V12 #2102
Open
V12 #2102
+44,323
−32,992
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
HerrTopi
force-pushed
the
v12
branch
2 times, most recently
from
1f5fd86 to
ca9bbbf
Compare
|
|
HerrTopi
force-pushed
the
v12
branch
2 times, most recently
from
05fa616 to
36c320d
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| function bootstrap() { | ||
| execSync(path.resolve('scripts/clean.js'), opts) |
Check warning
Code scanning / CodeQL
Shell command built from environment values Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 2 months ago
To fix this vulnerability and avoid misinterpretation of a file path passed to the shell, the project should explicitly invoke the script using the Node.js interpreter and pass the path as an argument, rather than passing the resolved path directly as the shell command to execSync. The best practice is to use execFileSync("node", [path.resolve("scripts/clean.js")], opts) instead. This approach ensures that the file path is not interpreted by the shell, and special characters, spaces, or shell metacharacters in the path cannot alter command execution. The edit should be made only on line 68 in scripts/bootstrap.js, replacing the usage of execSync for executing the clean script.
Suggested changeset
1
scripts/bootstrap.js
| @@ -65,7 +65,11 @@ | ||
| } | ||
|
|
||
| function bootstrap() { | ||
| execSync(path.resolve('scripts/clean.js'), opts) | ||
| require('child_process').execFileSync( | ||
| 'node', | ||
| [path.resolve('scripts/clean.js')], | ||
| opts | ||
| ); | ||
| buildProject() | ||
| } | ||
|
|
Copilot is powered by AI and may make mistakes. Always verify output.
Migrates Text component from legacy theme.ts to new token-based theming system: - Remove theme.ts file and use direct token references in styles - Update color mappings to use new semantic tokens (baseColor, mutedColor, etc.) - Add fontFamily to variant definitions from typography tokens - Update theme variable references throughout styles.ts BREAKING CHANGE: Removed 'alert' color prop value. Use 'primary' color instead. Also improves documentation: - Clarify variant usage and recommendations in README - Add deprecation notes for size, weight, and lineHeight legacy values - Update color examples to include inverse colors and remove alert - Add JSDoc comments for deprecated prop values - Improve code examples with clearer formatting To test: Compare with Figma design 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
…g build error, fix docs key warning
INSTUI-4838
- Converted `NumberInput` from class-based to functional component - It uses the theme from TextInput, they are the same in Figma - The styling of the upper label/messages are not done, they are coming in `FormFieldLayout` Tokens are also not fully used (they are used only in `TextInput`): - `fontSizeSm`, `heightSm`, `paddingHorizontalSm`: This component has no small size - `gapContent`: This is a gap between the text and elements rendered after it, `NumberInput` does not have such To test: - Check the examples in the docs, they should function exactly as before - Compare its CSS to the ones in Figma Completes INSTUI-4814
INSTUI-4801
…gs when a focusable element is rendered inside It was using a :focus-within selector, but this was not a good solution when the TextInput contained a focusable element. The new solution only displays the component's focus ring if an input is focused, preventing double focus
INSTUI-4816
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.