chore: upgrade from eslint 8 to 9 #613
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| console.log(`Found ${id} - ${out}/${id}.json`); | ||
| } | ||
| }); | ||
| console.log(`Finished: ${dataset}`); |
There was a problem hiding this comment.
🚫 [Bearer] <javascript_lang_logger_leak> reported by reviewdog 🐶
Leakage of information in logger message
Description
Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.
Remediations
- Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
logger.info(`Results: ${data}`) // unsafe
- Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
| // Remove the unused variable in the promise chain | ||
| scrape(process.argv[2], process.argv[3]).catch((error) => console.error(error)); |
There was a problem hiding this comment.
🚫 [Bearer] <javascript_lang_logger_leak> reported by reviewdog 🐶
Leakage of information in logger message
Description
Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.
Remediations
- Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
logger.info(`Results: ${data}`) // unsafe
- Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
There was a problem hiding this comment.
PR Overview
This PR upgrades the ESLint configuration from version 8 to 9 and makes several related refactorings across configuration files and React components. Key changes include:
- Introducing ES module based ESLint configurations using the new '@eslint/js' recommended config.
- Converting various configuration files (PostCSS, Next.js, tsup) to modern formats and enhancing type safety.
- Updating React components with minor refactoring and improved usage of updated icon components.
Reviewed Changes
| File | Description |
|---|---|
| bundestag.io/api/eslint.config.mjs | New ESLint config using '@eslint/js' and additional TypeScript plugin settings. |
| democracy/desktop/postcss.config.js | Migrated PostCSS config to ES module and updated plugin keys. |
| common/democracy/tsup.config.ts | Modified tsup configuration to accept extra options via a callback format. |
| .eslintrc.js | Rewritten ESLint configuration to support ES modules with updated plugins. |
| bundestag.io/admin/src/app/list/[past,upcoming]/page.tsx | Updated page props types to await Promises and refactored parameter usage. |
| democracy/desktop/next.config.js | Converted Next.js config to ES module style with bundle analyzer integration. |
| .github/prompts/always.prompt.md | Minor documentation improvements in command examples. |
| democracy/desktop/src/components/organisms/DoughnutChart.tsx | Refactored DoughnutChart component for improved type annotations and SVG formatting. |
| democracy/desktop/src/components/molecules/Card.tsx | Added type annotations and streamlined JSX formatting. |
| democracy/desktop/src/components/molecules/Filters.tsx | Simplified component formatting and adjusted button declarations. |
| democracy/desktop/src/components/molecules/Navigation.tsx | Updated icon imports and usage to align with the latest heroicons package. |
| democracy/desktop/src/components/molecules/FilterDropdown.tsx | Modified import for updated heroicons and improved formatting. |
Copilot reviewed 72 out of 72 changed files in this pull request and generated no comments.
Comments suppressed due to low confidence (6)
democracy/desktop/src/components/organisms/DoughnutChart.tsx:45
- [nitpick] The variable name 'itsNeutral' is unclear; consider renaming it to 'isNeutral' for better readability.
const itsNeutral = votes.yes.count + votes.no.count < (votes?.abstination?.count ?? 0);
democracy/desktop/src/components/organisms/DoughnutChart.tsx:46
- [nitpick] The variable name 'itsAYes' is ambiguous; consider renaming it to 'isYes' (or a similar clear name) to improve clarity.
const itsAYes = votes.yes.count > votes.no.count;
.github/prompts/always.prompt.md:6
- [nitpick] Consider correcting typos: change 'somethin' to 'something' and 'u' to 'you' for improved clarity.
- use always --filter when u want to run somethin in a package
.github/prompts/always.prompt.md:10
- [nitpick] There appears to be a typo: 'PACKANGE_NAME' should be 'PACKAGE_NAME'.
docker build --build-arg SERVICE=PACKANGE_NAME --build-arg SERVICE_PATH=services/cron-jobs/SERVICE_DIR -t PACKAGE_NAME:latest -f services/cron-jobs/SERVICE_DIR/Dockerfile .
bundestag.io/admin/src/app/list/past/page.tsx:7
- The 'params' property is defined in Props but isn’t used in the component; consider removing it to avoid confusion.
type Props = { params: Promise<{ id: string }>; searchParams: Promise<{ [key: string]: string | string[] | undefined }>; };
bundestag.io/admin/src/app/list/upcoming/page.tsx:7
- The 'params' property is defined in Props but isn’t used within the component; consider removing it if it's unnecessary.
type Props = { params: Promise<{ id: string }>; searchParams: Promise<{ [key: string]: string | string[] | undefined }>; };
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| let sessions: Session[] = []; | ||
| const regex_DateSession = | ||
| /<caption>[\s\S]*?<div class="bt-conference-title".*?>([\s\S]*?)\((\d*)\. Sitzung\)<\/div>[\s\S]*?<\/caption>[\s\S]*?<tbody>([\s\S]*?)<\/tbody>/gm; | ||
| while ((m = regex_DateSession.exec(string)) !== null) { |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
| /<tr>[\s\S]*?<td data-th="Uhrzeit">[\s\S]*?<p>([\s\S]*?)<\/p>[\s\S]*?<td data-th="TOP">[\s\S]*?<p>([\s\S]*?)<\/p>[\s\S]*?<td data-th="Thema">[\s\S]*?<div class="bt-documents-description">([\s\S]*?)<\/div>[\s\S]*?<\/td>[\s\S]*?<td data-th="Status\/ Abstimmung">([\s\S]*?)<\/td>[\s\S]*?<\/tr>/gm; | ||
| let lastTopTime: Date | null = null; | ||
| let newDay: boolean = false; | ||
| while ((n = regex_tops.exec(sessionData)) !== null) { |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
| regex_topHeading.lastIndex++; | ||
| const regex_topHeading = | ||
| /<a href="#" class="bt-top-collapser collapser collapsed"[\s\S]*?>([\s\S]*?)<\/a>/gm; | ||
| while ((o = regex_topHeading.exec(topic)) !== null) { |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
| } | ||
|
|
||
| const regex_article = /<button[\s\S]*?data-url="([\s\S]*?)">/gm; | ||
| while ((o = regex_article.exec(topic)) !== null) { |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
| } | ||
|
|
||
| const regex_topTopic = /<p>([\s\S]*?)<\/p>/gm; | ||
| while ((o = regex_topTopic.exec(topic)) !== null) { |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
| let statusText = match.trim(); | ||
| let o; | ||
| const regex_topTopic = /<p>([\s\S]*?)<\/p>/gm; | ||
| while ((o = regex_topTopic.exec(statusText)) !== null) { |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
| let id: string = ''; | ||
| if (data.meta && data.meta.url) { | ||
| const regex_id = /https:\/\/www\.bundestag\.de\/abgeordnete\/.*-(\d+)/gm; | ||
| while ((m = regex_id.exec(data.meta.url)) !== null) { |
Check failure
Code scanning / CodeQL
Polynomial regular expression used on uncontrolled data High
ManAnRuck
force-pushed
the
chore/eslint-9
branch
4 times, most recently
from
bed65f6 to
3a741ac
Compare
There was a problem hiding this comment.
PR Overview
This PR upgrades the linting configuration from ESLint 8 to 9 and includes various improvements to related configuration files and minor code cleanups. Key changes include:
- Conversion of ESLint configuration files to the new format using ES module exports.
- Updates to PostCSS, tsup, and Next.js configuration files along with small refactors in component code.
- Documentation and prompt corrections in GitHub prompts.
Reviewed Changes
| File | Description |
|---|---|
| bundestag.io/api/eslint.config.mjs | New ESLint config using js.configs and updated TypeScript rules. |
| democracy/desktop/postcss.config.js | Adjusted PostCSS plugin configuration and simplified structure. |
| common/democracy/tsup.config.ts | Updated tsup config to merge options with proper type assertions. |
| .eslintrc.js | Migrated ESLint settings to an ES module format with updated plugins. |
| democracy/desktop/next.config.js | Converted configuration to ES module format and updated rewrites. |
| bundestag.io/admin/src/app/list/upcoming/page.tsx | Resolved searchParams as a Promise and improved type handling. |
| bundestag.io/admin/src/app/list/past/page.tsx | Similar searchParams resolution and type updates. |
| .github/prompts/always.prompt.md | Fixed spelling and formatting issues in build instructions. |
| democracy/desktop/src/components/organisms/DoughnutChart.tsx | Renamed ambiguous variables and added an explicit ref type. |
| democracy/desktop/src/components/molecules/Card.tsx | Updated ref types and improved JSX formatting for consistency. |
| democracy/desktop/src/components/molecules/Filters.tsx | Simplified button and legend structure for cleaner markup. |
| democracy/desktop/src/components/molecules/Navigation.tsx | Replaced outdated heroicon imports with new naming conventions. |
| democracy/desktop/src/components/molecules/FilterDropdown.tsx | Updated heroicon import to the new outline version and streamlined code. |
Copilot reviewed 88 out of 88 changed files in this pull request and generated no comments.
ManAnRuck
force-pushed
the
chore/eslint-9
branch
from
3a741ac to
3e4906c
Compare
Signed-off-by: Manuel Ruck <git@manuelruck.de>
ManAnRuck
force-pushed
the
chore/eslint-9
branch
from
3e4906c to
9a8b0fb
Compare
Signed-off-by: Manuel Ruck <git@manuelruck.de>
ManAnRuck
force-pushed
the
chore/eslint-9
branch
from
298f0d2 to
15b48d6
Compare
Signed-off-by: Manuel Ruck <git@manuelruck.de>
| throw new Error(response.statusText); | ||
| try { | ||
| const url = `${this.findListURL}&offset=${this.offset}`; | ||
| console.log('🏃 retrieveMore->get', url); |
There was a problem hiding this comment.
🚫 [Bearer] <javascript_lang_logger_leak> reported by reviewdog 🐶
Leakage of information in logger message
Description
Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.
Remediations
- Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
logger.info(`Results: ${data}`) // unsafe
- Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
| const match = item.href.match(/abstimmung\?id=(\d+)$/); | ||
| if (match && match[1]) { | ||
| const pollId = match[1]; | ||
| console.log('🏃 Found poll ID:', pollId); |
There was a problem hiding this comment.
🚫 [Bearer] <javascript_lang_logger_leak> reported by reviewdog 🐶
Leakage of information in logger message
Description
Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.
Remediations
- Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
logger.info(`Results: ${data}`) // unsafe
- Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
| console.log('🏃 Found poll ID:', pollId); | ||
| this.pollUrls.push(`${this.nameListURL}${pollId}`); | ||
| } else { | ||
| console.log('🏃 No match for href:', item.href); |
There was a problem hiding this comment.
🚫 [Bearer] <javascript_lang_logger_leak> reported by reviewdog 🐶
Leakage of information in logger message
Description
Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.
Remediations
- Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
logger.info(`Results: ${data}`) // unsafe
- Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
| console.log('🏃 retrieveMore->check', { | ||
| offset: this.offset, | ||
| hits: data.meta.hits, | ||
| items: data.items.length, | ||
| limit, | ||
| isLast: data.meta.isLast, | ||
| pollUrlsCount: this.pollUrls.length, | ||
| }); |
There was a problem hiding this comment.
🚫 [Bearer] <javascript_lang_logger_leak> reported by reviewdog 🐶
Leakage of information in logger message
Description
Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.
Remediations
- Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
logger.info(`Results: ${data}`) // unsafe
- Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
| throw new Error(`HTTP ${response.status}: ${response.statusText}`); | ||
| } | ||
| } catch (error) { | ||
| console.error('Error fetching poll list:', error); |
There was a problem hiding this comment.
🚫 [Bearer] <javascript_lang_logger_leak> reported by reviewdog 🐶
Leakage of information in logger message
Description
Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.
Remediations
- Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
logger.info(`Results: ${data}`) // unsafe
- Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
Signed-off-by: Manuel Ruck <git@manuelruck.de>
ManAnRuck
force-pushed
the
chore/eslint-9
branch
from
524f3ab to
d668036
Compare
| @@ -72,9 +72,11 @@ export const processDeputyList = async (period: Period) => { | |||
| let offset = 0; | |||
| let hasMore = true; | |||
| while (hasMore) { | |||
| console.log('getDeputyListUrl', getDeputyListUrl({ period, offset })); | |||
There was a problem hiding this comment.
🚫 [Bearer] <javascript_lang_logger_leak> reported by reviewdog 🐶
Leakage of information in logger message
Description
Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.
Remediations
- Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
logger.info(`Results: ${data}`) // unsafe
- Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
| const url = getDeputyListUrl({ period, offset }); | ||
| const deputyList = await fetchDeputyList(url); | ||
| for (const deputyListItem of deputyList.deputies) { | ||
| console.log('deputyListItem', deputyListItem); |
There was a problem hiding this comment.
🚫 [Bearer] <javascript_lang_logger_leak> reported by reviewdog 🐶
Leakage of information in logger message
Description
Information leakage through logger messages can compromise sensitive data. This vulnerability arises when dynamic data or variables, which may contain sensitive information, are included in log messages.
Remediations
- Do not include sensitive data directly in logger messages. This can lead to the exposure of such data in log files, which might be accessible to unauthorized individuals.
logger.info(`Results: ${data}`) // unsafe
- Do use logging levels appropriately to control the verbosity of log output and minimize the risk of leaking sensitive information in production environments.
No description provided.