Skip to content

Harden manifest loading against unsafe YAML + prototype pollution #34

Harden manifest loading against unsafe YAML + prototype pollution

Harden manifest loading against unsafe YAML + prototype pollution #34

Workflow file for this run

name: tests
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node: ["18", "20", "22"]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node }}
- name: Fetch v0.1 conformance vectors
run: |
mkdir -p ../falsify-hackathon/spec/test-vectors/v0.1
curl -sL "https://raw.githubusercontent.com/studio-11-co/falsify/f6a784fffde27c44743dcd791d97f27f627c909c/spec/test-vectors/v0.1/test-vectors.json" \
-o ../falsify-hackathon/spec/test-vectors/v0.1/test-vectors.json
- name: Run tests
run: node test.js
- name: CLI smoke test
run: |
node falsify.js init smoke-test
test -f .falsify/smoke-test/spec.yaml || (echo "init didn't create the spec file"; exit 1)
# full conformance is run in test.js