From 476bfba082151bb467260700d1df87129a731eba Mon Sep 17 00:00:00 2001 From: Sabertaz Date: Tue, 2 Apr 2024 10:59:09 +0800 Subject: [PATCH] fix(security): disable eslint security output temporarily (#1238) --- components/CopyButton/CopyButton.tsx | 2 +- components/Editor/Editor.tsx | 1 + components/ErrorBoundary/ErrorBoundary.tsx | 2 +- components/Header/Header.test.tsx | 2 +- components/MDX/MDX.tsx | 4 +- components/TagsCloud/TagsCloud.tsx | 2 + config/colors.ts | 2 + hooks/useVisibility.test.tsx | 4 +- layouts/Layout.test.tsx | 2 +- layouts/PostLayout.test.tsx | 2 +- lib/getGitHubData.ts | 2 +- lib/getPostsData.ts | 8 +++- package.json | 4 +- pnpm-lock.yaml | 45 ++++++++++++++++------ 14 files changed, 58 insertions(+), 24 deletions(-) diff --git a/components/CopyButton/CopyButton.tsx b/components/CopyButton/CopyButton.tsx index 9314eeed5..2c11f6989 100644 --- a/components/CopyButton/CopyButton.tsx +++ b/components/CopyButton/CopyButton.tsx @@ -22,7 +22,7 @@ function CopyButton({ code, className }: Props): JSX.Element { className, 'outline-focus-visible absolute right-5 top-1.5 md:top-1', )} - // eslint-disable-next-line ts/no-misused-promises + // eslint-disable-next-line ts/no-misused-promises -- no need to handle promise. onClick={copy} > { public render() { const { hasError, error } = this.state const { children } = this.props - // eslint-disable-next-line node/prefer-global/process + // eslint-disable-next-line node/prefer-global/process -- SWC/Webpack supports process.env.NODE_ENV. const isDevelopment = process.env.NODE_ENV === 'development' if (hasError && isDevelopment) { diff --git a/components/Header/Header.test.tsx b/components/Header/Header.test.tsx index 1a14e48f4..cf1715cdf 100644 --- a/components/Header/Header.test.tsx +++ b/components/Header/Header.test.tsx @@ -8,7 +8,7 @@ describe('Header', () => { it('should render correctly (snapshot)', async () => { const { container } = render(
) - // eslint-disable-next-line testing-library/no-wait-for-snapshot + // eslint-disable-next-line testing-library/no-wait-for-snapshot -- Wait for the snapshot to be taken. await waitFor(() => expect(container).toMatchSnapshot()) }) }) diff --git a/components/MDX/MDX.tsx b/components/MDX/MDX.tsx index 092362249..23fdb3526 100644 --- a/components/MDX/MDX.tsx +++ b/components/MDX/MDX.tsx @@ -14,7 +14,7 @@ import Divider from './MDXDivider' import Input from './MDXInput' import Pre from './MDXPre' -// eslint-disable-next-line ts/no-unsafe-assignment +// eslint-disable-next-line ts/no-unsafe-assignment -- dynamic import. const Editor = dynamic(() => import('@components/Editor')) as any const Headings = { @@ -46,7 +46,7 @@ const CodeBlocks = { const customComponents = { Button, - // eslint-disable-next-line ts/no-unsafe-assignment + // eslint-disable-next-line ts/no-unsafe-assignment -- dynamic import. Editor, } diff --git a/components/TagsCloud/TagsCloud.tsx b/components/TagsCloud/TagsCloud.tsx index 9e38ca874..8946acfe2 100644 --- a/components/TagsCloud/TagsCloud.tsx +++ b/components/TagsCloud/TagsCloud.tsx @@ -9,6 +9,7 @@ interface Props { function TagsCloud({ tags, activeTag }: Props): JSX.Element { let tagsList = Object.keys(tags).sort((a, b) => { + // eslint-disable-next-line security/detect-object-injection -- key is safe. return tags[b] - tags[a] }) @@ -25,6 +26,7 @@ function TagsCloud({ tags, activeTag }: Props): JSX.Element { {tagsList.map(tag => ( { fireEvent.scroll(window, { target: { scrollY: 100 } }) - // eslint-disable-next-line testing-library/await-async-utils + // eslint-disable-next-line testing-library/await-async-utils -- no need to await. void waitFor(() => expect(onBottomPassed).toHaveBeenCalled()) - // eslint-disable-next-line testing-library/await-async-utils + // eslint-disable-next-line testing-library/await-async-utils -- no need to await. void waitFor(() => expect(onBottomPassedReverse).toHaveBeenCalled()) }) }) diff --git a/layouts/Layout.test.tsx b/layouts/Layout.test.tsx index eb8ef2526..c92f903fa 100644 --- a/layouts/Layout.test.tsx +++ b/layouts/Layout.test.tsx @@ -13,7 +13,7 @@ describe('Layout', () => { , ) - // eslint-disable-next-line testing-library/no-wait-for-snapshot + // eslint-disable-next-line testing-library/no-wait-for-snapshot -- Wait for the snapshot to be taken. await waitFor(() => expect(container).toMatchSnapshot()) }) }) diff --git a/layouts/PostLayout.test.tsx b/layouts/PostLayout.test.tsx index 91c2dcdc7..3eadad150 100644 --- a/layouts/PostLayout.test.tsx +++ b/layouts/PostLayout.test.tsx @@ -13,7 +13,7 @@ describe('PostLayout', () => { , ) - // eslint-disable-next-line testing-library/no-wait-for-snapshot + // eslint-disable-next-line testing-library/no-wait-for-snapshot -- Wait for the snapshot to be taken. await waitFor(() => expect(container).toMatchSnapshot()) }) }) diff --git a/lib/getGitHubData.ts b/lib/getGitHubData.ts index f12af5f31..14889dbc3 100644 --- a/lib/getGitHubData.ts +++ b/lib/getGitHubData.ts @@ -58,7 +58,7 @@ export default async function getGitHubData(): Promise { } } } else { - // eslint-disable-next-line no-console + // eslint-disable-next-line no-console -- need for CLI output. console.info('Not for Vercel build, fallback to local GitHub data.') } diff --git a/lib/getPostsData.ts b/lib/getPostsData.ts index 927172de5..c4b122fb6 100644 --- a/lib/getPostsData.ts +++ b/lib/getPostsData.ts @@ -39,6 +39,7 @@ function getReadingTime(content: string): number { } async function generatePostData(filePath: string): Promise { + // eslint-disable-next-line security/detect-non-literal-fs-filename -- filePath is safe. const fileContent = await fs.readFile(filePath, 'utf8') const slug = path.basename(filePath, path.extname(filePath)) @@ -149,8 +150,13 @@ async function getTagsData(): Promise { .map(post => post.tags || []) .flat() .reduce((tags: TagsType, tag: Tag) => { - if (!tags[tag]) + // eslint-disable-next-line security/detect-object-injection -- key is safe. + if (!tags[tag]) { + // eslint-disable-next-line security/detect-object-injection -- key is safe. tags[tag] = 0 + } + + // eslint-disable-next-line security/detect-object-injection -- key is safe. tags[tag] += 1 return tags }, {}) diff --git a/package.json b/package.json index 64dd10cf2..716434586 100644 --- a/package.json +++ b/package.json @@ -87,8 +87,8 @@ "unist-util-visit": "^5.0.0" }, "devDependencies": { - "@dg-scripts/eslint-config": "^5.19.0", - "@dg-scripts/stylelint-config": "^5.19.0", + "@dg-scripts/eslint-config": "^5.20.1", + "@dg-scripts/stylelint-config": "^5.20.1", "@octokit/types": "^12.6.0", "@testing-library/jest-dom": "^6.4.2", "@testing-library/react": "^14.2.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 331170983..4cd1049eb 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -116,11 +116,11 @@ dependencies: devDependencies: '@dg-scripts/eslint-config': - specifier: ^5.19.0 - version: 5.19.0(@vue/compiler-sfc@3.4.21)(eslint-config-next@14.1.4)(eslint@8.57.0)(next@14.1.4)(prettier@3.2.5)(typescript@5.4.3) + specifier: ^5.20.1 + version: 5.20.1(@vue/compiler-sfc@3.4.21)(eslint-config-next@14.1.4)(eslint@8.57.0)(next@14.1.4)(prettier@3.2.5)(typescript@5.4.3) '@dg-scripts/stylelint-config': - specifier: ^5.19.0 - version: 5.19.0(postcss@8.4.38)(prettier@3.2.5)(stylelint@16.3.1) + specifier: ^5.20.1 + version: 5.20.1(postcss@8.4.38)(prettier@3.2.5)(stylelint@16.3.1) '@octokit/types': specifier: ^12.6.0 version: 12.6.0 @@ -2215,8 +2215,8 @@ packages: - supports-color dev: true - /@dg-scripts/eslint-config@5.19.0(@vue/compiler-sfc@3.4.21)(eslint-config-next@14.1.4)(eslint@8.57.0)(next@14.1.4)(prettier@3.2.5)(typescript@5.4.3): - resolution: {integrity: sha512-W9sJ1Z0PT9FD3fTTTUIBN8OHF0WViH9/d6QABl3ivnylesw14ISfajabX3eQSsohEaa2M+UWjNGeA6Gkt3miSw==} + /@dg-scripts/eslint-config@5.20.1(@vue/compiler-sfc@3.4.21)(eslint-config-next@14.1.4)(eslint@8.57.0)(next@14.1.4)(prettier@3.2.5)(typescript@5.4.3): + resolution: {integrity: sha512-vDLy9pVD56lSYiN43mdV4aKbUDRx8uuBvOVUX8LOWXKoW0Gv4Pa53kTblXCRoQhob4iiMfc9wBwumFx4K+Kw+g==} engines: {node: '>=18.0.0'} peerDependencies: eslint: ^8.0.0 @@ -2235,9 +2235,11 @@ packages: eslint: 8.57.0 eslint-config-next: 14.1.4(eslint@8.57.0)(typescript@5.4.3) eslint-plugin-format: 0.1.0(eslint@8.57.0) + eslint-plugin-promise: 6.1.1(eslint@8.57.0) eslint-plugin-react: 7.34.1(eslint@8.57.0) eslint-plugin-react-hooks: 4.6.0(eslint@8.57.0) eslint-plugin-react-refresh: 0.4.6(eslint@8.57.0) + eslint-plugin-security: 2.1.1 eslint-plugin-testing-library: 6.2.0(eslint@8.57.0)(typescript@5.4.3) local-pkg: 0.5.0 next: 14.1.4(@babel/core@7.24.0)(react-dom@18.2.0)(react@18.2.0) @@ -2257,8 +2259,8 @@ packages: - vitest dev: true - /@dg-scripts/stylelint-config@5.19.0(postcss@8.4.38)(prettier@3.2.5)(stylelint@16.3.1): - resolution: {integrity: sha512-iJADWv3UiS3TCYubyGw9TV5Ej8KEQ3Z1ezvBJutzz+SPsTtDv0EG3zZhGr4c0ueZaPjcaXwxM0tOt5Pw3ETA1A==} + /@dg-scripts/stylelint-config@5.20.1(postcss@8.4.38)(prettier@3.2.5)(stylelint@16.3.1): + resolution: {integrity: sha512-HBbUhSUYBb7Prj4KUaVK44e1qXr6t3AYmmUUGJIoztTi3Le5U/9Kj9c4Jio2kke8PM1ujeOxUyz70jxv5K9EKA==} engines: {node: '>=18.0.0'} peerDependencies: prettier: ^3.0.0 @@ -2266,7 +2268,7 @@ packages: dependencies: prettier: 3.2.5 stylelint: 16.3.1(typescript@5.4.3) - stylelint-config-bod: 5.19.0(postcss@8.4.38)(stylelint@16.3.1) + stylelint-config-bod: 5.20.1(postcss@8.4.38)(stylelint@16.3.1) stylelint-prettier: 5.0.0(prettier@3.2.5)(stylelint@16.3.1) transitivePeerDependencies: - postcss @@ -6520,6 +6522,15 @@ packages: - typescript dev: true + /eslint-plugin-promise@6.1.1(eslint@8.57.0): + resolution: {integrity: sha512-tjqWDwVZQo7UIPMeDReOpUgHCmCiH+ePnVT+5zVapL0uuHnegBUs2smM13CzOs2Xb5+MHMRFTs9v24yjba4Oig==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + peerDependencies: + eslint: ^7.0.0 || ^8.0.0 + dependencies: + eslint: 8.57.0 + dev: true + /eslint-plugin-react-hooks@4.6.0(eslint@8.57.0): resolution: {integrity: sha512-oFc7Itz9Qxh2x4gNHStv3BqJq54ExXmfC+a1NjAta66IAN87Wu0R/QArgIS9qKzX3dXKPI9H5crl9QchNMY9+g==} engines: {node: '>=10'} @@ -6564,6 +6575,12 @@ packages: string.prototype.matchall: 4.0.10 dev: true + /eslint-plugin-security@2.1.1: + resolution: {integrity: sha512-7cspIGj7WTfR3EhaILzAPcfCo5R9FbeWvbgsPYWivSurTBKW88VQxtP3c4aWMG9Hz/GfJlJVdXEJ3c8LqS+u2w==} + dependencies: + safe-regex: 2.1.1 + dev: true + /eslint-plugin-testing-library@6.2.0(eslint@8.57.0)(typescript@5.4.3): resolution: {integrity: sha512-+LCYJU81WF2yQ+Xu4A135CgK8IszcFcyMF4sWkbiu6Oj+Nel0TrkZq/HvDw0/1WuO3dhDQsZA/OpEMGd0NfcUw==} engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0, npm: '>=6'} @@ -13048,6 +13065,12 @@ packages: es-errors: 1.3.0 is-regex: 1.1.4 + /safe-regex@2.1.1: + resolution: {integrity: sha512-rx+x8AMzKb5Q5lQ95Zoi6ZbJqwCLkqi3XuJXp5P3rT8OEc6sZCJG5AE5dU3lsgRr/F4Bs31jSlVN+j5KrsGu9A==} + dependencies: + regexp-tree: 0.1.27 + dev: true + /safer-buffer@2.1.2: resolution: {integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==} dev: true @@ -13589,8 +13612,8 @@ packages: client-only: 0.0.1 react: 18.2.0 - /stylelint-config-bod@5.19.0(postcss@8.4.38)(stylelint@16.3.1): - resolution: {integrity: sha512-Z04Tvprsn0wf+T4GZbTGLHgaVgKsn7Aa9FvGh7toM8Bzuvei7082USkhP/54XEIyPBnSrTcZBDOuekCcV8L16w==} + /stylelint-config-bod@5.20.1(postcss@8.4.38)(stylelint@16.3.1): + resolution: {integrity: sha512-RNfjTxJYMoFgmi4qHAWLtuQPY6C3gA8AHoGQXyl+s9q02yXlG8uDsBrG9KsvQuB1zYLBaxAQfB9wRyLr79wbUA==} engines: {node: '>=18.0.0'} peerDependencies: stylelint: ^15.0.0 || ^16.0.0