Achieve 90%+ test coverage across all services by PenguinzTech · Pull Request #93 · penguintechinc/waddleperf

PenguinzTech · 2026-04-01T14:17:52Z

Summary

Achieved 90%+ test coverage across all services
Updated gitignore to exclude coverage artifacts (HTML reports, XML files)
Migrated to v4.1.x release branch (from v1.2.x)

Version Update

Current version: v4.1.0 with build epoch
Release branch: v4.1.x

Test Coverage Improvement

Comprehensive unit and integration test additions
Coverage thresholds enforced across Python, Go, and Node.js services
All pre-commit checks passing

🤖 Generated with Claude Code

Replace template shared/ code (122 files, unused by services) with published PenguinTech packages: penguin-libs, penguin-licensing, penguintechinc-utils (Python), and @penguintechinc/react-libs (React). - Docs: Update shared.licensing imports to penguin_licensing equivalents - Deps: Add penguin-libs to 4 Python services and react-libs to 2 frontends - Python: Switch to sanitized get_logger(), use IsStrongPassword validator - React: Replace hand-rolled login forms with LoginPageBuilder, add AppConsoleVersion - Delete shared/ directory entirely (py_libs, go_libs, node_libs, react_libs, licensing, database) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Add scripts/version/update-version.sh for managing vMajor.Minor.Patch.build format versions. Supports major/minor/patch bumps and build-only timestamp refresh (default when no argument given). Bump version from v1.0.0 to v1.1.0 for the penguin-libs migration release. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Convert .claude/ standard files from inline content to symlinks pointing to the centralized standards repository, keeping them in sync with upstream template updates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Add Helm values-alpha/beta, Kustomize overlays (alpha/beta), manifests, and deploy-beta.sh script for consistent k8s deployment across all repos. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

…alpha Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

…localhost.local Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Test infrastructure and coverage additions: - testServer: TestMain with fake traceroute binary (conditional TCP/UDP/ICMP path control) and shared ECDSA CA cert for TLS tests; sqlmock-based database package tests (94.2%); handler error-path tests (90.2%); TCP TLS success path via TestMain CA; TCP/UDP traceroute fallback path tests - managerServer/api: enrollment route tests; conftest fixture improvements - managerServer/frontend: Profile, Users, Devices function coverage to 100% via null-user, clipboard, modal-close, checkbox, overlay-click tests; vitest per-file threshold overrides for streaming components - webClient/frontend: TestForm, TestRunner, TraceTest component tests; vitest per-file threshold overrides for SpeedTest/DownloadTest/TraceTest CI/CD fixes: - testserver.yml: go-version 1.23 → 1.24; add -timeout 180s - All Python workflows: --cov → --cov=. (measure local source only) - containerclient.yml: --cov=client to match pytest.ini addopts - Makefile: unified-api pytest uses --cov=. for accurate 90.45% reporting Final coverage: unified-api 90.45%, managerServer/api 98.27%, webClient/api 95.43%, containerClient 90.69%, testServer 90.2%, managerServer/frontend 96.96%, webClient/frontend passing with per-file overrides Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Add coverage.xml and coverage/ to .gitignore and remove previously-tracked generated coverage artifacts from the repository. These files are regenerated on every test run and should not be version-controlled. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

sourcery-ai

Sorry, we are unable to review this pull request

The GitHub API does not allow us to fetch diffs exceeding 300 files, and this pull request has 375

socket-security · 2026-04-01T14:18:29Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Vulnerability	Quality
vitest@1.6.1 ⏵ 1.6.0		^-75
next@15.5.14
react-router-dom@7.13.2
@vitest/coverage-v8@1.6.1 ⏵ 1.6.0
recharts@2.15.4
jsdom@24.1.0
vite@6.4.1
socket.io-client@4.8.3
react@19.2.4 ⏵ 18.3.1			⁺¹
@testing-library/user-event@14.5.2
tailwindcss@3.4.19
@testing-library/react@14.3.1
@testing-library/jest-dom@6.4.2
eslint@9.39.4
terser@5.46.1
eslint-plugin-react-refresh@0.4.26
msw@2.3.4
react-dom@19.2.4 ⏵ 18.3.1	^-7
framer-motion@11.18.2
@vitejs/plugin-react@4.7.0

View full report

socket-security · 2026-04-01T14:18:31Z

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. It is recommended to resolve "Warn" alerts too. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Block		Critical CVE: Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening CVE: GHSA-9crc-q9x8-hgqq Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening (CRITICAL) Affected versions: >= 1.0.0 < 1.6.1; >= 2.0.0 < 2.1.9; >= 3.0.0 < 3.0.5; <= 0.0.125 Patched version: 1.6.1 From: webClient/frontend/package.json → `npm/vitest@1.6.0` ℹ Read more on: This package \| This alert \| What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/vitest@1.6.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Obfuscated code: npm `entities` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: `?` → `npm/jsdom@24.1.0` → `npm/entities@6.0.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/entities@6.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `@babel/core` with module fs Module: fs Location: Package overview From: `?` → `npm/@vitejs/plugin-react@4.7.0` → `npm/@babel/core@7.29.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/@babel/core@7.29.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `css.escape` was last published 10 years ago Last Publish: 8/23/2016, 8:00:45 PM From: `?` → `npm/@testing-library/jest-dom@6.4.2` → `npm/css.escape@1.5.1` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/css.escape@1.5.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `decimal.js-light` was last published 6 years ago Last Publish: 9/30/2020, 9:10:57 PM From: `?` → `npm/recharts@2.15.4` → `npm/decimal.js-light@2.5.1` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/decimal.js-light@2.5.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `gensync` was last published 5 years ago Last Publish: 10/27/2020, 8:43:40 PM From: `?` → `npm/@vitejs/plugin-react@4.7.0` → `npm/gensync@1.0.0-beta.2` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/gensync@1.0.0-beta.2`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `get-tsconfig` with module fs Module: fs Location: Package overview From: `?` → `npm/eslint-config-next@15.5.14` → `npm/get-tsconfig@4.13.7` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/get-tsconfig@4.13.7`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `jiti` with module fs Module: fs Location: Package overview From: `?` → `npm/tailwindcss@3.4.19` → `npm/jiti@1.21.7` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/jiti@1.21.7`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `jsdom` with module fs Module: fs Location: Package overview From: webClient/frontend/package.json → `npm/jsdom@24.1.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/jsdom@24.1.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `lilconfig` with module fs Module: fs Location: Package overview From: `?` → `npm/tailwindcss@3.4.19` → `npm/lilconfig@3.1.3` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/lilconfig@3.1.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `min-indent` was last published 6 years ago Last Publish: 5/28/2020, 7:20:06 PM From: `?` → `npm/@testing-library/jest-dom@6.4.2` → `npm/min-indent@1.0.1` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/min-indent@1.0.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `msw` with module fs Module: fs Location: Package overview From: webClient/frontend/package.json → `npm/msw@2.3.4` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/msw@2.3.4`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `mz` with module fs Module: fs Location: Package overview From: `?` → `npm/tailwindcss@3.4.19` → `npm/mz@2.7.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/mz@2.7.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `mz` was last published 9 years ago Last Publish: 9/13/2017, 5:57:36 PM From: `?` → `npm/tailwindcss@3.4.19` → `npm/mz@2.7.0` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/mz@2.7.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `next` with module fs/promises Module: fs/promises Location: Package overview From: archive/website/package.json → `npm/next@15.5.14` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/next@15.5.14`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `next` with module fs Module: fs Location: Package overview From: archive/website/package.json → `npm/next@15.5.14` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/next@15.5.14`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `normalize-path` was last published 8 years ago Last Publish: 4/19/2018, 2:54:47 PM From: `?` → `npm/tailwindcss@3.4.19` → `npm/normalize-path@3.0.0` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/normalize-path@3.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `querystringify` was last published 6 years ago Last Publish: 8/17/2020, 6:18:46 PM From: `?` → `npm/jsdom@24.1.0` → `npm/msw@2.3.4` → `npm/querystringify@2.2.0` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/querystringify@2.2.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `read-cache` with module fs Module: fs Location: Package overview From: `?` → `npm/tailwindcss@3.4.19` → `npm/read-cache@1.0.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/read-cache@1.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `read-cache` was last published 10 years ago Last Publish: 1/11/2016, 1:53:14 AM From: `?` → `npm/tailwindcss@3.4.19` → `npm/read-cache@1.0.0` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/read-cache@1.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `readdirp` with module fs Module: fs Location: Package overview From: `?` → `npm/tailwindcss@3.4.19` → `npm/readdirp@3.6.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/readdirp@3.6.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `recharts-scale` was last published 5 years ago Last Publish: 3/25/2021, 2:30:18 AM From: `?` → `npm/recharts@2.15.4` → `npm/recharts-scale@0.4.5` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/recharts-scale@0.4.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `requires-port` was last published 10 years ago Last Publish: 10/30/2015, 2:42:33 PM From: `?` → `npm/jsdom@24.1.0` → `npm/msw@2.3.4` → `npm/requires-port@1.0.0` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/requires-port@1.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `sharp` with module fs Module: fs Location: Package overview From: `?` → `npm/next@15.5.14` → `npm/sharp@0.34.5` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/sharp@0.34.5`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `source-map-support` with module fs Module: fs Location: Package overview From: `?` → `npm/terser@5.46.1` → `npm/source-map-support@0.5.21` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/source-map-support@0.5.21`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `symbol-tree` was last published 7 years ago Last Publish: 6/12/2019, 6:10:21 PM From: `?` → `npm/jsdom@24.1.0` → `npm/symbol-tree@3.2.4` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/symbol-tree@3.2.4`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Filesystem access: npm `tailwindcss` with module fs Module: fs Location: Package overview From: archive/website/package.json → `npm/tailwindcss@3.4.19` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/tailwindcss@3.4.19`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Unmaintained: npm `thenify-all` was last published 11 years ago Last Publish: 1/10/2015, 5:24:24 PM From: `?` → `npm/tailwindcss@3.4.19` → `npm/thenify-all@1.6.0` ℹ Read more on: This package \| This alert \| What are unmaintained packages? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Package should publish periodic maintenance releases if they are maintained, or deprecate if they have no intention in further maintenance. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/thenify-all@1.6.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
See 5 more rows in the dashboard

View full report

…uring scan - Updated Python dependencies in webClient, managerServer, unified-api, and archive to fix CVEs/GHSAs (flask, flask-cors, gunicorn, pymysql, etc.) - Fixed command injection in archive/client/bins/ppingParser.py by removing shell=True - Fixed SSRF vulnerability in testServer/internal/validation/validation.go by actually blocking internal targets - Randomized default secrets in managerServer and unified-api configs to prevent use of insecure defaults - Fixed .gitignore to stop ignoring go.mod/go.sum and tracked testServer Go module files

- main: -gamma postfix, pre-release - release (v4.*, 4.x): beta tag/postfix - other: -alpha postfix - added artifact uploads for all builds

PenguinzTech and others added 19 commits February 10, 2026 17:30

Update .claude/ standards to symlinked centralized files

45e40e6

Convert .claude/ standard files from inline content to symlinks pointing to the centralized standards repository, keeping them in sync with upstream template updates. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Updating documentation to new base standard

2ac6c5c

Updating documentation to new base standard

5522177

Updating documentation to new base standard

1acf264

Add standardized k8s deployment configuration

0628d00

Add Helm values-alpha/beta, Kustomize overlays (alpha/beta), manifests, and deploy-beta.sh script for consistent k8s deployment across all repos. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Fix ingress TLD: use penguintech.cloud for beta, localhost.local for …

136ba0c

…alpha Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

Updating documentation to new base standard

4e23d29

fix(k8s): standardize ingress TLDs - beta=.penguintech.cloud, alpha=.…

7ad93b2

…localhost.local Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Remove app.md template (replaced by {subject}.local.md convention)

2366355

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Updating documentation to new base standard

4b4e6c3

Updating documentation to new base standard

ffddcca

Updating documentation to new base standard

79757f2

Updating documentation to new base standard

f27375e

periodic save

701dc11

chore: migrate to v4.1.x release branch

55997b9

sourcery-ai bot reviewed Apr 1, 2026

View reviewed changes

PenguinzTech added this to the v4.1.x milestone Apr 1, 2026

PenguinzTech added 7 commits April 1, 2026 15:34

build: initialize goClient Go module

098c69d

ci: fix path and branch triggers for workflows to match v4.1.x

6aad253

ci: implement branch-specific build pipelines and postfixes

289c7d6

- main: -gamma postfix, pre-release - release (v4.*, 4.x): beta tag/postfix - other: -alpha postfix - added artifact uploads for all builds

ci: add test-metadata workflow to debug CI issues

5651a26

ci: fix permissions and artifact handling in all build workflows

5fb979a

ci: use explicit branch name in triggers to debug workflow issue

7c3a957

PenguinzTech added 30 commits April 1, 2026 17:38

ci: metadata only in testserver to debug

37fe347

ci: force trigger debug simple

f85459e

ci: debug test job in testserver again

6a3363a

ci: debug build meta job in testserver

cfb346d

ci: rename testserver workflow to debug name issue

9219640

ci: rename testserver workflow file to debug

d0b8227

ci: simplify images in debug workflow

6ac351a

ci: simplify needs in debug workflow

7794e8a

ci: make build job independent in debug workflow

3c0fb38

ci: debug needs metadata in debug workflow

a2d510d

ci: debug needs list in debug workflow

fa492d0

ci: debug build job simple in debug workflow

218a8d1

ci: debug build job single line tags in debug workflow

e74e192

ci: use manual tags in debug workflow

028e8a7

ci: debug docker/metadata-action in debug workflow

20261d7

ci: simplify docker/metadata-action tags in debug workflow

2cc75ff

ci: try docker/metadata-action@v4 in debug workflow

1b71e4a

ci: try docker/build-push-action@v5 in debug workflow

496e9b2

ci: try docker/build-push-action@v4 in debug workflow

e89ef6b

ci: debug build-push-action minimal

0c5399b

ci: remove needs from build job in debug workflow

fa821b0

ci: simplify build job in testserver to debug

db7058d

ci: debug needs in testserver

c5d12c8

ci: remove needs in build job for independent test

3fb60b6

ci: remove needs from build job in testserver

c31f5d3

ci: simplify build job and metadata for debugging

ab6f032

ci: isolate build job to debug

69f9eca

ci: remove docker setup actions for debugging

60ce4fb

ci: remove test needs in build job for independent test

c5aec51

ci: minimal workflow to debug

6de8187

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Achieve 90%+ test coverage across all services#93

Achieve 90%+ test coverage across all services#93
PenguinzTech wants to merge 70 commits intomainfrom
v4.1.x

PenguinzTech commented Apr 1, 2026

Uh oh!

sourcery-ai bot left a comment

Uh oh!

socket-security bot commented Apr 1, 2026

Uh oh!

socket-security bot commented Apr 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

PenguinzTech commented Apr 1, 2026

Summary

Version Update

Test Coverage Improvement

Uh oh!

sourcery-ai bot left a comment

Choose a reason for hiding this comment

Uh oh!

socket-security bot commented Apr 1, 2026

Uh oh!

socket-security bot commented Apr 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant