DEV Community

Jesse Chong
Jesse Chong

Posted on • Originally published at Medium

GitHub’s Security Scanner & Conventional Commits — A Developer’s Journey

🪞 Reflecting on GitHub Security: Received a high-severity security alert from GitHub about a vulnerability in http-proxy-middleware affecting one of my portfolio repositories. GitHub’s Dependabot automatically detected this issue (CVE-2024–21536) in my dependencies.

📈 Quick Overview:

  • Security alert identified in yarn.lock file
  • Vulnerability found in http-proxy-middleware package
  • Automated detection by GitHub’s security scanning system
  • Implementation of conventional commits for better version control
    🗝️ Key Takeaways:

  • GitHub actively scans repositories for vulnerabilities

  • Automated security alerts help maintain project safety

  • Importance of regular dependency maintenance

  • Conventional commits improve code collaboration and readability
    💡Response & Resolution:

  1. Reviewed the security advisory details
  2. Updated the affected dependency with commit message: fix: 🐛 Patch security vulnerability Denial of service in http-proxy-middleware High severity http-proxy-middleware
  3. Verified the fix was successfully implemented 🚀 Embracing Conventional Commits: Since May, I’ve adopted conventional commits to standardize my commit messages. Here’s how I structure them:
  • feat: for new features
  • fix: for bug fixes
  • docs: for documentation changes
  • style: for formatting changes
  • refactor: for code restructuring
  • test: for adding missing tests
  • chore: for maintenance tasks I also use a vscode extension that makes it easy to write a conventional commit from my code editor.

🌟 Reflection: These experiences highlighted two crucial aspects of modern development: security automation and clear communication through commits. GitHub’s security features keep our projects secure, while conventional commits make our development history more meaningful and easier to track. Using conventional commits has made my version control more professional and easier to maintain.

Github Docs: https://docs.github.com/en/code-security/dependabot/dependabot-alerts

Conventional Commits Docs: https://platform.uno/docs/articles/uno-development/git-conventional-commits.html

Security Fix Repo: https://github.com/Jesse-Chong/react-tailwindcss-portfolio-website

Thank you for reading! I’d love to hear your thoughts.

Originally published at Medium

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay