Dustin Decker
Dustin Decker
## Steps to reproduce the problem 1. Deploy cla-assistant v2.12.0 with `GITHUB_ADMIN_USERS` set 2. Attempt to sign in as one of the `GITHUB_ADMIN_USERS` 3. Observe auth redirect loop until this...
Adds a test case to gitparse that caused a panic which was fixed by #1570
The current command does not work with newer versions of Go: ``` go get github.com/genuinetools/pepper go: go.mod file not found in current directory or any parent directory. 'go get' is...
Updated installation command for modern versions of Go and updated golang.org/x/sys so it can build for Darwin ARM64 on Go 1.18+ https://stackoverflow.com/questions/71507321/go-1-18-build-error-on-mac-unix-syscall-darwin-1-13-go253-golinkname-mus
Adds a sleep option for buffered retries. Defaults to 0s which preserves backwards compatibility. This is useful for not dropping requests in between deploys that have small downtimes. Signed-off-by: Dustin...
Posting here >90 days after notifying the author. The auth in BreakGlass appears to only decode the JWT and use the values as-is with no validation. This means a user...
Requiring a second user to approve escalation can help prevent abuse by bad actors, and increases awareness of escalation actions.
Linking the audit logs, filtered for the user for the escalation timeframe will make it easy to see what operations have been performed.