Merge pull request #90 from neonexus/master

Updated GitHub CodeQL config. Fixed npm audit issues. Updated dependencies.

Author: neonexus

.github/workflows/codeql-analysis.yml renamed to .github/workflows/codeql.yml

@@ -4,19 +4,14 @@
 # You may wish to alter this file to override the set of languages analyzed,
 # or to provide custom queries or build logic.
 #
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
 name: "CodeQL"
 
 on:
     push:
-        branches: [ release ]
+        branches: [ "release", "master" ]
     pull_request:
         # The branches below must be a subset of the branches above
-        branches: [ release ]
+        branches: [ "release", "master" ]
     schedule:
         - cron: '38 4 * * 5'
 
@@ -39,11 +34,11 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v2
+              uses: actions/checkout@v3
 
             # Initializes the CodeQL tools for scanning.
             - name: Initialize CodeQL
-              uses: github/codeql-action/init@v1
+              uses: github/codeql-action/init@v2
               with:
                   languages: ${{ matrix.language }}
                   # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,19 +48,21 @@ jobs:
 
             # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
             # If this step fails, then you should remove it and run the build manually (see below)
-            - name: Autobuild
-              uses: github/codeql-action/autobuild@v1
+            # - name: Autobuild
+            #  uses: github/codeql-action/autobuild@v1
 
             # ℹ️ Command-line programs to run using the OS shell.
-            # 📚 https://git.io/JvXDl
+            # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-            # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-            #    and modify them (or add more) to build your code if your project
-            #    uses a compiled language
+            #   If the Autobuild fails above, remove it and uncomment the following three lines.
+            #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
 
-            #- run: |
-            #   make bootstrap
-            #   make release
+            # - run: |
+            #     echo "Run, Build Application using script"
+            #     ./location_of_script_within_repo/buildscript.sh
 
             - name: Perform CodeQL Analysis
-              uses: github/codeql-action/analyze@v1
+              uses: github/codeql-action/analyze@v2
+              with:
+                 category: "/language:${{matrix.language}}"
+

.travis.yml

@@ -1,5 +1,6 @@
+dist: focal
 language: node_js
-node_js: '16'
+node_js: '18'
 services: mysql
 before_install:
     - mysql -e 'CREATE DATABASE IF NOT EXISTS testing;'

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## [v4.0.1](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v4.0.0...v4.0.1) (2023-02-19)
+### Features
+
+* Updated GitHub CodeQL config.
+* Regenerated package-lock.json to use version 3.
+* Manually updated package-lock.json to clear `npm audit` issues.
+* Updated dependencies.
+* Updated Node min requirement to 18.14.
+
 ## [v4.0.0](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v3.2.1...v4.0.0) (2023-02-11)
 
 ### Features
@@ -20,7 +29,7 @@
 ### Features
 
 * Built out PnwedPasswords.com (HaveIBeenPwned.com) API functionality into `is-password-valid` helper.
-  * Can be disabled in [config/security.js](config/security.js).
+* Can be disabled in [config/security.js](config/security.js).
 * FINALLY removed the usage of `res._headers`, so no more annoying deprecation message.
 * Simplified stored session data.
 * Updated dependencies.

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:18.12
+FROM node:18.14
 MAINTAINER NeoNexus DeMortis
 
 RUN apt-get update && apt-get upgrade -y

README.md

@@ -42,10 +42,10 @@ See the [`package.json` for more details](package.json).
 This repo is not installable via `npm`. Instead, GitHub provides a handy "Use this template" (green) button at the top of this page. That will create a special fork of this repo (so there is a single, init commit, instead of the commit history from this repo).
 
 ### Configuration
-In the `config` folder, there is the `local.js.sample` file, which is meant to be copied to `local.js`. This file (`local.js` not the sample) is ignored by Git, and intended for use in local development, NOT remote servers. Generally one would use environment variables for remote server configuration (and this repo is already setup to handle environment variable configuration for both DEV and PROD). See: [config/env/development.js](config/env/development.js) and [config/env/production.js](config/env/production.js).
+In the `config` folder, there is the [`local.js.sample`](config/local.js.sample) file, which is meant to be copied to `local.js`. This file (`local.js`, not the sample) is ignored by Git, and intended for use in local development, NOT remote servers. Generally one would use environment variables for remote server configuration (and this repo is already setup to handle environment variable configuration for both DEV and PROD). See: [config/env/development.js](config/env/development.js) and [config/env/production.js](config/env/production.js).
 
 #### Want to configure the "X-Powered-By" header?
-Sails, by default, has middleware (akin to [Express.js Middleware](https://expressjs.com/en/guide/using-middleware.html), Sails is built on Express.js after all...). Inside of [`config/http.js`](config/http.js) we disable the default middleware, and create our own `X-Powered-By` header, using Express.js Middleware.
+Sails, by default, has middleware (akin to [Express.js Middleware](https://expressjs.com/en/guide/using-middleware.html), Sails is built on Express.js after all...). Inside of [`config/http.js`](config/http.js) we create our own `X-Powered-By` header, using Express.js Middleware.
 
 ### Scripts built into [`package.json`](package.json):
 

config/http.js

@@ -42,9 +42,6 @@ module.exports.http = {
         ],
 
         customPoweredBy: (req, res, next) => {
-            // disable the default "X-Powered-By" middleware
-            sails.hooks.http.app.disable('x-powered-by');
-
             // set our own custom "X-Powered-By" header
             res.set('X-Powered-By', 'Awesome Sauce');