Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: use standalone ajv validation for model introspection schema #807

Merged
merged 2 commits into from
Apr 12, 2024

Conversation

AaronZyLee
Copy link
Contributor

@AaronZyLee AaronZyLee commented Apr 9, 2024

Description of changes

The direct Ajv dependency uses a a browser-unsafe eval which will cause a CSP(Content Security Policy) error during runtime. To resolve the issue, the following changes are made:

  • Ajv is removed from dependency but added in dev dependency
  • Use the standalone validation code generated by the Ajv library as suggested by the documentation to avoid the unsafe-val method to be used in browser.

Codegen Paramaters Changed or Added

Issue #, if available

Description of how you validated changes

Unit & E2E tests

Checklist

  • PR description included
  • yarn test passes
  • Tests are changed or added
  • Relevant documentation is changed or added (and PR referenced)
  • Breaking changes to existing customers are released behind a feature flag or major version update
  • Changes are tested using sample applications for all relevant platforms (iOS/android/flutter/Javascript) that use the feature added/modified
  • Changes are tested on windows. Some Node functions (such as path) behave differently on windows.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@AaronZyLee AaronZyLee requested a review from a team as a code owner April 9, 2024 22:50
@AaronZyLee AaronZyLee marked this pull request as draft April 9, 2024 22:50
@AaronZyLee AaronZyLee marked this pull request as ready for review April 11, 2024 16:46
Copy link
Contributor Author

@AaronZyLee AaronZyLee Apr 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file is the standalone validation code auto-generated by the Ajv library

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AaronZyLee AaronZyLee merged commit 9f55941 into main Apr 12, 2024
4 checks passed
@AaronZyLee AaronZyLee deleted the resolve-ajv branch April 12, 2024 19:20
AaronZyLee added a commit that referenced this pull request Apr 17, 2024
* build(deps): bump tar from 6.2.0 to 6.2.1

Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.0 to 6.2.1.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.2.0...v6.2.1)

---
updated-dependencies:
- dependency-name: tar
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix: use standalone ajv validation for model introspection schema (#807)

* fix: use standalone ajv validation for model introspection schema

* test: add unit tests for validator

* fix: missing targetNames in hasOne reference

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dane Pilcher <dppilche@amazon.com>
@dpilch dpilch mentioned this pull request Apr 25, 2024
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants