[dev-dependency](deps-dev): Bump tar from 7.5.7 to 7.5.10 in /electron-app#189
Closed
dependabot[bot] wants to merge 1 commit intomainfrom
Closed
[dev-dependency](deps-dev): Bump tar from 7.5.7 to 7.5.10 in /electron-app#189dependabot[bot] wants to merge 1 commit intomainfrom
dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.7 to 7.5.10. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](isaacs/node-tar@v7.5.7...v7.5.10) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.10 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependabot
Owner
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
Contributor
Summary of Pull RequestThis pull request proposes updating the Key Changes:
|
❌ 8 Tests Failed:
View the full list of 8 ❄️ flaky test(s)
To view more test analytics, go to the Test Analytics Dashboard |
Contributor
✅
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 42 | 0 | 0 | 1.06s | |
| bash-exec | 1 | 1 | 0 | 0.01s | ||
| ✅ BASH | shellcheck | 1 | 0 | 0 | 0.04s | |
| shfmt | 1 | 1 | 0 | 0.01s | ||
| ✅ COPYPASTE | jscpd | yes | no | no | 52.52s | |
| stylelint | 9 | 306 | 0 | 17.36s | ||
| djlint | 2 | 2 | 0 | 1.79s | ||
| ✅ HTML | htmlhint | 2 | 0 | 0 | 0.62s | |
| prettier | 348 | 348 | 0 | 115.89s | ||
| jsonlint | 28 | 2 | 0 | 5.24s | ||
| npm-package-json-lint | yes | 1 | no | 0.59s | ||
| prettier | 28 | 23 | 0 | 10.27s | ||
| v8r | 28 | 1 | 0 | 60.08s | ||
| markdownlint | 37 | 8 | 0 | 21.96s | ||
| ✅ MARKDOWN | markdown-table-formatter | 29 | 0 | 0 | 6.85s | |
| powershell | 5 | 2 | 0 | 7.71s | ||
| ✅ POWERSHELL | powershell_formatter | 5 | 0 | 0 | 6.33s | |
| ✅ REPOSITORY | checkov | yes | no | no | 52.89s | |
| devskim | yes | no | 1 | 9.8s | ||
| ✅ REPOSITORY | dustilock | yes | no | no | 8.96s | |
| ✅ REPOSITORY | gitleaks | yes | no | no | 8.04s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.05s | |
| grype | yes | 8 | 50 | 86.76s | ||
| kics | yes | 1 | 1 | 7.11s | ||
| ✅ REPOSITORY | kingfisher | yes | no | no | 8.72s | |
| secretlint | yes | 3 | no | 21.26s | ||
| ✅ REPOSITORY | syft | yes | no | no | 25.4s | |
| trivy | yes | 21 | 16 | 17.05s | ||
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 6.52s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 14.99s | |
| cspell | 824 | 2975 | 0 | 1540.25s | ||
| lychee | 122 | 7 | 0 | 143.77s | ||
| ts-standard | 311 | 311 | 0 | 125.45s | ||
| ✅ XML | xmllint | 1 | 0 | 0 | 1.45s | |
| prettier | 54 | 52 | 104 | 21.7s | ||
| ✅ YAML | v8r | 54 | 0 | 0 | 127.55s | |
| yamllint | 54 | 177 | 0 | 12.89s |
Detailed Issues
⚠️ BASH / bash-exec - 1 error
Results of bash-exec linter (version 5.3.3)
See documentation on https://megalinter.io/9.3.0/descriptors/bash_bash_exec/
-----------------------------------------------
❌ [ERROR] .github/hooks/scripts/log-prompt.sh
Error: File:[.github/hooks/scripts/log-prompt.sh] is not executable
⚠️ SPELL / cspell - 2975 errors
Results of cspell linter (version 9.4.0)
See documentation on https://megalinter.io/9.3.0/descriptors/spell_cspell/
-----------------------------------------------
✅ [SUCCESS] .checkov.yml
✅ [SUCCESS] .devskim.json
✅ [SUCCESS] .djlintrc
✅ [SUCCESS] .git/FETCH_HEAD
✅ [SUCCESS] .git/HEAD
❌ [ERROR] .git/config
.git/config:11:13 - Unknown word (gitdir) -- [includeIf "gitdir:/home/runner/work/FitFileView
Suggestions: [gitdm, gilder, girder, gitter, giddier]
.git/config:13:13 - Unknown word (gitdir) -- [includeIf "gitdir:/home/runner/work/FitFileView
Suggestions: [gitdm, gilder, girder, gitter, giddier]
.git/config:13:71 - Unknown word (worktrees) -- FileViewer/FitFileViewer/.git/worktrees/*"]
Suggestions: [workers, worker's, workarea, workArea, worries]
.git/config:15:13 - Unknown word (gitdir) -- [includeIf "gitdir:.git
Suggestions: [gitdm, gilder, girder, gitter, giddier]
.git/config:17:13 - Unknown word (gitdir) -- [includeIf "gitdir:.git
Suggestions: [gitdm, gilder, girder, gitter, giddier]
.git/config:17:43 - Unknown word (worktrees) -- .git/worktrees/*"]
Suggestions: [workers, worker's, workarea, workArea, worries]
CSpell: Files checked: 1, Issues found: 6 in 1 file.
✅ [SUCCESS] .git/description
✅ [SUCCESS] .git/index
✅ [SUCCESS] .git/info/exclude
✅ [SUCCESS] .git/logs/HEAD
✅ [SUCCESS] .git/logs/refs/remotes/pull/189/merge
✅ [SUCCESS] .git/refs/remotes/pull/189/merge
✅ [SUCCESS] .git/shallow
❌ [ERROR] .github/.spellcheck.yml
.github/.spellcheck.yml:6:11 - Unknown word (wordlists) -- wordlists:
Suggestions: [wordless, wordiest, worldliest, worsts, wrists]
.github/.spellcheck.yml:7:18 - Unknown word (wordlist) -- - .wordlist.txt
Suggestions: [wordiest, wordless, worldliest, worlds, wordily]
.github/.spellcheck.yml:10:17 - Unkn
(Truncated to 1904 characters out of 582034)
⚠️ REPOSITORY / devskim - 1 warning
[02:16:20 ERR] Failed to parse Data at the root level is invalid. Line 1, position 1. as a XML document: null
electron-app/tests/strictTests/files/export/gpxExport.test.ts:49:27:49:48 [Moderate] DS137138 Insecure URL
.devskim.json:41:46:41:55 [ManualReview] DS162092 Do not leave debug code in production
.devskim.json:47:66:47:75 [ManualReview] DS162092 Do not leave debug code in production
.devskim.json:53:61:53:70 [ManualReview] DS162092 Do not leave debug code in production
.devskim.json:59:61:59:70 [ManualReview] DS162092 Do not leave debug code in production
[02:16:20 ERR] Failed to parse Data at the root level is invalid. Line 1, position 1. as a XML document: null
[02:16:20 ERR] Failed to parse Data at the root level is invalid. Line 1, position 1. as a XML document: null
[02:16:20 ERR] Failed to parse Data at the root level is invalid. Line 1, position 1. as a XML document: null
electron-app/utils/state/integration/stateIntegration.js:243:67:249:52 [ManualReview] DS172411 Review setTimeout for untrusted data
electron-app/utils/state/integration/stateIntegration.js:346:26:346:35 [ManualReview] DS162092 Do not leave debug code in production
electron-app/utils/state/integration/stateIntegration.js:347:26:347:35 [ManualReview] DS162092 Do not leave debug code in production
electron-app/utils/state/integration/rendererStateIntegration.js:54:4:54:34 [ManualReview] DS172411 Review setTimeout for untrusted data
electron-app/utils.js:545:0:546:49 [ManualReview] DS172411 Review setTimeout for untrusted data
electron-app/main-ui.js:285:12:295:65 [ManualReview] DS172411 Review setTimeout for untrusted data
electron-app/utils/state/integration/mainProcessStateManager.js:204:8:205:45 [ManualReview] DS172411 Review setTimeout for untrusted data
electron-app/tests/unit/main.final-coverage.test.ts:225:20:227:68 [ManualReview] DS172411 Review setTimeout for untrusted data
electron-a
(Truncated to 1904 characters out of 32627)
⚠️ HTML / djlint - 2 errors
Results of djlint linter (version 1.36.4)
See documentation on https://megalinter.io/9.3.0/descriptors/html_djlint/
-----------------------------------------------
❌ [ERROR] electron-app/ffv/index.html
Linting 0/1 files ┈┈┈┈┈┈┈┈┈┈ 00:00
Linting 1/1 files ━━━━━━━━━━ 00:00
Linting 1/1 files ━━━━━━━━━━ 00:00
electron-app/ffv/index.html
───────────────────────────────────────────────────────────────────────────────
H031 2:0 Consider adding meta keywords. <html lang="en">
H037 7:41 Duplicate attribute found. initial-scale
Linted 1 file, found 2 errors.
✅ [SUCCESS] electron-app/index.html
⚠️ REPOSITORY / grype - 8 errors
error: A high vulnerability in npm package: rollup, version 4.56.0 was found at: /electron-app/package-lock.json
error: A high vulnerability in npm package: minimatch, version 3.1.2 was found at: /docusaurus/package-lock.json
error: A high vulnerability in npm package: minimatch, version 9.0.5 was found at: /docusaurus/package-lock.json
error: A high vulnerability in npm package: minimatch, version 3.1.2 was found at: /docusaurus/package-lock.json
error: A high vulnerability in npm package: minimatch, version 9.0.5 was found at: /docusaurus/package-lock.json
error: A high vulnerability in npm package: minimatch, version 3.1.2 was found at: /docusaurus/package-lock.json
error: A high vulnerability in npm package: minimatch, version 9.0.5 was found at: /docusaurus/package-lock.json
warning: A medium vulnerability in npm package: ajv, version 6.12.6 was found at: /docusaurus/package-lock.json
warning: A medium vulnerability in npm package: ajv, version 8.17.1 was found at: /electron-app/package-lock.json
warning: A medium vulnerability in npm package: ajv, version 8.17.1 was found at: /docusaurus/package-lock.json
warning: A medium vulnerability in npm package: lodash, version 4.17.21 was found at: /electron-app/package-lock.json
warning: A medium vulnerability in npm package: lodash, version 4.17.21 was found at: /docusaurus/package-lock.json
warning: A medium vulnerability in npm package: lodash-es, version 4.17.21 was found at: /docusaurus/package-lock.json
note: A low vulnerability in npm package: qs, version 6.14.1 was found at: /docusaurus/package-lock.json
warning: A medium vulnerability in npm package: markdown-it, version 14.1.0 was found at: /docusaurus/package-lock.json
warning: A medium vulnerability in github-action package: step-security/harden-runner, version v2.14.1 was found at: /.github/workflows/npm-audit.yml
warning: A medium vulnerability
(Truncated to 1904 characters out of 8251)
⚠️ JSON / jsonlint - 2 errors
Results of jsonlint linter (version 16.0.0)
See documentation on https://megalinter.io/9.3.0/descriptors/json_jsonlint/
-----------------------------------------------
✅ [SUCCESS] .devskim.json
✅ [SUCCESS] .github/hooks/hooks.json
✅ [SUCCESS] .jscpd.json
✅ [SUCCESS] .markdown-link-check.json
✅ [SUCCESS] .markdownlint.json
✅ [SUCCESS] .ncurc.json
✅ [SUCCESS] .prettierrc.json
✅ [SUCCESS] .vscode/extensions.json
✅ [SUCCESS] .vscode/launch.json
✅ [SUCCESS] .vscode/settings.json
✅ [SUCCESS] .vscode/tasks.json
✅ [SUCCESS] cspell.json
✅ [SUCCESS] docusaurus/package-lock.json
✅ [SUCCESS] docusaurus/package.json
✅ [SUCCESS] docusaurus/tsconfig.json
✅ [SUCCESS] docusaurus/typedoc.json
✅ [SUCCESS] docusaurus/typedoc.local.json
✅ [SUCCESS] electron-app/.markdown-link-check.json
✅ [SUCCESS] electron-app/.markdownlint.json
✅ [SUCCESS] electron-app/.npmpackagejsonlintrc.json
✅ [SUCCESS] electron-app/.vscode/tasks.json
✅ [SUCCESS] electron-app/ffv/manifest.json
✅ [SUCCESS] electron-app/package-lock.json
✅ [SUCCESS] electron-app/package.json
❌ [ERROR] electron-app/tsconfig.json
File: electron-app/tsconfig.json
Parse error on line 57, column 9:
...ck": false, // We use extensive ...
----------------------^
Unexpected token "/"
❌ [ERROR] electron-app/tsconfig.vitest.json
File: electron-app/tsconfig.vitest.json
Parse error on line 4, column 9:
...Options": { // Vitest's typechec...
----------------------^
Unexpected token "/"
✅ [SUCCESS] mermaid.config.json
✅ [SUCCESS] package.json
⚠️ REPOSITORY / kics - 1 error
warning: Action is not pinned to a full length commit SHA.
┌─ .github/workflows/vitest.yml:92:1
│
92 │ uses: codecov/test-results-action@v1
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
│
= Unpinned Actions Full Length Commit SHA
= Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload. When selecting a SHA, you should verify it is from the action's repository and not a repository fork.
warning: 1 warnings emitted
⚠️ SPELL / lychee - 7 errors
Results of lychee linter (version 0.18.0)
See documentation on https://megalinter.io/9.3.0/descriptors/spell_lychee/
-----------------------------------------------
✅ [SUCCESS] .checkov.yml
✅ [SUCCESS] .devskim.json
✅ [SUCCESS] .github/.spellcheck.yml
✅ [SUCCESS] .github/CHANGELOG.md
✅ [SUCCESS] .github/ISSUE_TEMPLATE/bug_report.md
✅ [SUCCESS] .github/ISSUE_TEMPLATE/custom-issue.md
✅ [SUCCESS] .github/ISSUE_TEMPLATE/feature_request.md
✅ [SUCCESS] .github/PROMPTS/Consistency-Check.prompt.md
✅ [SUCCESS] .github/PROMPTS/Continue.prompt.md
✅ [SUCCESS] .github/PROMPTS/Do-ToDo.prompt.md
✅ [SUCCESS] .github/PROMPTS/Fix-Eslint-Errors.prompt.md
✅ [SUCCESS] .github/PROMPTS/Generate-100%-Test-Coverage.prompt.md
✅ [SUCCESS] .github/PROMPTS/Review.prompt.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/README.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/bugfix.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/documentation.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/feature.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/maintenance.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/pull_request_template.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/quick-fix.md
✅ [SUCCESS] .github/agents/BeastMode.agent.md
✅ [SUCCESS] .github/copilot-commit-message-instructions.md
✅ [SUCCESS] .github/copilot-instructions.md
✅ [SUCCESS] .github/dependabot.yml
✅ [SUCCESS] .github/hooks/hooks.json
✅ [SUCCESS] .github/workflows/ActionLint.yml
✅ [SUCCESS] .github/workflows/Build.yml
✅ [SUCCESS] .github/workflows/VirusTotal.yml
✅ [SUCCESS] .github/workflows/build-win7.yml
✅ [SUCCESS] .github/workflows/cleanReleases.yml
✅ [SUCCESS] .github/workflows/codeql.yml
✅ [SUCCESS] .github/workflows/dependency-review.yml
✅ [SUCCESS] .github/workflows/devskim.yml
✅ [SUCCESS] .github/workflows/docusaurus.yml
✅ [SUCCESS] .github/workflows/electronegativity.yml
✅ [SUCCESS] .github/workflows/eslint.yml
✅ [SUCCESS] .github/workflows/flatpa
(Truncated to 1904 characters out of 296782)
⚠️ MARKDOWN / markdownlint - 8 errors
Results of markdownlint linter (version 0.47.0)
See documentation on https://megalinter.io/9.3.0/descriptors/markdown_markdownlint/
-----------------------------------------------
✅ [SUCCESS] .github/CHANGELOG.md
✅ [SUCCESS] .github/ISSUE_TEMPLATE/bug_report.md
✅ [SUCCESS] .github/ISSUE_TEMPLATE/custom-issue.md
✅ [SUCCESS] .github/ISSUE_TEMPLATE/feature_request.md
✅ [SUCCESS] .github/PROMPTS/Consistency-Check.prompt.md
✅ [SUCCESS] .github/PROMPTS/Continue.prompt.md
❌ [ERROR] .github/PROMPTS/Do-ToDo.prompt.md
.github/PROMPTS/Do-ToDo.prompt.md:21:124 error MD026/no-trailing-punctuation Trailing punctuation in heading [Punctuation: '.']
✅ [SUCCESS] .github/PROMPTS/Fix-Eslint-Errors.prompt.md
❌ [ERROR] .github/PROMPTS/Generate-100%-Test-Coverage.prompt.md
.github/PROMPTS/Generate-100%-Test-Coverage.prompt.md:53:1 error MD029/ol-prefix Ordered list item prefix [Expected: 1; Actual: 6; Style: 1/2/3]
.github/PROMPTS/Generate-100%-Test-Coverage.prompt.md:54:1 error MD029/ol-prefix Ordered list item prefix [Expected: 2; Actual: 7; Style: 1/2/3]
.github/PROMPTS/Generate-100%-Test-Coverage.prompt.md:100:32 error MD026/no-trailing-punctuation Trailing punctuation in heading [Punctuation: ':']
✅ [SUCCESS] .github/PROMPTS/Review.prompt.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/README.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/bugfix.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/documentation.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/feature.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/maintenance.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/pull_request_template.md
✅ [SUCCESS] .github/PULL_REQUEST_TEMPLATE/quick-fix.md
✅ [SUCCESS] .github/agents/BeastMode.agent.md
✅ [SUCCESS] .github/copilot-commit-message-instructions.md
✅ [SUCCESS] .github/copilot-instructions.md
✅ [SUCCESS] CHANGELOG.md
✅ [SUCCESS] CODE_OF_CONDUCT.md
✅ [SUCCESS] CONTRIBUTING.md
✅ [SUCCESS]
(Truncated to 1904 characters out of 3183)
⚠️ JSON / npm-package-json-lint - 1 error
./package.json
✖ require-version - node: version - version is required
1 error
⚠️ POWERSHELL / powershell - 2 errors
Results of powershell linter (version 7.5.4)
See documentation on https://megalinter.io/9.3.0/descriptors/powershell_powershell/
-----------------------------------------------
✅ [SUCCESS] .github/CleanReleases.ps1
✅ [SUCCESS] .github/RepoSize.ps1
✅ [SUCCESS] .github/Update-ChangeLogs.ps1
❌ [ERROR] .github/hooks/scripts/log-prompt.ps1
Severity RuleName ScriptName Line Message
-------- -------- ---------- ---- -------
Warning PSUseBOMForUnicodeEncodedFile log-prompt.ps1 Missing BOM encoding for non-ASCII encoded file 'log-prompt.ps1'
Information PSAvoidUsingPositionalParameters log-prompt.ps1 17 Cmdlet 'Join-Path' has positional parameter. Please use named parameters instead of p
ositional parameters when calling a command.
✅ [SUCCESS] .github/hooks/scripts/remove-temp.ps1
⚠️ JAVASCRIPT / prettier - 348 errors
Results of prettier linter (version 3.7.4)
See documentation on https://megalinter.io/9.3.0/descriptors/javascript_prettier/
-----------------------------------------------
❌ [ERROR] electron-app/__mocks__/electron.js
Checking formatting...
[error] Cannot find package 'prettier-plugin-packagejson' imported from noop.js
❌ [ERROR] electron-app/ffv/assets/Results-H2VOSWW7.js
Checking formatting...
[error] Cannot find package 'prettier-plugin-packagejson' imported from noop.js
❌ [ERROR] electron-app/ffv/assets/Sprite-BZ4Kwmf3.js
Checking formatting...
[error] Cannot find package 'prettier-plugin-packagejson' imported from noop.js
❌ [ERROR] electron-app/ffv/assets/binaryString-DLpsQS3c.js
Checking formatting...
[error] Cannot find package 'prettier-plugin-packagejson' imported from noop.js
❌ [ERROR] electron-app/ffv/assets/findFields-C7eiFatx.js
Checking formatting...
[error] Cannot find package 'prettier-plugin-packagejson' imported from noop.js
❌ [ERROR] electron-app/ffv/assets/getMessagesForName-CXPND5Gu.js
Checking formatting...
[error] Cannot find package 'prettier-plugin-packagejson' imported from noop.js
❌ [ERROR] electron-app/ffv/assets/index-B6xcXKpx.js
Checking formatting...
[error] Cannot find package 'prettier-plugin-packagejson' imported from noop.js
❌ [ERROR] electron-app/ffv/assets/index-C1xoUegX.js
Checking formatting...
[error] Cannot find package 'prettier-plugin-packagejson' imported from noop.js
❌ [ERROR] electron-app/ffv/assets/index-CQWboq_8.js
Checking formatting...
[error] Cannot find package 'prettier-plugin-packagejson' imported from noop.js
❌ [ERROR] electron-app/ffv/assets/index-D4CCfpM1.js
Checking formatting...
[error] Cannot find package 'prettier-plugin-packagejson' imported from noop.js
❌ [ERROR] electron-app/ffv/assets/index-LvWRIhnC.js
Checking form
(Truncated to 1904 characters out of 60113)
⚠️ JSON / prettier - 23 errors
Results of prettier linter (version 3.7.4)
See documentation on https://megalinter.io/9.3.0/descriptors/json_prettier/
-----------------------------------------------
❌ [ERROR] .devskim.json
Checking formatting...
[warn] .devskim.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .github/hooks/hooks.json
Checking formatting...
[warn] .github/hooks/hooks.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .jscpd.json
Checking formatting...
[warn] .jscpd.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .markdown-link-check.json
Checking formatting...
[warn] .markdown-link-check.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .markdownlint.json
Checking formatting...
[warn] .markdownlint.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .ncurc.json
Checking formatting...
[warn] .ncurc.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .prettierrc.json
Checking formatting...
[warn] .prettierrc.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .vscode/extensions.json
Checking formatting...
[warn] .vscode/extensions.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .vscode/launch.json
Checking formatting...
[warn] .vscode/launch.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .vscode/settings.json
Checking formatting...
[warn] .vscode/settings.json
[warn] Code style issues found in the above file. Run Prettier with -
(Truncated to 1904 characters out of 4614)
⚠️ YAML / prettier - 52 errors
Results of prettier linter (version 3.7.4)
See documentation on https://megalinter.io/9.3.0/descriptors/yaml_prettier/
-----------------------------------------------
❌ [ERROR] .checkov.yml
Checking formatting...
[warn] .checkov.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .github/.spellcheck.yml
Checking formatting...
[warn] .github/.spellcheck.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .github/dependabot.yml
Checking formatting...
[warn] .github/dependabot.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .github/workflows/ActionLint.yml
Checking formatting...
[warn] .github/workflows/ActionLint.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .github/workflows/Build.yml
Checking formatting...
[warn] .github/workflows/Build.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .github/workflows/VirusTotal.yml
Checking formatting...
[warn] .github/workflows/VirusTotal.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .github/workflows/build-win7.yml
Checking formatting...
[warn] .github/workflows/build-win7.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .github/workflows/cleanReleases.yml
Checking formatting...
[warn] .github/workflows/cleanReleases.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
❌ [ERROR] .github/workflows/codeql.yml
Checking formatting...
[warn] .github/workflows/codeql.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
(Truncated to 1904 characters out of 10613)
⚠️ REPOSITORY / secretlint - 3 errors
error: found basic auth credential: *****************************
┌─ electron-app/tests/unit/main/ipc/registerExternalHandlers.test.js:201:47
│
201 │ shellOpenExternalHandler({}, "https://user:pass@example.com")
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
│
= secretlint rule(@secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-basicauth) error
error: found basic auth credential: *****************************
┌─ electron-app/tests/unit/main/security/externalUrlPolicy.test.ts:25:34
│
25 │ validateExternalUrl("https://user:pass@example.com")
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
│
= secretlint rule(@secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-basicauth) error
error: found basic auth credential: *****************************
┌─ electron-app/tests/unit/main/updater/setupAutoUpdater.test.ts:78:23
│
78 │ feedURL: "https://user:pass@example.com/releases",
│ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
│
= secretlint rule(@secretlint/secretlint-rule-preset-recommend > @secretlint/secretlint-rule-basicauth) error
error: 3 errors emitted
⚠️ BASH / shfmt - 1 error
Results of shfmt linter (version 3.12.0)
See documentation on https://megalinter.io/9.3.0/descriptors/bash_shfmt/
-----------------------------------------------
❌ [ERROR] .github/hooks/scripts/log-prompt.sh
diff .github/hooks/scripts/log-prompt.sh.orig .github/hooks/scripts/log-prompt.sh
--- .github/hooks/scripts/log-prompt.sh.orig
+++ .github/hooks/scripts/log-prompt.sh
@@ -13,9 +13,9 @@
chmod 700 "$LOG_DIR"
jq -n \
- --arg ts "$TIMESTAMP_MS" \
- --arg cwd "$CWD" \
- '{event:"userPromptSubmitted", timestampMs:$ts, cwd:$cwd}' \
- >> "$LOG_DIR/audit.jsonl"
+ --arg ts "$TIMESTAMP_MS" \
+ --arg cwd "$CWD" \
+ '{event:"userPromptSubmitted", timestampMs:$ts, cwd:$cwd}' \
+ >>"$LOG_DIR/audit.jsonl"
exit 0
⚠️ CSS / stylelint - 306 errors
Results of stylelint linter (version 16.26.1)
See documentation on https://megalinter.io/9.3.0/descriptors/css_stylelint/
-----------------------------------------------
❌ [ERROR] docusaurus/src/components/GitHubStats/styles.module.css
(node:6834) [MODULE_TYPELESS_PACKAGE_JSON] Warning: Module type of file://stylelint.config.js is not specified and it doesn't parse as CommonJS.
Reparsing as ES module because module syntax was detected. This incurs a performance overhead.
To eliminate this warning, add "type": "module" to package.json.
(Use `node --trace-warnings ...` to show where the warning was created)
docusaurus/src/components/GitHubStats/styles.module.css
1:1 ✖ Expected class selector ".githubStats" to be kebab-case selector-class-pattern
8:1 ✖ Expected class selector ".statBadge" to be kebab-case selector-class-pattern
22:1 ✖ Expected class selector ".statBadge" to be kebab-case selector-class-pattern
✖ 3 problems (3 errors, 0 warnings)
❌ [ERROR] docusaurus/src/components/HomepageFeatures/styles.module.css
(node:6898) [MODULE_TYPELESS_PACKAGE_JSON] Warning: Module type of file://stylelint.config.js is not specified and it doesn't parse as CommonJS.
Reparsing as ES module because module syntax was detected. This incurs a performance overhead.
To eliminate this warning, add "type": "module" to package.json.
(Use `node --trace-warnings ...` to show where the warning was created)
docusaurus/src/components/HomepageFeatures/styles.module.css
6:1 ✖ Expected class selector ".featuresTitle" to be kebab-case selector-class-pattern
13:1 ✖ Expected class selector ".featureCard" to be kebab-case selector-class-pattern
23:1 ✖ Expected class selector ".featureCard" to be kebab-case selector-class-pattern
29:1 ✖ Expected class selector
(Truncated to 1904 characters out of 49836)
⚠️ REPOSITORY / trivy - 21 errors
warning: Package: ajv
Installed Version: 6.12.6
Vulnerability CVE-2025-69873
Severity: MEDIUM
Fixed Version: 8.18.0, 6.14.0
Link: [CVE-2025-69873](https://avd.aquasec.com/nvd/cve-2025-69873)
┌─ docusaurus/package-lock.json:7254:1
│
7254 │ ╭ "node_modules/ajv": {
7255 │ │ "version": "6.12.6",
7256 │ │ "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
7257 │ │ "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
· │
7268 │ │ }
7269 │ │ },
│ ╰^
│
= ajv: ReDoS via $data reference
= ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.
warning: Package: ajv
Installed Version: 8.17.1
Vulnerability CVE-2025-69873
Severity: MEDIUM
Fixed Version: 8.18.0, 6.14.0
Link: [CVE-2025-69873](https://avd.aquasec.com/nvd/cve-2025-69873)
┌─ docusaurus/package-lock.json:7287:1
│
7287 │ ╭ "node_modules/ajv-formats/node_modules/ajv": {
7288 │ │ "version": "8.17.1",
7289 │ │ "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
7290 │ │ "integrity": "sha512-B/gB
(Truncated to 1904 characters out of 47209)
⚠️ TYPESCRIPT / ts-standard - 311 errors
Results of ts-standard linter (version 12.0.2)
See documentation on https://megalinter.io/9.3.0/descriptors/typescript_ts_standard/
-----------------------------------------------
❌ [ERROR] docusaurus/docusaurus.config.ts
Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.
❌ [ERROR] docusaurus/sidebars.ts
Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.
❌ [ERROR] docusaurus/src/js/modernEnhancements.ts
Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.
❌ [ERROR] electron-app/fitsdk.d.ts
Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.
❌ [ERROR] electron-app/global.d.ts
Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.
❌ [ERROR] electron-app/types/ffv/assets/Results-H2VOSWW7.d.ts
Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.
❌ [ERROR] electron-app/types/ffv/assets/Sprite-BZ4Kwmf3.d.ts
Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.
❌ [ERROR] electron-app/types/ffv/assets/binaryString-DLpsQS3c.d.ts
Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.
❌ [ERROR] electron-app/types/ffv/assets/findFields-C7eiFatx.d.ts
Unable to locate the project file. A project file (tsconfig.json or tsconfig.eslint.json) is required in order to use ts-standard.
❌ [ERROR] electron-app/types/ffv/assets/getMessag
(Truncated to 1904 characters out of 63493)
⚠️ JSON / v8r - 1 error
Results of v8r linter (version 5.1.0)
See documentation on https://megalinter.io/9.3.0/descriptors/json_v8r/
-----------------------------------------------
✅ [SUCCESS] .devskim.json
✅ [SUCCESS] .github/hooks/hooks.json
✅ [SUCCESS] .jscpd.json
✅ [SUCCESS] .markdown-link-check.json
✅ [SUCCESS] .markdownlint.json
✅ [SUCCESS] .ncurc.json
✅ [SUCCESS] .prettierrc.json
✅ [SUCCESS] .vscode/extensions.json
✅ [SUCCESS] .vscode/launch.json
✅ [SUCCESS] .vscode/settings.json
❌ [ERROR] .vscode/tasks.json
ℹ No config file found
ℹ Pre-warming the cache
ℹ Processing .vscode/tasks.json
ℹ Found schema in https://www.schemastore.org/api/json/catalog.json ...
ℹ Validating .vscode/tasks.json against schema from https://www.schemastore.org/task.json ...
✖ .vscode/tasks.json is invalid
.vscode/tasks.json#/tasks/7/group must be object
.vscode/tasks.json#/tasks/7/group must be equal to one of the allowed values
.vscode/tasks.json#/tasks/7/group must match a schema in anyOf
✅ [SUCCESS] cspell.json
✅ [SUCCESS] docusaurus/package-lock.json
✅ [SUCCESS] docusaurus/package.json
✅ [SUCCESS] docusaurus/tsconfig.json
✅ [SUCCESS] docusaurus/typedoc.json
✅ [SUCCESS] docusaurus/typedoc.local.json
✅ [SUCCESS] electron-app/.markdown-link-check.json
✅ [SUCCESS] electron-app/.markdownlint.json
✅ [SUCCESS] electron-app/.npmpackagejsonlintrc.json
✅ [SUCCESS] electron-app/.vscode/tasks.json
✅ [SUCCESS] electron-app/ffv/manifest.json
✅ [SUCCESS] electron-app/package-lock.json
✅ [SUCCESS] electron-app/package.json
✅ [SUCCESS] electron-app/tsconfig.json
✅ [SUCCESS] electron-app/tsconfig.vitest.json
✅ [SUCCESS] mermaid.config.json
✅ [SUCCESS] package.json
⚠️ YAML / yamllint - 177 errors
Results of yamllint linter (version 1.37.1)
See documentation on https://megalinter.io/9.3.0/descriptors/yaml_yamllint/
-----------------------------------------------
✅ [SUCCESS] .checkov.yml
✅ [SUCCESS] .github/.spellcheck.yml
✅ [SUCCESS] .github/dependabot.yml
✅ [SUCCESS] .github/workflows/ActionLint.yml
❌ [ERROR] .github/workflows/Build.yml
.github/workflows/Build.yml
37:81 warning line too long (106 > 80 characters) (line-length)
48:81 warning line too long (98 > 80 characters) (line-length)
54:81 warning line too long (86 > 80 characters) (line-length)
61:81 warning line too long (88 > 80 characters) (line-length)
70:81 warning line too long (122 > 80 characters) (line-length)
97:81 warning line too long (101 > 80 characters) (line-length)
98:81 warning line too long (82 > 80 characters) (line-length)
108:81 warning line too long (86 > 80 characters) (line-length)
111:81 warning line too long (95 > 80 characters) (line-length)
114:81 warning line too long (98 > 80 characters) (line-length)
125:81 warning line too long (121 > 80 characters) (line-length)
130:81 warning line too long (106 > 80 characters) (line-length)
133:81 warning line too long (96 > 80 characters) (line-length)
139:25 warning wrong indentation: expected 20 but found 24 (indentation)
145:1 error trailing spaces (trailing-spaces)
148:81 warning line too long (93 > 80 characters) (line-length)
161:81 warning line too long (163 > 80 characters) (line-length)
185:81 warning line too long (98 > 80 characters) (line-length)
190:81 warning line too long (86 > 80 characters) (line-length)
197:81 warning line too long (88 > 80 characters) (line-length)
206:81 warning
(Truncated to 1904 characters out of 15907)
See detailed reports in MegaLinter artifacts
Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)
- Documentation: Custom Flavors
- Command:
npx mega-linter-runner@9.3.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,COPYPASTE_JSCPD,CSS_STYLELINT,HTML_DJLINT,HTML_HTMLHINT,JAVASCRIPT_PRETTIER,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,JSON_NPM_PACKAGE_JSON_LINT,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,POWERSHELL_POWERSHELL,POWERSHELL_POWERSHELL_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_DEVSKIM,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,REPOSITORY_KINGFISHER,SPELL_CSPELL,SPELL_LYCHEE,TYPESCRIPT_STANDARD,XML_XMLLINT,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/electron-app/tar-7.5.10
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps tar from 7.5.7 to 7.5.10.
Commits
2b72abc7.5.107bc755dparse root off paths before sanitizing .. partsc8cb846update deps1f0c2c97.5.9fbb0851build minified version as default export6b8eba07.5.82cb1120fix(unpack): improve UnpackSync symlink error "into" path accuracyd18e4e1fix: do not write linkpaths through symlinksMaintainer changes
This version was pushed to npm by isaacs, a new releaser for tar since your current version.
Install script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.