throw when attempting to overwrite actions, roles or entities#13
Open
markstos wants to merge 2 commits intotschaub:masterfrom
Open
throw when attempting to overwrite actions, roles or entities#13markstos wants to merge 2 commits intotschaub:masterfrom
markstos wants to merge 2 commits intotschaub:masterfrom
Conversation
This addresses several deprecations and vulns in the dependency chain.
… entities. This prevents accidentally overwriting authorization rules with weaker rules. Such an accident becomes more likely as apps grow in size and could lead to an security vulnerability. Fixes tschaub#11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This fixes #11. It is a breaking change, although anyone overwriting their actions, roles or entities was possibility dong it by mistake and may have been introduced a security vuln that way. In those cases, trying this breaking this release will help them find and fix those dangerous cases.
Users doing the more sensible thing of that overwriting their actions, roles or entities are not affected.
A maintenance commit is included which upgrades deps to address deprecations and vulns.