxy-1.18.1 Bump http-proxy from 1.17.0 to 1.18.1

view details

push time in a month

PR merged rap2hpoutre/react-fairy-tale-emoji

Bump http-proxy from 1.17.0 to 1.18.1 dependencies

Bumps http-proxy from 1.17.0 to 1.18.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md">http-proxy's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/http-party/node-http-proxy/compare/1.18.0...v1.18.1">v1.18.1</a> - 2020-05-17</h2> <h3>Merged</h3> <ul> <li>Skip sending the proxyReq event when the expect header is present <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1447"><code>#1447</code></a></li> <li>Remove node6 support, add node12 to build <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1397"><code>#1397</code></a></li> </ul> <h2><a href="https://github.com/http-party/node-http-proxy/compare/1.17.0...1.18.0">1.18.0</a> - 2019-09-18</h2> <h3>Merged</h3> <ul> <li>Added in auto-changelog module set to keepachangelog format <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1373"><code>#1373</code></a></li> <li>fix 'Modify Response' readme section to avoid unnecessary array copying <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1300"><code>#1300</code></a></li> <li>Fix incorrect target name for reverse proxy example <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1135"><code>#1135</code></a></li> <li>Fix modify response middleware example <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1139"><code>#1139</code></a></li> <li>[dist] Update dependency async to v3 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1359"><code>#1359</code></a></li> <li>Fix path to local http-proxy in examples. <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1072"><code>#1072</code></a></li> <li>fix reverse-proxy example require path <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1067"><code>#1067</code></a></li> <li>Update README.md <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/970"><code>#970</code></a></li> <li>[dist] Update dependency request to ~2.88.0 [SECURITY] <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1357"><code>#1357</code></a></li> <li>[dist] Update dependency eventemitter3 to v4 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1365"><code>#1365</code></a></li> <li>[dist] Update dependency colors to v1 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1360"><code>#1360</code></a></li> <li>[dist] Update all non-major dependencies <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1356"><code>#1356</code></a></li> <li>[dist] Update dependency agentkeepalive to v4 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1358"><code>#1358</code></a></li> <li>[dist] Update dependency nyc to v14 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1367"><code>#1367</code></a></li> <li>[dist] Update dependency concat-stream to v2 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1363"><code>#1363</code></a></li> <li>x-forwarded-host overwrite for mutli level proxies <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1267"><code>#1267</code></a></li> <li>[refactor doc] Complete rename to http-party org. <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1362"><code>#1362</code></a></li> <li>Highlight correct lines for createProxyServer <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1117"><code>#1117</code></a></li> <li>Fix docs for rewrite options - 201 also handled <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1147"><code>#1147</code></a></li> <li>Update .nyc_output <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1339"><code>#1339</code></a></li> <li>Configure Renovate <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1355"><code>#1355</code></a></li> <li>[examples] Restream body before proxying, support for Content-Type of application/x-www-form-urlencoded <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1264"><code>#1264</code></a></li> </ul> <h3>Commits</h3> <ul> <li>[dist] New test fixtures. <a href="https://github.com/http-party/node-http-proxy/commit/7e4a0e511bc30c059216860153301de2cdd1e97f"><code>7e4a0e5</code></a></li> <li>[dist] End of an era. <a href="https://github.com/http-party/node-http-proxy/commit/a9b09cce43f072db99fb5170030a05536177ccb7"><code>a9b09cc</code></a></li> <li>[dist] Version bump. 1.18.0 <a href="https://github.com/http-party/node-http-proxy/commit/9bbe486c5efcc356fb4d189ef38eee275bbde345"><code>9bbe486</code></a></li> <li>[fix] Latest versions. <a href="https://github.com/http-party/node-http-proxy/commit/59c4403e9dc15ab9b19ee2a3f4aecbfc6c3d94c4"><code>59c4403</code></a></li> <li>[fix test] Update tests. <a href="https://github.com/http-party/node-http-proxy/commit/dd1d08b6319d1def729554446a5b0176978a8dad"><code>dd1d08b</code></a></li> <li>[dist] Update dependency ws to v3 [SECURITY] <a href="https://github.com/http-party/node-http-proxy/commit/b00911c93740a00c5cfbacbb91565cb6912ed255"><code>b00911c</code></a></li> <li>[dist] .gitattributes all the things. <a href="https://github.com/http-party/node-http-proxy/commit/fc93520d741ec80be8ae31ca005f3e9c199e330e"><code>fc93520</code></a></li> <li>[dist] Regenerate package-lock.json. <a href="https://github.com/http-party/node-http-proxy/commit/16d4f8a95162b2e2e4ee6657c500f1208c044b2d"><code>16d4f8a</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/http-party/node-http-proxy/commit/9b96cd725127a024dabebec6c7ea8c807272223d"><code>9b96cd7</code></a> 1.18.1</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/335aeeba2f0c286dc89c402eeb76af47834c89a3"><code>335aeeb</code></a> Skip sending the proxyReq event when the expect header is present (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1447">#1447</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/dba39668ba4c9ad461316e834b2d64b77e1ca88e"><code>dba3966</code></a> Remove node6 support, add node12 to build (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1397">#1397</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/9bbe486c5efcc356fb4d189ef38eee275bbde345"><code>9bbe486</code></a> [dist] Version bump. 1.18.0</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/6e4bef4d1cd96e7a284717941e0fc274acbd3712"><code>6e4bef4</code></a> Added in auto-changelog module set to keepachangelog format (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1373">#1373</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/d05624167ce75e860770c13afeacec2ce0f67add"><code>d056241</code></a> fix 'Modify Response' readme section to avoid unnecessary array copying (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1300">#1300</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/244303b994525684e1ec8dff2e8055f89b62b1ee"><code>244303b</code></a> Fix incorrect target name for reverse proxy example (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1135">#1135</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/b4028ba78bc4616e6969e0e66b0fe4634849b68b"><code>b4028ba</code></a> Fix modify response middleware example (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1139">#1139</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/77a98159d2da0f20a03e2819c79662f36069f234"><code>77a9815</code></a> [dist] Update dependency async to v3 (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1359">#1359</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/c662f9ebcd8d623db374dbc7bef231b2b0af0c3a"><code>c662f9e</code></a> Fix path to local http-proxy in examples. (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1072">#1072</a>)</li> <li>Additional commits viewable in <a href="https://github.com/http-party/node-http-proxy/compare/1.17.0...1.18.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+11 -20

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

push eventrap2hpoutre/pop-noel

dependabot[bot]

commit sha bdc3cf4f3cd061b2066c56dcd36eb66218cff61d

Bump http-proxy from 1.17.0 to 1.18.1 Bumps [http-proxy](https://github.com/http-party/node-http-proxy) from 1.17.0 to 1.18.1. - [Release notes](https://github.com/http-party/node-http-proxy/releases) - [Changelog](https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md) - [Commits](https://github.com/http-party/node-http-proxy/compare/1.17.0...1.18.1) Signed-off-by: dependabot[bot] <support@github.com>

view details

Raphaël Huchet

commit sha 8ed7029edba5b861834929c4283d1b3648fa201a

Merge pull request #9 from rap2hpoutre/dependabot/npm_and_yarn/http-proxy-1.18.1

view details

push time in a month

PR merged rap2hpoutre/pop-noel

Bump http-proxy from 1.17.0 to 1.18.1 dependencies

Bumps http-proxy from 1.17.0 to 1.18.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/http-party/node-http-proxy/blob/master/CHANGELOG.md">http-proxy's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/http-party/node-http-proxy/compare/1.18.0...v1.18.1">v1.18.1</a> - 2020-05-17</h2> <h3>Merged</h3> <ul> <li>Skip sending the proxyReq event when the expect header is present <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1447"><code>#1447</code></a></li> <li>Remove node6 support, add node12 to build <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1397"><code>#1397</code></a></li> </ul> <h2><a href="https://github.com/http-party/node-http-proxy/compare/1.17.0...1.18.0">1.18.0</a> - 2019-09-18</h2> <h3>Merged</h3> <ul> <li>Added in auto-changelog module set to keepachangelog format <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1373"><code>#1373</code></a></li> <li>fix 'Modify Response' readme section to avoid unnecessary array copying <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1300"><code>#1300</code></a></li> <li>Fix incorrect target name for reverse proxy example <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1135"><code>#1135</code></a></li> <li>Fix modify response middleware example <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1139"><code>#1139</code></a></li> <li>[dist] Update dependency async to v3 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1359"><code>#1359</code></a></li> <li>Fix path to local http-proxy in examples. <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1072"><code>#1072</code></a></li> <li>fix reverse-proxy example require path <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1067"><code>#1067</code></a></li> <li>Update README.md <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/970"><code>#970</code></a></li> <li>[dist] Update dependency request to ~2.88.0 [SECURITY] <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1357"><code>#1357</code></a></li> <li>[dist] Update dependency eventemitter3 to v4 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1365"><code>#1365</code></a></li> <li>[dist] Update dependency colors to v1 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1360"><code>#1360</code></a></li> <li>[dist] Update all non-major dependencies <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1356"><code>#1356</code></a></li> <li>[dist] Update dependency agentkeepalive to v4 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1358"><code>#1358</code></a></li> <li>[dist] Update dependency nyc to v14 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1367"><code>#1367</code></a></li> <li>[dist] Update dependency concat-stream to v2 <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1363"><code>#1363</code></a></li> <li>x-forwarded-host overwrite for mutli level proxies <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1267"><code>#1267</code></a></li> <li>[refactor doc] Complete rename to http-party org. <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1362"><code>#1362</code></a></li> <li>Highlight correct lines for createProxyServer <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1117"><code>#1117</code></a></li> <li>Fix docs for rewrite options - 201 also handled <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1147"><code>#1147</code></a></li> <li>Update .nyc_output <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1339"><code>#1339</code></a></li> <li>Configure Renovate <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1355"><code>#1355</code></a></li> <li>[examples] Restream body before proxying, support for Content-Type of application/x-www-form-urlencoded <a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/pull/1264"><code>#1264</code></a></li> </ul> <h3>Commits</h3> <ul> <li>[dist] New test fixtures. <a href="https://github.com/http-party/node-http-proxy/commit/7e4a0e511bc30c059216860153301de2cdd1e97f"><code>7e4a0e5</code></a></li> <li>[dist] End of an era. <a href="https://github.com/http-party/node-http-proxy/commit/a9b09cce43f072db99fb5170030a05536177ccb7"><code>a9b09cc</code></a></li> <li>[dist] Version bump. 1.18.0 <a href="https://github.com/http-party/node-http-proxy/commit/9bbe486c5efcc356fb4d189ef38eee275bbde345"><code>9bbe486</code></a></li> <li>[fix] Latest versions. <a href="https://github.com/http-party/node-http-proxy/commit/59c4403e9dc15ab9b19ee2a3f4aecbfc6c3d94c4"><code>59c4403</code></a></li> <li>[fix test] Update tests. <a href="https://github.com/http-party/node-http-proxy/commit/dd1d08b6319d1def729554446a5b0176978a8dad"><code>dd1d08b</code></a></li> <li>[dist] Update dependency ws to v3 [SECURITY] <a href="https://github.com/http-party/node-http-proxy/commit/b00911c93740a00c5cfbacbb91565cb6912ed255"><code>b00911c</code></a></li> <li>[dist] .gitattributes all the things. <a href="https://github.com/http-party/node-http-proxy/commit/fc93520d741ec80be8ae31ca005f3e9c199e330e"><code>fc93520</code></a></li> <li>[dist] Regenerate package-lock.json. <a href="https://github.com/http-party/node-http-proxy/commit/16d4f8a95162b2e2e4ee6657c500f1208c044b2d"><code>16d4f8a</code></a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/http-party/node-http-proxy/commit/9b96cd725127a024dabebec6c7ea8c807272223d"><code>9b96cd7</code></a> 1.18.1</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/335aeeba2f0c286dc89c402eeb76af47834c89a3"><code>335aeeb</code></a> Skip sending the proxyReq event when the expect header is present (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1447">#1447</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/dba39668ba4c9ad461316e834b2d64b77e1ca88e"><code>dba3966</code></a> Remove node6 support, add node12 to build (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1397">#1397</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/9bbe486c5efcc356fb4d189ef38eee275bbde345"><code>9bbe486</code></a> [dist] Version bump. 1.18.0</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/6e4bef4d1cd96e7a284717941e0fc274acbd3712"><code>6e4bef4</code></a> Added in auto-changelog module set to keepachangelog format (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1373">#1373</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/d05624167ce75e860770c13afeacec2ce0f67add"><code>d056241</code></a> fix 'Modify Response' readme section to avoid unnecessary array copying (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1300">#1300</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/244303b994525684e1ec8dff2e8055f89b62b1ee"><code>244303b</code></a> Fix incorrect target name for reverse proxy example (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1135">#1135</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/b4028ba78bc4616e6969e0e66b0fe4634849b68b"><code>b4028ba</code></a> Fix modify response middleware example (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1139">#1139</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/77a98159d2da0f20a03e2819c79662f36069f234"><code>77a9815</code></a> [dist] Update dependency async to v3 (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1359">#1359</a>)</li> <li><a href="https://github.com/http-party/node-http-proxy/commit/c662f9ebcd8d623db374dbc7bef231b2b0af0c3a"><code>c662f9e</code></a> Fix path to local http-proxy in examples. (<a href="https://github-redirect.dependabot.com/http-party/node-http-proxy/issues/1072">#1072</a>)</li> <li>Additional commits viewable in <a href="https://github.com/http-party/node-http-proxy/compare/1.17.0...1.18.1">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+11 -20

0 comment

1 changed file

dependabot[bot]

pr closed time in a month

pull request commentrap2hpoutre/fast-excel

Adding new advanced usage of header styles in Readme.md

Resolved via https://github.com/rap2hpoutre/fast-excel/pull/181 (anyway thank you and sorry for delay!)

elminson

comment created time in a month

issue commentrap2hpoutre/fast-excel

ErrorException fopen(/var/www/html/laravel7/storage/app/reports/rides_list/2020-05.csv): failed to open stream: No such file or directory

Hi @carlosh1989 Thank you for your feedback! Does the folder already exist? It should exist before creating the file.

carlosh1989

comment created time in a month

issue commentrap2hpoutre/fast-excel

set number to numericvalue

Hi @zieru Thank you for your feedback. What version do you use? It seems the problem has been resolved in v2. Could you try to update to latest version?

Source: https://github.com/rap2hpoutre/fast-excel/pull/166 & https://github.com/rap2hpoutre/fast-excel/issues/170

zieru

comment created time in a month

issue commentrap2hpoutre/fast-excel

Laravel 5.3 isn't actually Supported fully

Thank you for your feedback!

Available in v2.1.0

jacobjlandry

comment created time in a month

created tagrap2hpoutre/fast-excel

tagv2.1.0

🦉 Fast Excel import/export for Laravel

created time in a month

release rap2hpoutre/fast-excel

v2.1.0

released time in a month

push eventrap2hpoutre/fast-excel

Raphaël Huchet

commit sha 9ab558d30ceb10996663eff7cbfc81b4724c8378

Update README.md (#181)

view details

push time in a month

PR merged rap2hpoutre/fast-excel

Update README.md

See: https://github.com/rap2hpoutre/fast-excel/pull/177

+19 -0

0 comment

1 changed file

rap2hpoutre

pr closed time in a month

push eventrap2hpoutre/fast-excel

Raphaël Huchet

commit sha ca4441bf74d58887e9e96f8467492c33b8ed8bfc

Update fastexcel.php (#179)

view details

push time in a month

PR merged rap2hpoutre/fast-excel

Update fastexcel.php

Fix https://github.com/rap2hpoutre/fast-excel/issues/175

+1 -1

0 comment

1 changed file

rap2hpoutre

pr closed time in a month

issue closedrap2hpoutre/fast-excel

Laravel 5.3 isn't actually Supported fully

This library uses a helper function "blank()" that isn't included until Laravel 5.5 The composer allows support as low as Laravel 5.3, however. Anyone using 5.3 or 5.4 will receive an error that "blank()" does not exist until they create it themselves.

Can you include the "blank" function with the library or provide an alternative for lower versioned platforms that you support?

**
 * Determine if the given value is "blank".
 *
 * @param  mixed  $value
 * @return bool
 */
function blank($value)
{
    if (is_null($value)) {
        return true;
    }

    if (is_string($value)) {
        return trim($value) === '';
    }

    if (is_numeric($value) || is_bool($value)) {
        return false;
    }

    if ($value instanceof Countable) {
        return count($value) === 0;
    }

    return empty($value);
}

closed time in a month

jacobjlandry

push eventrap2hpoutre/fast-excel

Raphaël Huchet

commit sha 867447182424d525147761c5cab2c7385e90c3ee

Apply fixes from StyleCI (#180)

view details

push time in a month

more