[v12] feat(ui-truncate-text): TruncateText rework.#2420
Open
git-nandor wants to merge 1 commit intov12from
Open
[v12] feat(ui-truncate-text): TruncateText rework.#2420git-nandor wants to merge 1 commit intov12from
git-nandor wants to merge 1 commit intov12from
Conversation
|
|
||
| function bootstrap() { | ||
| execSync(path.resolve('scripts/clean.js'), opts) |
Check warning
Code scanning / CodeQL
Shell command built from environment values
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 days ago
In general, this problem is fixed by avoiding string-constructed shell commands for dynamic values and instead passing the command and its arguments as separate parameters to an API that does not invoke a shell (such as execFileSync/spawn with shell: false). This prevents any special characters in paths from being interpreted by a shell.
For this specific case, the safest and minimal-change approach is:
- Explicitly invoke the Node interpreter with
execFileSyncand pass the resolved script path as an argument, rather than passing the resolved path as a shell command string toexecSync. - Keep the existing
opts({ stdio: 'inherit' }) so that behavior and output remain the same.
Concretely:
- Add
execFileSyncto the destructuring import fromchild_processon line 27. - Change
execSync(path.resolve('scripts/clean.js'), opts)on line 68 toexecFileSync(process.execPath, [path.resolve('scripts/clean.js')], opts).process.execPathis the absolute path to the current Node executable, so we guarantee we’re running the script with Node and bypass the shell.
No other behavior in buildProject or elsewhere needs to change.
Suggested changeset
1
scripts/bootstrap.js
| @@ -24,7 +24,7 @@ | ||
| * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
| * SOFTWARE. | ||
| */ | ||
| const { execSync, fork } = require('child_process') | ||
| const { execSync, execFileSync, fork } = require('child_process') | ||
| const path = require('path') | ||
|
|
||
| const opts = { stdio: 'inherit' } | ||
| @@ -65,7 +65,7 @@ | ||
| } | ||
|
|
||
| function bootstrap() { | ||
| execSync(path.resolve('scripts/clean.js'), opts) | ||
| execFileSync(process.execPath, [path.resolve('scripts/clean.js')], opts) | ||
| buildProject() | ||
| } | ||
|
|
Copilot is powered by AI and may make mistakes. Always verify output.
|
e6979e2 to
1c7b75c
Compare
ToMESSKa
approved these changes
Feb 26, 2026
adamlobler
requested changes
Feb 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.


INSTUI-4819
Summary
Migrated TruncateText component from the old theming system.
Test plan
On the documentation page, verify that everything displays and works correctly.