DEV Community

Jesse Chong
Jesse Chong

Posted on • Originally published at Medium

GitHub’s Security Scanner & Conventional Commits — A Developer’s Journey

🪞 Reflecting on GitHub Security: Received a high-severity security alert from GitHub about a vulnerability in http-proxy-middleware affecting one of my portfolio repositories. GitHub’s Dependabot automatically detected this issue (CVE-2024–21536) in my dependencies.

📈 Quick Overview:

  • Security alert identified in yarn.lock file
  • Vulnerability found in http-proxy-middleware package
  • Automated detection by GitHub’s security scanning system
  • Implementation of conventional commits for better version control
    🗝️ Key Takeaways:

  • GitHub actively scans repositories for vulnerabilities

  • Automated security alerts help maintain project safety

  • Importance of regular dependency maintenance

  • Conventional commits improve code collaboration and readability
    💡Response & Resolution:

  1. Reviewed the security advisory details
  2. Updated the affected dependency with commit message: fix: 🐛 Patch security vulnerability Denial of service in http-proxy-middleware High severity http-proxy-middleware
  3. Verified the fix was successfully implemented 🚀 Embracing Conventional Commits: Since May, I’ve adopted conventional commits to standardize my commit messages. Here’s how I structure them:
  • feat: for new features
  • fix: for bug fixes
  • docs: for documentation changes
  • style: for formatting changes
  • refactor: for code restructuring
  • test: for adding missing tests
  • chore: for maintenance tasks I also use a vscode extension that makes it easy to write a conventional commit from my code editor.

🌟 Reflection: These experiences highlighted two crucial aspects of modern development: security automation and clear communication through commits. GitHub’s security features keep our projects secure, while conventional commits make our development history more meaningful and easier to track. Using conventional commits has made my version control more professional and easier to maintain.

Github Docs: https://docs.github.com/en/code-security/dependabot/dependabot-alerts

Conventional Commits Docs: https://platform.uno/docs/articles/uno-development/git-conventional-commits.html

Security Fix Repo: https://github.com/Jesse-Chong/react-tailwindcss-portfolio-website

Thank you for reading! I’d love to hear your thoughts.

Originally published at Medium

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

👋 Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay