Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat/mentoring-topics-revamp #496

Draft
wants to merge 28 commits into
base: master
Choose a base branch
from
Draft

Feat/mentoring-topics-revamp #496

wants to merge 28 commits into from

Conversation

ericbolikowski
Copy link
Contributor

What Github issue does this PR relate to? Insert link.

What should the reviewer know?

We're revamping the mentoring topics, replacing them with four data lists: fields of expertise; mentoring goals; mentoring topics; skills.

This change will be a large one, and will affect the editing, browsing and filtering experience of mentors and mentees.

semgrep-app[bot]
semgrep-app bot reviewed Mar 7, 2022
View reviewed changes
apps/redi-connect/src/components/organisms/EditableMentoringTopicsNew2022.tsx Outdated
Comment on lines 124 to 133
<Checkbox.Form
name={`mentoringTopics-${groupItem.id}`}
key={groupItem.id}
value={groupItem.id}
checked={selectedMentoringTopics.includes(groupItem.id)}
customOnChange={onChange}
{...formik}
>
{groupItem.label}
</Checkbox.Form>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's best practice to explicitly pass props to an HTML component rather than use the spread operator. The spread operator risks passing invalid HTML props to an HTML element, which can cause console warnings or worse, give malicious actors a way to inject unexpected attributes.

⚪️ This finding does not block your pull request.
🙈 From typescript.react.best-practice.react-props-spreading.react-props-spreading.

semgrep-app[bot]
semgrep-app bot reviewed Mar 7, 2022
View reviewed changes
apps/redi-connect/src/components/organisms/EditableProfessionalExperienceFields.tsx
Comment on lines +113 to +122
<Checkbox.Form
name={`professionalExperienceFields-${id}`}
key={id}
value={id}
checked={selectedProfessionalExperienceFields.includes(id)}
customOnChange={onChange}
{...formik}
>
{label}
</Checkbox.Form>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's best practice to explicitly pass props to an HTML component rather than use the spread operator. The spread operator risks passing invalid HTML props to an HTML element, which can cause console warnings or worse, give malicious actors a way to inject unexpected attributes.

⚪️ This finding does not block your pull request.
🙈 From typescript.react.best-practice.react-props-spreading.react-props-spreading.

semgrep-app[bot]
semgrep-app bot reviewed Mar 7, 2022
View reviewed changes
apps/redi-connect/src/components/organisms/EditableMentoringGoals.tsx
Comment on lines +109 to +118
<Checkbox.Form
name={`mentoringGoals-${id}`}
key={id}
value={id}
checked={selectedMentoringGoals.includes(id)}
customOnChange={onChange}
{...formik}
>
{label}
</Checkbox.Form>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's best practice to explicitly pass props to an HTML component rather than use the spread operator. The spread operator risks passing invalid HTML props to an HTML element, which can cause console warnings or worse, give malicious actors a way to inject unexpected attributes.

⚪️ This finding does not block your pull request.
🙈 From typescript.react.best-practice.react-props-spreading.react-props-spreading.

@semgrep-app
Copy link
Contributor

semgrep-app bot commented Jun 9, 2022

Semgrep found 7 react-props-injection findings:

Injecting props into a new React Element may introduce an XSS vulnerability if the props contains a user-controllable object (such as a dangerouslySetInnerHTML expression).

⚪️ This finding does not block your pull request.
🙈 From typescript.react.security.audit.react-props-injection.react-props-injection.

ericbolikowski and others added 17 commits June 14, 2022 09:51
@ericbolikowski
feat: restrict max topics count
db4a4d1
@ericbolikowski
remove unused dummy cat
8368234
@ericbolikowski
reconfigure a couple mentoring topics
9da21a6
@ericbolikowski
seed script generates value for new RedProfile props
0ab5f8b
@ericbolikowski
update mentor listing
e20e58d
@ericbolikowski
display group count
3cd9333
@katamatata
Fix undefined values
d2d1194
@ericbolikowski
Revert "Fix undefined values"
f92466a 
This reverts commit d2d1194.
@ericbolikowski
alternative fix
fd4241c
@ericbolikowski
ensure RedProfile of mentee user has no undefined array properties
e0d5abe
@helloanil
Fix mentoringGoals field name with mentor_mentoringGoals
6f07152
@katamatata
Fix mentors professionalExperience field, ensure mentee provides requ…
84d0034 
…ired information to display list of mentors
@katamatata
Mark required and optional fields, fix typos
f8ab464
@katamatata
Hide Application page if mentee profile is not complete
5cd0141
@katamatata
Fixes
f9f826e
@katamatata
Fix the blank Applications page for mentors
6b8277c
@katamatata
Delete log
ba15b2a
@gitguardian
Copy link

gitguardian bot commented Apr 27, 2023

⚠️ GitGuardian has uncovered 4 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request
GitGuardian id Secret Commit Filename
753993 Generic High Entropy Secret b3e7f20 nx.json View secret
753993 Generic High Entropy Secret ad5445b nx.json View secret
753993 Generic High Entropy Secret 863d333 nx.json View secret
753993 Generic High Entropy Secret e7ef109 nx.json View secret
🛠 Guidelines to remediate hardcoded secrets
  1. Understand the implications of revoking this secret by investigating where it is used in your code.
  2. Replace and store your secrets safely. Learn here the best practices.
  3. Revoke and rotate these secrets.
  4. If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!

This was linked to issues Apr 26, 2024
[CON/Browsing mentors:] Revamp of mentors search page #573
Open
[CON/Mentee Profile:] Revamp of mentee profile flow #572
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@semgrep-app semgrep-app[bot] semgrep-app[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[CON/Browsing mentors:] Revamp of mentors search page [CON/Mentee Profile:] Revamp of mentee profile flow
3 participants
@ericbolikowski @katamatata @helloanil