fix: whitelist process env keys (#557)

PSA: previous versions included process.env in the bundles so tokens, keys etc might be compromised please reset those to be safe!!

Author: achingbrain

src/config/karma.conf.js

@@ -10,6 +10,7 @@ const isWebworker = process.env.AEGIR_RUNNER === 'webworker'
 
 // Env to pass in the bundle with DefinePlugin
 const env = {
+  'process.env': JSON.stringify(process.env),
   TEST_DIR: JSON.stringify(fromRoot('test')),
   TEST_BROWSER_JS: hasFile('test', 'browser.js')
     ? JSON.stringify(fromRoot('test', 'browser.js'))

src/config/webpack.config.js

@@ -108,7 +108,12 @@ const base = (env, argv) => {
       ]
     },
     plugins: [
-      new webpack.DefinePlugin({ 'process.env': JSON.stringify(process.env) })
+      new webpack.DefinePlugin({
+        'process.env': JSON.stringify({
+          DEBUG: process.env.DEBUG,
+          NODE_ENV: process.env.NODE_ENV
+        })
+      })
     ],
     target: 'web',
     node: process.env.AEGIR_NODE === 'false' ? {