Skip to content

Documenting false_secrets in pubspec.yaml #3409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mit-mit merged 5 commits into from
Dec 8, 2021
Merged

Documenting false_secrets in pubspec.yaml #3409

mit-mit merged 5 commits into from
Dec 8, 2021

Conversation

@jonasfj
Copy link
Member

@jonasfj jonasfj commented Jul 21, 2021
edited
Loading

Implementation on pub client: dart-lang/pub#3049.

Many of the patterns and heuristics for detection of leaks are adopted from How Bad Can It Git? and awslabs/git-secrets.
We could perhaps consider mentioning these in the documentation, to help people better understand what kind of heuristics is employed for leak detection.

This won't ship until Dart 2.15, I'm not planning to sneak in new features right before the window closes.

@google-cla google-cla bot added the cla: yes Contributor has signed the Contributor License Agreement label Jul 21, 2021
jonasfj
jonasfj commented Jul 21, 2021
View reviewed changes
@parlough parlough added the t.cli-tools Relates to the dart command line tools label Jul 21, 2021
@jonasfj jonasfj marked this pull request as ready for review July 27, 2021 14:05
@jonasfj jonasfj changed the title Documenting false_leaks in pubspec.yaml Documenting false_secrets in pubspec.yaml Jul 27, 2021
@jonasfj jonasfj mentioned this pull request Jul 27, 2021
Merged
sigurdm
sigurdm approved these changes Aug 31, 2021
View reviewed changes
Copy link
Contributor

@sigurdm sigurdm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

sigurdm
sigurdm reviewed Aug 31, 2021
View reviewed changes
@kwalrath kwalrath added this to the Future milestone Sep 2, 2021
@kwalrath kwalrath added the st.blocked Issue cannot continue until another action completes label Sep 2, 2021
@kwalrath kwalrath modified the milestones: Future, Next stable release Sep 8, 2021
@ditman ditman mentioned this pull request Sep 21, 2021
Closed
kwalrath
kwalrath reviewed Dec 7, 2021
View reviewed changes
@kwalrath
Copy edit
d15158e 
General copy edit and changes to match our style. Also... this page was missing a description for some reason!
kwalrath
kwalrath approved these changes Dec 8, 2021
View reviewed changes
Copy link
Contributor

@kwalrath kwalrath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. @jonasfj are my changes all right by you?

@kwalrath
Copy link
Contributor

kwalrath commented Dec 8, 2021

Staged: https://dartlang-org-staging-0.web.app/tools/pub/pubspec#false_secrets

This page had some changes, so I staged the merged version (a clean merge).

@jonasfj
Copy link
Member Author

jonasfj commented Dec 8, 2021

@jonasfj are my changes all right by you?

Yeah, this looks great :D

mit-mit
mit-mit reviewed Dec 8, 2021
View reviewed changes
src/tools/pub/pubspec.md
Leak detection isn't perfect.
To avoid false positives,
you can tell pub not to search for leaks in certain files,
using [`gitignore` patterns][] under
Copy link
Member

@mit-mit mit-mit Dec 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest changing:

"you can tell pub not to search for leaks in certain files,
using [gitignore patterns][]"

To:

"you can tell pub not to search for leaks in certain files,
by creating an allowlist
using [gitignore patterns][]"

Copy link
Member

@mit-mit mit-mit Dec 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jonasfj WDYT?

Copy link
Member

@mit-mit mit-mit Dec 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll send a separate PR for that potential change

Copy link
Member

@mit-mit mit-mit Dec 8, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#3704

@mit-mit mit-mit merged commit 01efc16 into dart-lang:master Dec 8, 2021
@mit-mit mit-mit removed the st.blocked Issue cannot continue until another action completes label Dec 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sigurdm sigurdm sigurdm approved these changes

@mit-mit mit-mit mit-mit left review comments

+1 more reviewer

@kwalrath kwalrath kwalrath approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla: yes Contributor has signed the Contributor License Agreement t.cli-tools Relates to the dart command line tools

Projects

None yet

Milestone

Previous Release

Development

Successfully merging this pull request may close these issues.

6 participants

@jonasfj @kwalrath @sigurdm @mit-mit @atsansone @parlough