Skip to content

Updated whitelist for navwalker library#44

Merged
matt-bernhardt merged 1 commit into
masterfrom
navwalker
Jan 12, 2023
Merged

Updated whitelist for navwalker library#44
matt-bernhardt merged 1 commit into
masterfrom
navwalker

Conversation

@matt-bernhardt

@matt-bernhardt matt-bernhardt commented Jan 12, 2023

Copy link
Copy Markdown
Member

This extends our whitelisting of the Navwalker library in the parent theme to also include the copy of Navwalker in the child theme.

How we implement that whitelist in PHPCS is altered, moving the exclusion from the security-specific config to the more general config file.

We still have LM-162 in the backlog, which will try and convert this file to something managed by Composer. That would take both copies of the file out of this repo, and hopefully allow us to upgrade the version as well.

Relevant ticket(s):

Developer

Secrets

  • All new secrets have been added to Pantheon tiers
  • Relevant secrets have been updated in Github Actions
  • All new secrets documented in README
  • No new secrets are defined

Documentation

  • Project documentation has been updated
  • No documentation changes are needed

Accessibility

  • ANDI or Wave has been run in accordance to
    our guide and
    all issues introduced by these changes have been resolved or opened as new
    issues (link to those issues in the Pull Request details above)

Stakeholder approval

  • Stakeholder approval has been confirmed
  • Stakeholder approval is not needed

Dependencies

NO dependencies are updated

Code Reviewer

  • The commit message is clear and follows our guidelines
    (not just this pull request message)
  • The changes have been verified
  • The documentation has been updated or is unnecessary
  • New dependencies are appropriate or there were no changes

** Why are these changes being introduced:

* We previously excluded the third-party library Navwalker (included in
  the parent theme) from our code analysis tools. The library is also
  present in the child theme, however - so it must be excluded there
  as well.
* The parent theme copy of Navwalker was also not quite completely
  whitelisted - it was ignored in the security-specific PHPCS file, but
  not rom the more general file that gets called by using PHPCS on the
  command line.

** Relevant ticket(s):

* https://mitlibraries.atlassian.net/browse/lm-142

** How does this address that need:

* This updates our CodeClimate and PHPCS configuration files to ignore
  both copies of navwalker.
* It also moves the PHPCS exclusion from the security-specific file to
  the more general file. Now the library should be ignored in any
  context in which you might invoke PHPCS (at least, using the config
  files in this repo)

** Document any side effects to this change:

* We will be more comprehensively ignoring whatever issues exist in the
  old version of Navwalker we use. There is a separate ticket in the
  backlog to convert this to a properly managed dependency.
@matt-bernhardt

Copy link
Copy Markdown
Member Author

A quick note - I see CodeClimate above flagging 2 issues, which confuses me. The files it is looking at don't change in this PR, so I'm not sure why there is an objection there. Certainly other issues exist in this repo, so ... why those two? Why only those two?

🤷

The GitHub Actions failures are down to content escaping problems, which will be resolved with the next PR in this process.

@matt-bernhardt matt-bernhardt merged commit d19e76d into master Jan 12, 2023
@matt-bernhardt matt-bernhardt deleted the navwalker branch January 12, 2023 19:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants