DEV Community

Jesse Chong
Jesse Chong

Posted on • Originally published at Medium

GitHub’s Security Scanner & Conventional Commits — A Developer’s Journey

🪞 Reflecting on GitHub Security: Received a high-severity security alert from GitHub about a vulnerability in http-proxy-middleware affecting one of my portfolio repositories. GitHub’s Dependabot automatically detected this issue (CVE-2024–21536) in my dependencies.

📈 Quick Overview:

  • Security alert identified in yarn.lock file
  • Vulnerability found in http-proxy-middleware package
  • Automated detection by GitHub’s security scanning system
  • Implementation of conventional commits for better version control
    🗝️ Key Takeaways:

  • GitHub actively scans repositories for vulnerabilities

  • Automated security alerts help maintain project safety

  • Importance of regular dependency maintenance

  • Conventional commits improve code collaboration and readability
    💡Response & Resolution:

  1. Reviewed the security advisory details
  2. Updated the affected dependency with commit message: fix: 🐛 Patch security vulnerability Denial of service in http-proxy-middleware High severity http-proxy-middleware
  3. Verified the fix was successfully implemented 🚀 Embracing Conventional Commits: Since May, I’ve adopted conventional commits to standardize my commit messages. Here’s how I structure them:
  • feat: for new features
  • fix: for bug fixes
  • docs: for documentation changes
  • style: for formatting changes
  • refactor: for code restructuring
  • test: for adding missing tests
  • chore: for maintenance tasks I also use a vscode extension that makes it easy to write a conventional commit from my code editor.

🌟 Reflection: These experiences highlighted two crucial aspects of modern development: security automation and clear communication through commits. GitHub’s security features keep our projects secure, while conventional commits make our development history more meaningful and easier to track. Using conventional commits has made my version control more professional and easier to maintain.

Github Docs: https://docs.github.com/en/code-security/dependabot/dependabot-alerts

Conventional Commits Docs: https://platform.uno/docs/articles/uno-development/git-conventional-commits.html

Security Fix Repo: https://github.com/Jesse-Chong/react-tailwindcss-portfolio-website

Thank you for reading! I’d love to hear your thoughts.

Originally published at Medium

Top comments (0)