Skip to content

Commit 248ffc3

Browse files
rajbosCopilot
rajbos
and
Copilot
authored
Fix vscode extension security alerts (#665)
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent d825d3b commit 248ffc3

3 files changed

Lines changed: 15 additions & 10 deletions

File tree

vscode-extension/package-lock.json

Lines changed: 8 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vscode-extension/package.json

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -571,6 +571,7 @@
571571
},
572572
"overrides": {
573573
"diff": ">=8.0.3",
574-
"serialize-javascript": ">=7.0.3"
574+
"serialize-javascript": ">=7.0.3",
575+
"uuid": "^14.0.0"
575576
}
576-
}
577+
}

vscode-extension/src/webview/usage/main.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -304,7 +304,7 @@ function renderMissedPotential(stats: UsageAnalysisStats): string {
304304
<div style="display: flex; flex-direction: column; gap: 4px;">
305305
${ws.nonCopilotFiles.map(f => `
306306
<div style="font-size: 11px; display: flex; align-items: center; gap: 6px;">
307-
<span>${f.icon || '📄'}</span>
307+
<span>${escapeHtml(f.icon || '📄')}</span>
308308
<span style="font-weight: 500;">${escapeHtml(f.label || '')}:</span>
309309
<span style="font-family: monospace; color: var(--text-muted);">${escapeHtml(f.relativePath)}</span>
310310
</div>
@@ -723,9 +723,9 @@ function renderLayout(stats: UsageAnalysisStats): void {
723723
? 'Missing'
724724
: 'Status unknown';
725725
return `
726-
<td style="position: relative; padding: 6px 8px; border-bottom: 1px solid var(--border-subtle); text-align: center; font-size: 16px;" title="${statusLabel}" aria-label="${statusLabel}">
726+
<td style="position: relative; padding: 6px 8px; border-bottom: 1px solid var(--border-subtle); text-align: center; font-size: 16px;" title="${escapeHtml(statusLabel)}" aria-label="${escapeHtml(statusLabel)}">
727727
<span aria-hidden="true">${escapeHtml(status)}</span>
728-
<span style="position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);white-space:nowrap;border:0;">${statusLabel}</span>
728+
<span style="position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);white-space:nowrap;border:0;">${escapeHtml(statusLabel)}</span>
729729
</td>
730730
`;
731731
}).join('')}
@@ -1266,7 +1266,7 @@ function renderLayout(stats: UsageAnalysisStats): void {
12661266
<div style="display:flex; flex-wrap:wrap; gap:4px; margin-bottom:10px;">
12671267
${toolListHtml}
12681268
</div>
1269-
<a href="${issueUrl}" target="_blank" style="display: inline-flex; align-items: center; gap: 6px; padding: 6px 12px; background: var(--button-bg); color: var(--button-fg); border-radius: 4px; text-decoration: none; font-size: 12px; font-weight: 500;">
1269+
<a href="${escapeHtml(issueUrl)}" target="_blank" rel="noopener noreferrer" style="display: inline-flex; align-items: center; gap: 6px; padding: 6px 12px; background: var(--button-bg); color: var(--button-fg); border-radius: 4px; text-decoration: none; font-size: 12px; font-weight: 500;">
12701270
<span>📝</span>
12711271
<span>Report Unknown Tools</span>
12721272
</a>

0 commit comments

Comments
 (0)