Skip to content

feat: upgrades to diagnostic and node#10282

Open
runspired wants to merge 1 commit intomainfrom
holodeck-upgrade
Open

feat: upgrades to diagnostic and node#10282
runspired wants to merge 1 commit intomainfrom
holodeck-upgrade

Conversation

@runspired
Copy link
Contributor

@runspired runspired commented Aug 23, 2025

No description provided.

@runspired runspired added 🎯 canary PR is targeting canary (default) 🏷️ chore This PR primarily refactors code or updates dependencies labels Aug 23, 2025
@github-project-automation github-project-automation bot moved this to needs triage in EmberData Aug 23, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 5, 2025
View reviewed changes
packages/diagnostic/server/src/-private/serve/fetch.ts

// Create an agent that can negotiate both HTTP/1.1 and HTTP/2
const httpsAgent = new Agent({
rejectUnauthorized: false, // For development with self-signed certs

Check failure

Code scanning / CodeQL

Disabling certificate validation

Disabling certificate validation is strongly discouraged.

Copilot Autofix

AI 5 months ago

To fix this problem, ensure rejectUnauthorized is not set to false when creating the HTTPS agent. The best way is to set it to true (the default) or omit it entirely unless you have a robust mechanism to only disable certificate validation during development/testing (e.g., based on process.env.NODE_ENV). For maximum safety and minimum code change, replace rejectUnauthorized: false with rejectUnauthorized: true. If development with self-signed certificates is needed, provide a secure and explicit way for users to opt-in only during development (not shown in current code), but the sample only allows updating the flag. All changes are in packages/diagnostic/server/src/-private/serve/fetch.ts, lines 15–18.

Suggested changeset 1
packages/diagnostic/server/src/-private/serve/fetch.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/diagnostic/server/src/-private/serve/fetch.ts b/packages/diagnostic/server/src/-private/serve/fetch.ts
--- a/packages/diagnostic/server/src/-private/serve/fetch.ts
+++ b/packages/diagnostic/server/src/-private/serve/fetch.ts
@@ -13,7 +13,7 @@
 
 // Create an agent that can negotiate both HTTP/1.1 and HTTP/2
 const httpsAgent = new Agent({
-  rejectUnauthorized: false, // For development with self-signed certs
+  rejectUnauthorized: true, // Certificate validation enabled
   ALPNProtocols: ['http/1.1', 'h2'], // Try HTTP/1.1 first, then HTTP/2
 });
 
EOF
@@ -13,7 +13,7 @@

// Create an agent that can negotiate both HTTP/1.1 and HTTP/2
const httpsAgent = new Agent({
rejectUnauthorized: false, // For development with self-signed certs
rejectUnauthorized: true, // Certificate validation enabled
ALPNProtocols: ['http/1.1', 'h2'], // Try HTTP/1.1 first, then HTTP/2
});

Copilot is powered by AI and may make mistakes. Always verify output.
This was referenced Sep 10, 2025
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

🎯 canary PR is targeting canary (default) 🏷️ chore This PR primarily refactors code or updates dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@runspired