chore: rolldown dual build #1126
Conversation
github-actions
bot
added
📖 Project documentation
|
View your CI Pipeline Execution ↗ for commit 87adb1c
☁️ Nx Cloud last updated this comment at |
@code-pushup/ci
@code-pushup/cli
@code-pushup/core
@code-pushup/create-cli
@code-pushup/models
@code-pushup/nx-plugin
@code-pushup/coverage-plugin
@code-pushup/eslint-plugin
@code-pushup/jsdocs-plugin
@code-pushup/js-packages-plugin
@code-pushup/lighthouse-plugin
@code-pushup/typescript-plugin
@code-pushup/utils
@code-pushup/models-transformers
commit: |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| /(['"`])((?:\.\.\/)+)(package\.json)\1/g, | ||
| (match, quote, dots, file) => { | ||
| // Remove one ../ from the path | ||
| const newDots = dots.replace(/\.\.\//, ''); |
Check failure
Code scanning / CodeQL
Incomplete string escaping or encoding High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 days ago
To fix the issue, we should ensure that the code reliably removes only the first occurrence of "../" from the matched group, but if the intention is to remove all occurrences (which the regex allows for), then it should use the correct replace logic. If the intention is to only remove one, replace with no g flag is sufficient, but the token may have more than one "../" so the code is potentially misleading. If the goal is to remove all, use /\.\.\//g. If only one should be removed, consider a clearer approach such as slicing or a specific replace for the first occurrence, making the operation and intent explicit. In this case, since the comments say "remove one", the code as written is correct but subject to confusion in future maintenance.
To fully address the CodeQL warning and ensure clear, predictable behavior, update the code to use a regular expression with the global flag if the goal is to remove all occurrences; otherwise, document and clarify why only one is removed. For safety and clarity, better to use /\.\.\//g unless there's a strict reason to only remove one.
No new imports are required for this change.
| @@ -259,7 +259,7 @@ | ||
| /(['"`])((?:\.\.\/)+)(package\.json)\1/g, | ||
| (match, quote, dots, file) => { | ||
| // Remove one ../ from the path | ||
| const newDots = dots.replace(/\.\.\//, ''); | ||
| const newDots = dots.replace(/\.\.\//g, ''); | ||
| return `${quote}${newDots}${file}${quote}`; | ||
| }, | ||
| ); |
| /(['"`])((?:\.\.\/)+)(package\.json)\1/g, | ||
| (match, quote, dots, file) => { | ||
| // Remove one ../ from the path | ||
| const newDots = dots.replace(/\.\.\//, ''); |
Check failure
Code scanning / CodeQL
Incomplete multi-character sanitization High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 days ago
To fix this problem, we need to ensure that all occurrences of '../' in the dots string are removed, not just the first one. This can be done by replacing the .replace(/\.\.\//, '') call with .replace(/\.\.\//g, ''), where the g flag ensures a global replacement within the string. This change will not affect other code paths or functionality — it simply expands the match to all instances, properly cleaning the path prefix as the plugin intended.
Only modify the relevant line in the plugin's transform function. No new imports, helper methods, or dependencies are required.
| @@ -259,7 +259,7 @@ | ||
| /(['"`])((?:\.\.\/)+)(package\.json)\1/g, | ||
| (match, quote, dots, file) => { | ||
| // Remove one ../ from the path | ||
| const newDots = dots.replace(/\.\.\//, ''); | ||
| const newDots = dots.replace(/\.\.\//g, ''); | ||
| return `${quote}${newDots}${file}${quote}`; | ||
| }, | ||
| ); |
No description provided.