nextauthjs
chore(test): re-enable nextjs-docker tests
☕️ Reasoning
- Re-enable the
Run E2E tests (Nextjs-Docker)test- Have to build one of our apps into the container
- This requires adding the
Credentialsprovider, but we don't want it in the deployed example, so it has to be filtered out via Env var, for example.
- The normal
Run E2E testsjob (running playwright in the GHA container directly against the dev app in the container), seems to be stable and passing every time
Todo
For some reason, the example app in the container is throwing configuration errors when trying to visit /auth/signin directly (for example). Works fine locally (when built into a container).
See example playwright trace.zip, which can be viewed at https://trace.playwright.dev
🧢 Checklist
- [ ] Documentation
- [ ] Tests
- [ ] Ready to be merged
🎫 Affected issues
📌 Resources
The latest updates on your projects. Learn more about Vercel for Git ↗︎
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| auth-docs | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | May 10, 2024 4:19pm |
2 Ignored Deployments
| Name | Status | Preview | Comments | Updated (UTC) |
|---|---|---|---|---|
| next-auth-docs | ⬜️ Ignored (Inspect) | Visit Preview | May 10, 2024 4:19pm | |
| proxy | ⬜️ Ignored (Inspect) | Visit Preview | May 10, 2024 4:19pm |
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 37.51%. Comparing base (
5e55331) to head (efb4da4). Report is 381 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #10863 +/- ##
=======================================
Coverage 37.51% 37.51%
=======================================
Files 173 173
Lines 26983 26983
Branches 1176 1176
=======================================
Hits 10122 10122
Misses 16861 16861
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@actions/[email protected], npm/@ariakit/[email protected], npm/@auth/[email protected], npm/@auth/[email protected], npm/@aws-sdk/[email protected], npm/@aws-sdk/[email protected], npm/@azure/[email protected], npm/[email protected]
![socket-security[bot] avatar](https://avatars.githubusercontent.com/in/156372?v=4 "Published by a pub.dev verified publisher"){kind=small}
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎
To accept the risk, merge this PR and you will not be notified again.
| Alert | Package | Note | Source |
|---|---|---|---|
| Install scripts | npm/[email protected] |
| |
| Install scripts | npm/@sveltejs/[email protected] |
|
Next steps
What is an install script?
Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
Take a deeper look at the dependency
Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.
Remove the package
If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.
Mark a package as acceptable risk
To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all
@SocketSecurity ignore npm/[email protected]@SocketSecurity ignore npm/@sveltejs/[email protected]