Update comment message, add test case, fix vulnerablities#4937
Open
lukaszgryglicki wants to merge 2 commits intomainfrom
Open
Update comment message, add test case, fix vulnerablities#4937lukaszgryglicki wants to merge 2 commits intomainfrom
lukaszgryglicki wants to merge 2 commits intomainfrom
Conversation
Signed-off-by: Lukasz Gryglicki <lgryglicki@cncf.io>
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Comment |
lukaszgryglicki
requested review from
ahmedomosanya,
jarias-lfx and
mlehotskylf
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request updates dependency locks/overrides to address vulnerability findings, expands/aligns API route sanitization logic across multiple helper tools and services, and reduces sensitive details in backend logging/error paths.
Changes:
- Add/extend route sanitization patterns (Swagger resource collapsing,
undefined, specific route patterns) across Python/Go utilities and backend telemetry. - Introduce a new Datadog “aggregate API” script for faster per-route usage reporting, plus an optional
--sanitize-routesflag in the existing script. - Update dependency versions/lockfiles and tighten logging/error messages to avoid leaking details.
Reviewed changes
Copilot reviewed 19 out of 27 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| yarn.lock | Updates JS dependency resolutions/URLs and bumps some transitive versions. |
| utils/otel_dd/api_usage_stats_ddog.py | Adds optional client-side route sanitization and CLI flag. |
| utils/otel_dd/api_usage_stats_ddog_aggregate.py | New aggregate-mode Datadog usage stats script with optional sanitization and concurrency. |
| utils/otel_dd_py/otel_dd.py | Extends local sanitizer patterns to match backend templating. |
| utils/otel_dd_go/otel_dd.go | Extends local sanitizer patterns to match backend templating. |
| utils/count_apis.sh | Aligns offline log route normalization rules with backend/OTel templating. |
| tests/rest/package.json | Upgrades newman and switches dependency pin mechanism to overrides. |
| tests/functional/yarn.lock | Updates lockfile entries as part of dependency refresh. |
| package.json | Adds explicit deps for minimatch/validator (likely for audit remediation). |
| package-lock.json | New npm lockfile capturing resolved dependency graph for the root package. |
| cla-backend/yarn.lock | Updates backend JS lockfile entries (e.g., tar/simple-git adjustments). |
| cla-backend/requirements.txt | Bumps Python cryptography version. |
| cla-backend/package.json | Updates tar version constraint. |
| cla-backend/cla/utils.py | Reduces sensitive logging, adjusts GitLab member lookup error handling, and hardens PR-number extraction. |
| cla-backend/cla/tests/unit/test_user_commit_summary.py | Updates unit test expectation for new co-author guidance text. |
| cla-backend/cla/routes.py | Aligns backend route sanitizer with updated templating patterns and fixes numeric-id masking loop. |
| cla-backend/cla/models/github_models.py | Reduces sensitive logging and makes OAuth/session handling more robust. |
| cla-backend-go/yarn.lock | Updates Go backend JS lockfile entries (tar/simple-git/debug changes). |
| cla-backend-go/v2/sign/jwt.go | Migrates JWT import to github.com/golang-jwt/jwt/v4. |
| cla-backend-go/telemetry/datadog_otlp.go | Aligns HTTP route sanitization with updated templating patterns. |
| cla-backend-go/package.json | Updates simple-git resolution and tar resolution constraints. |
| cla-backend-go/go.sum | Refreshes sums after JWT module/version updates. |
| cla-backend-go/go.mod | Adds toolchain directive and updates JWT + otel trace requirement classification. |
| cla-backend-go/github/github_repository.go | Adds co-author removal guidance to comment template text. |
| cla-backend-go/github/github_repository_test.go | Adds tests covering new co-author removal guidance behavior. |
| .gitignore | Ignores additional build artifacts (Go binaries, bin/*, api usage CSV patterns). |
Files not reviewed (1)
- tests/rest/package-lock.json: Language not supported
Signed-off-by: Lukasz Gryglicki <lgryglicki@cncf.io> Assisted by [OpenAI](https://platform.openai.com/) Assisted by [GitHub Copilot](https://github.com/features/copilot)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Lukasz Gryglicki lgryglicki@cncf.io
Assisted by OpenAI
Assisted by GitHub Copilot