[v12] feat(ui-tree-browser): TreeBrowser rework #2342
Conversation
|
|
||
| function bootstrap() { | ||
| execSync(path.resolve('scripts/clean.js'), opts) |
Check warning
Code scanning / CodeQL
Shell command built from environment values
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 12 days ago
In general, to fix this class of problem you should avoid passing a single command string to child_process.execSync when any part of that string is dynamic. Instead, either (1) use execFileSync with the executable and its arguments passed as separate parameters, or (2) if you need to run a Node script, invoke process.execPath (the Node binary) with the script path as an argument, again using an argument array. This way, the shell is not involved and dynamic values are not interpreted as shell syntax.
For this file, the best fix is to change the bootstrap function so it no longer passes the resolved script path as a shell command string. A simple, behavior-preserving change is:
- Call
execFileSyncinstead ofexecSync. - Use
process.execPathas the command (the current Node executable). - Pass
[path.resolve('scripts/clean.js')]as the argument array. - Keep
optsunchanged sostdio: 'inherit'behavior is preserved.
We also need to import execFileSync from child_process alongside the existing execSync and fork imports. All changes are confined to scripts/bootstrap.js:
- At the top, extend the destructuring require to include
execFileSync. - In
bootstrap(), replaceexecSync(path.resolve('scripts/clean.js'), opts)withexecFileSync(process.execPath, [path.resolve('scripts/clean.js')], opts).
| @@ -24,7 +24,7 @@ | ||
| * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
| * SOFTWARE. | ||
| */ | ||
| const { execSync, fork } = require('child_process') | ||
| const { execSync, execFileSync, fork } = require('child_process') | ||
| const path = require('path') | ||
|
|
||
| const opts = { stdio: 'inherit' } | ||
| @@ -65,7 +65,7 @@ | ||
| } | ||
|
|
||
| function bootstrap() { | ||
| execSync(path.resolve('scripts/clean.js'), opts) | ||
| execFileSync(process.execPath, [path.resolve('scripts/clean.js')], opts) | ||
| buildProject() | ||
| } | ||
|
|
6abd48e to
ee0bed7
Compare
|
ee0bed7 to
8f81f6f
Compare
matyasf
left a comment
There was a problem hiding this comment.
Can you also update the example in the regression test to use the new icons?
| const iconElement = isValidElement(icon) | ||
| ? safeCloneElement(icon, { size, color: iconColor }) | ||
| : callRenderProp(icon, { size, color: iconColor }) |
There was a problem hiding this comment.
We should come up with a pattern for this... @joyenjoyer FYI
b8e26a4 to
ae7c1ea
Compare
ae7c1ea to
e394b93
Compare
here the text-background contrast ratio seem a bit off |
|
In v11, the TextInput's focus ring is visible when I click into the input field: 
But here it is not:
|
I dark mode and with hover, the text is not really visible
|
| - `iconsMarginRightSmall` (new) | ||
| - `iconsMarginRightMedium` (new) | ||
| - `iconsMarginRightLarge` (new) |
There was a problem hiding this comment.
Are we supposed to put the new tokens into the upgrade guide? I think only the renamed or removed ones are relevant?
This is just an example of the custom content, but I updated the color to make it more visible in all cases. |
Thanks! I talked to Ádám, and he’s going to change the tokens. |
e394b93 to
ef34995
Compare
INSTUI-4818
Summary
Migrated TreeBrowser component from the old theming system.
Test plan
On the documentation page, verify that everything displays and works correctly.
Co-Authored-By: 🤖 Claude