Skip to content

Mt/ops#3

Merged
mintritech merged 3 commits into
devfrom
MT/Ops
Mar 14, 2026
Merged

Mt/ops#3
mintritech merged 3 commits into
devfrom
MT/Ops

Conversation

@mintritech

@mintritech mintritech commented Mar 14, 2026

Copy link
Copy Markdown
Member

No description provided.

@mintritech
Delete: Remove unnecessary components.
7fb21e0
@mintritech
fix: align project scripts and lint errors for CI compatibility
c9e23d9 
- Rename typecheck to type-check with --noEmit to match CI workflow
- Add placeholder test script for CI test job
- Fix conditional React.useId() call in Checkbox (rules-of-hooks)
- Replace useState+useEffect with useSyncExternalStore in useMounted
- Add CI workflow, .npmrc, .nvmrc, and PR template
amazon-q-developer[bot]
amazon-q-developer Bot reviewed Mar 14, 2026
View reviewed changes

@amazon-q-developer amazon-q-developer Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review Summary

This PR introduces CI/CD infrastructure, tooling configuration, and code improvements. One critical security issue requires immediate attention.

Critical Issues

  • Security vulnerability: npm security audits are disabled in .npmrc, preventing detection of vulnerable dependencies

Changes Overview

  • ✅ Added CI/CD pipeline with lint, typecheck, test, and build jobs
  • ✅ Added PR template for consistent contribution process
  • ✅ Standardized Node.js version with .nvmrc
  • ✅ Improved useMounted hook using useSyncExternalStore for better hydration handling
  • ✅ Refactored checkbox component for clearer code structure
  • ⚠️ Disabled npm security audits (needs fix)

Action Required: Address the security issue by enabling npm audit before merging.

You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.

Comment thread .npmrc Outdated
@@ -0,0 +1,2 @@
fund=false
audit=false No newline at end of file

@amazon-q-developer amazon-q-developer Bot Mar 14, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛑 Security Risk: Disabling npm audit prevents detection of known security vulnerabilities in dependencies. Remove audit=false or set to true to enable security checks during installation.1

Suggested change
audit=false
fund=false

Footnotes

  1. CWE-1104: Use of Unmaintained Third Party Components - https://cwe.mitre.org/data/definitions/1104.html

@mintritech
fix(security): enable npm audit and fix high severity vulnerabilities
7c364ef 
- Remove audit=false from .npmrc to re-enable security checks
- Add npm audit step to CI pipeline (audit-level=high)
- Update next 16.1.1 -> 16.1.6 (fixes 3 high severity CVEs)
- Update flatted to fix unbounded recursion DoS
@mintritech mintritech merged commit 0635a94 into dev Mar 14, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amazon-q-developer amazon-q-developer[bot] amazon-q-developer[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mintritech