Use microsoft/sdl/no-insecure-url instead of github:mozfreddyb/eslint-plugin-sdl...
Categories
(Core :: DOM: Security, task, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox122 | --- | fixed |
People
(Reporter: t.yavor, Assigned: mjurgens)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
In package.json
we should use microsoft/sdl/no-insecure-url
.
For that reason we need to complete the PR to microsoft/sdl/rules:
https://github.com/microsoft/eslint-plugin-sdl/pull/39#issuecomment-1214966408
Reporter | ||
Updated•2 years ago
|
Reporter | ||
Updated•2 years ago
|
Updated•2 years ago
|
Comment 1•10 months ago
|
||
Believe it or not, upstream took our changes and we can switch from my fork and use the real deal.
Malte, is this something you would be willing to explore?
The idea is to look at the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=1709150 and switch from the mozfreddyb-fork of the repo to the official Microsoft version.
Comment 2•10 months ago
|
||
(In reply to Frederik Braun [:freddy] from comment #1)
The idea is to look at the patch from https://bugzilla.mozilla.org/show_bug.cgi?id=1709150 and switch from the mozfreddyb-fork of the repo to the official Microsoft version.
It looks like that hasn't been released yet, should we ask them for a new minor release so we can switch back to a specific version?
Comment 3•10 months ago
|
||
Assignee | ||
Comment 4•10 months ago
|
||
(In reply to Frederik Braun [:freddy] from comment #1)
Malte, is this something you would be willing to explore?
Sure, I'll do as soon as they release a new version. We could also already switch to using their master branch directly, however I am not sure if that brings any benefit over what we are currently doing.
Comment 5•10 months ago
|
||
Using their unversioned development branch seems a bit risky (even though they don't appear to be making a lot of changes right now :)).
I think we need to wait further, I somehow forgot that them merging the code still doesn't mean we can use it. Let's continue when they have published a release..
Assignee | ||
Comment 6•10 months ago
|
||
You could probably lock it at a certain commit like it is already done currently, but I would also just say we wait a bit until they create a new release.
Updated•9 months ago
|
Assignee | ||
Comment 7•5 months ago
|
||
It seems v0.2.2 is out now, and includes the relevant changes. I'll create a patch updating to that version.
Assignee | ||
Comment 8•5 months ago
|
||
Pushed by fbraun@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/86da25fdbc81 Update @microsoft/eslint-plugin-sdl to version 0.2.2 r=freddyb,Standard8
Comment 10•5 months ago
|
||
bugherder |
Description
•