I have been doing quite a lot of work in the last week for the dashboard repo, but it seems I have (by accident) pushed some stuff to my main branch. Now the main branch is two commits ahead of the dashboard project:
Does anybody know how I can fix this? Because when I create now a new branch, the pull request also shows extra changed files
First I was 3 commits ahead, but I managed to get rid of that by a git reset --hard 01e71c66cd33675f93d654853b87aa3016718a17 command.
But that fails for my other two commits:
xxx@yyy:~/node-red-dashboard/nodes/config $ git revert 01e71c66cd33675f93d654853b87aa3016718a17
error: commit 01e71c66cd33675f93d654853b87aa3016718a17 is a merge but no -m option was given.
fatal: revert failed
Not sure which parent commit I need to supply at the -m option. I found some answers on the web about cherry picking commits, but I am afraid that I might perhaps break my pull requests or so... Would be very nice if somebody could get me back on track, so I can create a new pull request!
Yes, that's what I had in mind. As for security checks, I ALWAYS now implement those on any new repo, supply-chain attacks are too common now to ignore this.
Not forgetting Dependabot to check your dependency chain.
I also have "Socket Security" integrated. This is a GitHub connected cloud service so you go to their web site and connect to your GitHub. It is widely used in security circles.
Agreed. Though you can control it quite well with its comment reply system. I also restricted it a bit more on uibuilder due to the number of dev dependencies.
Yes, use that too. Of course, you can't always do anything realistic about deep dependencies.
One thing it has made me do though is to work harder to reduce live dependencies. I will generally not use a dependency any more if I can help it. For example, I used to use dependencies for all sorts of utility processing but I don't do that any more. Copilot really helps there as well since it will generally give me just the utility code I need.
I tried Deepscan once, and it highlighted the potential for Javascript Injection, where the user supplied value, was later read out of the database and used Server Side.
The value was berried deep, later in my logic.
Since then started using it, and thought it was awesome!
I won't get to off-topic from here - but then, I'm speaking to a Mod