-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Credential scanning tool flags shipped private key #32146
Comments
I believe this is about https://github.com/microsoft/playwright/tree/main/packages/playwright-core/bin/socks-certs and the credential scanning tool is checking for accidental certificates. |
Certificates are a part of the package by design. Those are self-signed certificates for internal needs, so they should not be considered a secret. Please feel free to add them to the allow-list. Having said that we understand this could be an inconvenience to the users that are not interested in the feature that these certificates enable, so we'll consider removing them and offering users to generate certificates during the build process should they need them. |
Thank you for your answer! Since they are intended to be shipped, we can add them to the allow-list. Let us know what the consensus is on removing them! |
This should be fixed in v1.46.1 by #32192. |
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | devDependencies | patch | [`1.46.0` -> `1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.46.0/1.46.1) | | [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | devDependencies | minor | [`1.45.3` -> `1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.45.3/1.46.1) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>microsoft/playwright (@​playwright/test)</summary> ### [`v1.46.1`](https://togithub.com/microsoft/playwright/releases/tag/v1.46.1) [Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1) ##### Highlights [https://github.com/microsoft/playwright/issues/32004](https://togithub.com/microsoft/playwright/issues/32004) - \[REGRESSION]: Client Certificates don't work with Microsoft IIS[https://github.com/microsoft/playwright/issues/32004](https://togithub.com/microsoft/playwright/issues/32004)4 - \[REGRESSION]: Websites stall on TLS handshake errors when using Client Certificate[https://github.com/microsoft/playwright/issues/32146](https://togithub.com/microsoft/playwright/issues/32146)46 - \[BUG]: Credential scanners warn about internal socks-proxy TLS certificat[https://github.com/microsoft/playwright/issues/32056](https://togithub.com/microsoft/playwright/issues/32056)056 - \[REGRESSION]: 1.46.0 (TypeScript) - custom fixtures extend no longer chaina[https://github.com/microsoft/playwright/issues/32070](https://togithub.com/microsoft/playwright/issues/32070)2070 - \[Bug]: --only-changed flag and project dependen[https://github.com/microsoft/playwright/issues/32188](https://togithub.com/microsoft/playwright/issues/32188)32188 - \[Bug]: --only-changed with shallow clone throws "unknown revision" error ##### Browser Versions - Chromium 128.0.6613.18 - Mozilla Firefox 128.0 - WebKit 18.0 This version was also tested against the following stable channels: - Google Chrome 127 - Microsoft Edge 127 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
Version
1.46.0
Steps to reproduce
Have credential scanning tool in a pipeline.
Expected behavior
No issues with credential scanning tool.
Actual behavior
Credential scanning tool flags key.pem as a file that contains a private secret.
Additional context
No response
Environment
The text was updated successfully, but these errors were encountered: