
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
fix-db-schema-conflicts
Advanced tools
It prevents db/schema.rb conflicts in your Rails projects when working with multiple team members.
Specifically the situation that goes like this:
John is working on a feature, and adds a migration to create an updated_at
timestamp to Task
. Sara is working on a different feature, and adds a
migration to create a name
column to Task
. They both run their migrations
locally, and then get a new copy of master with the other's feature and
migration. Then when they run migrations again, John's tasks
table looks like
this:
t.timestamp :updated_at
t.string :name
And Sara's looks like this:
t.string :name
t.timestamp :updated_at
And every time they run migrations before committing new code, their
db/schema.rb
file will be showing a change, because they are flipping the
order of the columns.
By using the fix-db-schema-conflicts gem, this problem goes away.
This gem sorts the table, index, extension, and foreign key names before outputting them to the schema.rb file. Additionally it runs Rubocop with the auto-correct flag to ensure a consistent output format.
You don't have to do anything different. It should just work. Simply run rake db:migrate
or rake db:schema:dump
as you would before and
fix-db-schema-conflicts
will do the rest.
Add this line to your application's Gemfile in your development group:
gem 'fix-db-schema-conflicts'
And then execute:
$ bundle
If you wish to use a version of Rubocop < 0.36.0
or below, use
gem 'fix-db-schema-conflicts', '~> 1.0.2'
This gem only works with Ruby >= 2.2. Use versions 1.2.2 or below if you have an old Ruby.
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)FAQs
Unknown package
We found that fix-db-schema-conflicts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.