Draft
Conversation
Expose JSON worker
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 3.2.7 to 3.2.8. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v3.2.8/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v3.2.8/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…icrosoft#4349) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 2.9.16 to 2.9.17. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v2.9.17/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v2.9.17/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ly pipeline to publish skipped builds
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.1 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.1...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.1 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.1...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.15.2 to 1.15.6. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…arn/follow-redirects-1.15.6 Bump follow-redirects from 1.15.2 to 1.15.6
* chore: try using Windows to build and package * chore: remove Linux step * skip APIScan for core * fix key * revert testPlatforms * Skip APIScan for the editor as well * chore: fix nightly
…arn/website/follow-redirects-1.15.6 Bump follow-redirects from 1.15.1 to 1.15.6 in /website
…arn/samples/follow-redirects-1.15.6 Bump follow-redirects from 1.15.1 to 1.15.6 in /samples
… highlighting (microsoft#5206) * Initial plan * Fix WCAG 2 AA color contrast issues for navbar and HTML syntax highlighting Co-authored-by: hawkticehurst <39639992+hawkticehurst@users.noreply.github.com> * Fix code review issues: use WeakSet for theme tracking and update home page theme selector Co-authored-by: hawkticehurst <39639992+hawkticehurst@users.noreply.github.com> * Rename ACCESSIBLE_THEME_NAME to VS_LIGHT_ADJUSTED Co-authored-by: hawkticehurst <39639992+hawkticehurst@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: hawkticehurst <39639992+hawkticehurst@users.noreply.github.com>
ensure when find widget is hidden, it's not tabbable
…osoft#5259) Removes [serialize-javascript](https://github.com/yahoo/serialize-javascript). It's no longer used after updating ancestor dependency [terser-webpack-plugin](https://github.com/webpack/terser-webpack-plugin). These dependencies need to be updated together. Removes `serialize-javascript` Updates `terser-webpack-plugin` from 5.3.14 to 5.4.0 - [Release notes](https://github.com/webpack/terser-webpack-plugin/releases) - [Changelog](https://github.com/webpack/terser-webpack-plugin/blob/main/CHANGELOG.md) - [Commits](webpack/terser-webpack-plugin@v5.3.14...v5.4.0) --- updated-dependencies: - dependency-name: serialize-javascript dependency-version: dependency-type: indirect - dependency-name: terser-webpack-plugin dependency-version: 5.4.0 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps and [minimatch](https://github.com/isaacs/minimatch). These dependencies needed to be updated together. Updates `minimatch` from 9.0.5 to 9.0.9 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) Updates `minimatch` from 3.1.2 to 3.1.5 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) Updates `minimatch` from 8.0.4 to 8.0.7 - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v9.0.5...v9.0.9) --- updated-dependencies: - dependency-name: minimatch dependency-version: 9.0.9 dependency-type: indirect - dependency-name: minimatch dependency-version: 3.1.5 dependency-type: indirect - dependency-name: minimatch dependency-version: 8.0.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) from 6.0.0 to 6.0.2. - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) --- updated-dependencies: - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update packages names and versions * Add pipeline file with updated vm image and node version * Update ecmascript target when building to avoid webpack issues (#4)
* add diagnostic codes to ignore * bump version * Add ignore codes to other languages and fix issue * fix issue * bump version * PR suggestions and remove css changes related * Change version * change version * Set correct version * Use includes * Update version for test run * Revert usage of includes and test version Co-authored-by: João Mano <joao.mano@outsystems.com>
Wiz Scan Summary
|
| Scanner | Findings |
|---|---|
 |
6  |
 |
- |
 |
- |
 |
1    |
 |
48 |
 |
- |
| Total | 1 |
To detect these findings earlier in the dev lifecycle, try using Wiz Code VS Code Extension.
Pull Request Developer Guidance
Questions? See the Wiz FAQ.
Please contact the Security Office if you encounter issues with Wiz pull request scanning.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+39
to
+42
| '<ul><li>' + // CodeQL [SM03712] This code is not deployed and serves as local test code. No risk of malicious input. | ||
| renderLoadingOptions(true) + // CodeQL [SM03712] This code is not deployed and serves as local test code. No risk of malicious input. | ||
| (isRelease ? '' : `</li><li>${renderLoadingOptions(false)}`) + // CodeQL [SM03712] This code is not deployed and serves as local test code. No risk of malicious input. | ||
| '</li></ul>'; // CodeQL [SM03712] This code is not deployed and serves as local test code. No risk of malicious input. |
| script.onload = () => res(); | ||
| script.async = true; | ||
| script.type = "text/javascript"; | ||
| script.src = path; // CodeQL [SM01507] This is safe because the runner (that allows for dynamic paths) runs in an isolated iframe. The hosting website uses a static path configuration. // CodeQL [SM03712] This is safe because the runner (that allows for dynamic paths) runs in an isolated iframe. The hosting website uses a static path configuration. |
| const style = document.getElementById( | ||
| "custom-style" | ||
| ) as HTMLStyleElement; | ||
| style.innerHTML = e.css; // CodeQL [SM03712] This is safe because the runner runs in an isolated iframe. |
|
|
||
| const style = document.createElement("style"); | ||
| style.id = "custom-style"; | ||
| style.innerHTML = state.css; // CodeQL [SM03712] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground. // CodeQL [SM02688] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground. |
| style.innerHTML = state.css; // CodeQL [SM03712] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground. // CodeQL [SM02688] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground. | ||
| document.body.appendChild(style); | ||
|
|
||
| document.body.innerHTML += state.html; |
| const js = massageJs(state.js); | ||
|
|
||
| try { | ||
| eval(js); // CodeQL [SM01632] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground. // CodeQL [SM02688] This is safe because the runner runs in an isolated iframe. This feature is essential to the functionality of the playground. |
| script.onload = () => res(); | ||
| script.async = true; | ||
| script.type = "text/javascript"; | ||
| script.src = path; // CodeQL [SM01507] This is safe because the runner (that allows for dynamic paths) runs in an isolated iframe. The hosting website uses a static path configuration. // CodeQL [SM03712] This is safe because the runner (that allows for dynamic paths) runs in an isolated iframe. The hosting website uses a static path configuration. |
| continue; | ||
| } | ||
| if (typeof tgtValue !== 'object' || tgtValue === null) { | ||
| target[key] = srcValue; |
| } | ||
| const tgtValue = target[key]; | ||
| if (tgtValue === undefined) { | ||
| target[key] = srcValue; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is mostly to aid me in finding this branch/commits