root
/
playwright
mirror of https://github.com/microsoft/playwright.git
1
0
Fork 0
Code Issues Actions 17 Packages Projects Releases Wiki Activity

chore: manually add exception for esbuild vulnerability (#34875)

This commit is contained in:
Adam Gastineau 2025-02-20 14:47:44 -08:00 committed by GitHub
parent 33c0a1b0ca
commit c64f0ffa1d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 56 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/infra.yml vendored
View File

@ -35,7 +35,7 @@ jobs:
exit 1 exit 1
fi fi
- name: Audit prod NPM dependencies - name: Audit prod NPM dependencies
run: npm audit --omit dev run: node utils/check_audit.js
lint-snippets: lint-snippets:
name: "Lint snippets" name: "Lint snippets"
runs-on: ubuntu-latest runs-on: ubuntu-latest

2
packages/trace-viewer/src/ui/consoleTab.tsx
View File

@ -72,7 +72,7 @@ export function useConsoleTabModel(model: modelUtil.MultiTraceModel | undefined,
const aTimestamp = 'time' in a ? a.time : a.timestamp; const aTimestamp = 'time' in a ? a.time : a.timestamp;
const bTimestamp = 'time' in b ? b.time : b.timestamp; const bTimestamp = 'time' in b ? b.time : b.timestamp;
return aTimestamp - bTimestamp; return aTimestamp - bTimestamp;
}) });
for (const event of logEvents) { for (const event of logEvents) {
if (event.type === 'console') { if (event.type === 'console') {
const body = event.args && event.args.length ? format(event.args) : formatAnsi(event.text); const body = event.args && event.args.length ? format(event.args) : formatAnsi(event.text);

54
utils/check_audit.js Normal file
View File

@ -0,0 +1,54 @@
const { exec } = require('child_process');
const URL_LIST = [
// Not encountered by Vite, thus we cannot hit it
'https://github.com/advisories/GHSA-67mh-4wv8-2f99'
];
const runNpmAudit = () => new Promise((resolve, reject) => {
exec('npm audit --omit dev --json', (error, stdout, stderr) => {
if (error && stderr) {
// npm audit returns a non-zero exit code if there are vulnerabilities
reject(`Audit error: ${error}\n${stdout}\n${stderr}`);
return;
}
resolve(stdout);
});
});
// interface Audit {
// [name: string]: AuditEntry;
// }
// interface AuditEntry {
// severity: string;
// range: string;
// via: Array<{
// url: string;
// } | string>;
// }
const checkAudit = async () => {
const audit = JSON.parse(await runNpmAudit());
const validVulnerabilities = Object.entries(audit.vulnerabilities).filter(([_name, entry]) => {
const originalVulnerabilities = entry.via.filter(viaEntry => typeof viaEntry === 'object' && !URL_LIST.includes(viaEntry.url));
return originalVulnerabilities.length > 0;
});
for (const [name, entry] of validVulnerabilities) {
console.error(`Vulnerability (${entry.severity}): ${name} ${entry.range}`);
}
if (validVulnerabilities.length > 0) {
process.exit(1);
}
console.log('No vulnerabilities found');
};
// You can manually run `npm audit --omit dev` to see the vulnerabilities in a human-friendly
checkAudit().catch(error => {
console.error(error);
process.exit(1);
});