diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml new file mode 100644 index 000000000..952e0f64a --- /dev/null +++ b/.github/codeql/codeql-config.yml @@ -0,0 +1,12 @@ +name: "Custom CodeQL Config" + +queries: +- uses: security-and-quality +- uses: ./.github/codeql/custom-queries/javascript + +paths: +- app/assets/javascripts + +paths-ignore: +- bin +- node_modules diff --git a/.github/codeql/custom-queries/javascript/qlpack.yml b/.github/codeql/custom-queries/javascript/qlpack.yml new file mode 100644 index 000000000..fcd24771d --- /dev/null +++ b/.github/codeql/custom-queries/javascript/qlpack.yml @@ -0,0 +1,4 @@ +name: custom-javascript-queries +version: 0.0.0 +libraryPathDependencies: +- codeql-javascript diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 000000000..0f8a2152a --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,68 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ develop, main ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ develop ] + schedule: + - cron: '21 7 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + language: [ 'javascript' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + config-file: ./.github/codeql/codeql-config.yml + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.gitignore b/.gitignore index 903e2617c..4656f67cc 100644 --- a/.gitignore +++ b/.gitignore @@ -46,3 +46,5 @@ dump.rdb # Yarn yarn-error.log package-lock.json + +codeqldb diff --git a/.npmignore b/.npmignore index bbeb12a69..2e0c1f200 100644 --- a/.npmignore +++ b/.npmignore @@ -37,3 +37,5 @@ package-lock.json package.json Rakefile testing-server.js +.github +codeqldb diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 000000000..44174c5f0 --- /dev/null +++ b/.prettierignore @@ -0,0 +1,2 @@ +.github +codeqldb diff --git a/app/assets/javascripts/views/challenge_modal/challenge_modal.tsx b/app/assets/javascripts/views/challenge_modal/challenge_modal.tsx index d5564f59d..6121c6486 100644 --- a/app/assets/javascripts/views/challenge_modal/challenge_modal.tsx +++ b/app/assets/javascripts/views/challenge_modal/challenge_modal.tsx @@ -374,24 +374,26 @@ function ChallengePrompts({ ) : (
- { - const value = (event.target as HTMLInputElement).value; - ctrl.state.values[prompt.id]!.value = value; - ctrl.onTextValueChange(prompt); - }} - onKeyUp={(event) => { - if (event.key === 'Enter') { - event.preventDefault(); - ctrl.submit(); - } - }} - ref={index === 0 ? initialFocusRef : undefined} - placeholder={prompt.title} - type={prompt.secureTextEntry ? 'password' : 'text'} - /> +
+ { + const value = (event.target as HTMLInputElement).value; + ctrl.state.values[prompt.id]!.value = value; + ctrl.onTextValueChange(prompt); + }} + onKeyUp={(event) => { + if (event.key === 'Enter') { + event.preventDefault(); + ctrl.submit(); + } + }} + ref={index === 0 ? initialFocusRef : undefined} + placeholder={prompt.title} + type={prompt.secureTextEntry ? 'password' : 'text'} + /> +
)} diff --git a/package.json b/package.json index 213436253..1d7feace4 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "standard-notes-web", - "version": "3.6.8", + "version": "3.6.13", "license": "AGPL-3.0-or-later", "repository": { "type": "git", @@ -70,8 +70,8 @@ "@reach/alert-dialog": "^0.13.0", "@reach/checkbox": "^0.13.2", "@reach/dialog": "^0.13.0", - "@standardnotes/sncrypto-web": "^1.2.10", - "@standardnotes/snjs": "^2.0.75", + "@standardnotes/sncrypto-web": "1.2.10", + "@standardnotes/snjs": "2.1.1", "mobx": "^6.1.6", "mobx-react-lite": "^3.2.0", "preact": "^10.5.12" diff --git a/yarn.lock b/yarn.lock index 508d97e0f..d0a0f966f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1928,7 +1928,7 @@ resolved "https://registry.yarnpkg.com/@standardnotes/sncrypto-common/-/sncrypto-common-1.2.9.tgz#5212a959e4ec563584e42480bfd39ef129c3cbdf" integrity sha512-xJ5IUGOZztjSgNP/6XL+Ut5+q9UgSTv6xMtKkcQC5aJxCOkJy9u6RamPLdF00WQgwibxx2tu0e43bKUjTgzMig== -"@standardnotes/sncrypto-web@^1.2.10": +"@standardnotes/sncrypto-web@1.2.10": version "1.2.10" resolved "https://registry.yarnpkg.com/@standardnotes/sncrypto-web/-/sncrypto-web-1.2.10.tgz#ddda0c8ec92754c1334d9a83be7b320433c55b79" integrity sha512-mmHlXFFovBqOdctpMkyXTpK0zI/k4NuXoV5LRGLKIXUktT9/cZg1pgNNfGPFUP+g4C5M2qxeFmZKFh581ipolQ== @@ -1936,10 +1936,10 @@ "@standardnotes/sncrypto-common" "^1.2.7" libsodium-wrappers "^0.7.8" -"@standardnotes/snjs@^2.0.75": - version "2.0.75" - resolved "https://registry.yarnpkg.com/@standardnotes/snjs/-/snjs-2.0.75.tgz#aeb0ead927da63dc85e28f78da2362126bb16602" - integrity sha512-QL5YgDT0aN9t95gxgURqNudXr5dteVsc1ylsKKSw0DpEGiq0bACPxbI+sUFppoWTFmprxmDh3+vc+FFcFg7Lyw== +"@standardnotes/snjs@2.1.1": + version "2.1.1" + resolved "https://registry.yarnpkg.com/@standardnotes/snjs/-/snjs-2.1.1.tgz#789bb492e76ee4fe5816ed0de01c9b774244034d" + integrity sha512-GeOPZGX5K2YBdzIWVmS/z4wdQJLLz4Yo2lje8rjep2eLlUiQhRO5BVWaOroYq0uaIamtfSr8m+twbYUkCkPSIQ== dependencies: "@standardnotes/auth" "^2.0.0" "@standardnotes/sncrypto-common" "^1.2.9" @@ -8006,9 +8006,9 @@ sshpk@^1.7.0: tweetnacl "~0.14.0" ssri@^6.0.1: - version "6.0.1" - resolved "https://registry.yarnpkg.com/ssri/-/ssri-6.0.1.tgz#2a3c41b28dd45b62b63676ecb74001265ae9edd8" - integrity sha512-3Wge10hNcT1Kur4PDFwEieXSCMCJs/7WvSACcrMYrNp+b8kDL1/0wJch5Ni2WrtwEa2IO8OsVfeKIciKCDx/QA== + version "6.0.2" + resolved "https://registry.yarnpkg.com/ssri/-/ssri-6.0.2.tgz#157939134f20464e7301ddba3e90ffa8f7728ac5" + integrity sha512-cepbSq/neFK7xB6A50KHN0xHDotYzq58wWCa5LeWqnPrHG8GzfEjO/4O8kpmcGW+oaxkvhEJCWgbgNk4/ZV93Q== dependencies: figgy-pudding "^3.5.1"