Skip to content

fix: resolve high severity string escaping vulnerabilities in build configuration#16

Merged
jarpex merged 1 commit into
mainfrom
fix/security-vulnerabilities
Dec 5, 2025
Merged

fix: resolve high severity string escaping vulnerabilities in build configuration#16
jarpex merged 1 commit into
mainfrom
fix/security-vulnerabilities

Conversation

@jarpex

@jarpex jarpex commented Dec 5, 2025

Copy link
Copy Markdown
Owner

This commit addresses 7 security and quality alerts reported by CodeQL, primarily focusing on high-severity flaws in the build configuration.

The fixes include:

  • Security (High): Enhanced CSS minification logic in vite.config.js and vite.config.safe.js to properly escape backslashes before backticks, resolving 5 alerts related to 'Incomplete string escaping or encoding'.
  • Security (Medium): Addressed 'Inclusion of functionality from an untrusted source' found in demo/index.html.
  • Quality (Warning): Updated baseScale initialization in src/spotlight.js to resolve 'Useless assignment to local variable'.

This commit addresses 7 security and quality alerts reported by CodeQL, primarily focusing on high-severity flaws in the build configuration.

The fixes include:

- **Security (High):** Enhanced CSS minification logic in `vite.config.js` and `vite.config.safe.js` to properly escape backslashes before backticks, resolving 5 alerts related to 'Incomplete string escaping or encoding'.
- **Security (Medium):** Addressed 'Inclusion of functionality from an untrusted source' found in `demo/index.html`.
- **Quality (Warning):** Updated `baseScale` initialization in `src/spotlight.js` to resolve 'Useless assignment to local variable'.
@jarpex jarpex merged commit 2cc9d2e into main Dec 5, 2025
4 checks passed
@jarpex jarpex deleted the fix/security-vulnerabilities branch December 5, 2025 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant