Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: regex denial of service #2846

Merged
merged 1 commit into from
May 11, 2023
Merged

fix: regex denial of service #2846

merged 1 commit into from
May 11, 2023

Conversation

bigint
Copy link
Member

@bigint bigint commented May 11, 2023
edited by ghost
Loading

What does this PR do?

🤖 Generated by Copilot at 8083d8c

This pull request refactors the regular expressions for matching handles, hashtags and URLs in the codebase. It moves the regex constants from data/constants to utils/regex and updates the imports and usages in various components and modules. It also removes some unused or incompatible dependencies and updates the pnpm-lock.yaml file. These changes improve the code quality, consistency and user experience of the app.

Related issues

Fixes # (issue)

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Enhancement (non-breaking small changes to existing functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Explanation of the changes

🤖 Generated by Copilot at 8083d8c

  • Remove unused and incompatible tlds dependency from apps/web/package.json and pnpm-lock.yaml (link, link, link)
  • Update esbuild, webpack and @types/node versions in apps/web/package.json and pnpm-lock.yaml to improve build performance and compatibility ( link, link, link, link, link, link, link, link)
  • Refactor regular expressions for matching handles, hashtags and URLs in data/constants.ts and update their imports and usages in apps/web/src/components/Publication/RelevantPeople.tsx, apps/web/src/components/Shared/Lexical/Plugins/AutoLinkPlugin.tsx, apps/web/src/components/Shared/Markup/index.tsx and packages/lib/getURLs.ts to make them more robust and consistent (link, link, link, link, link, link, link, link, link)
  • Remove email matching functionality from AutoLinkPlugin in apps/web/src/components/Shared/Lexical/Plugins/AutoLinkPlugin.tsx as it is not needed and can cause false positives (link)
  • Delete unused file apps/web/src/lib/markupUtils.ts (link)

Emoji

🗑️🛠️🚀

@vercel
Copy link

vercel bot commented May 11, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
prerender ✅ Ready (Inspect) Visit Preview May 11, 2023 6:08pm
ui ✅ Ready (Inspect) Visit Preview May 11, 2023 6:08pm
web ✅ Ready (Inspect) Visit Preview May 11, 2023 6:08pm

@socket-security
Copy link

New dependency changes detected. Learn more about Socket for GitHub ↗︎

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary
Issue Status
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

🚮 Removed packages: tlds@1.238.0

@bigint bigint enabled auto-merge (squash) May 11, 2023 18:02
@vercel vercel bot temporarily deployed to Preview – ui May 11, 2023 18:07 Inactive
@bigint bigint merged commit b6787b5 into main May 11, 2023
6 checks passed
@bigint bigint deleted the fix-regex branch May 11, 2023 18:08
@vercel vercel bot temporarily deployed to Preview – prerender May 11, 2023 18:08 Inactive
bigint added a commit that referenced this pull request May 13, 2023
@bigint
Revert "fix: regex denial of service (#2846)"
8022e9c 
This reverts commit b6787b5.
@bigint bigint mentioned this pull request May 13, 2023
Merged
bigint added a commit that referenced this pull request May 13, 2023
@bigint
Revert "fix: regex denial of service" (#2850)
6ea8eb4 
Revert "fix: regex denial of service (#2846)"

This reverts commit b6787b5.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bigint bigint

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@bigint