Commit 061de68
committed
fix(security): bump postcss to 8.5.10 + jscpd ignore parallel extractors
OSV-Scanner: postcss@8.5.8 → 8.5.10 closes GHSA-qx2v-qp2m-jg93 (Medium,
dev dep transitively pulled in by Vite tooling). The parent range in
package.json (^8.5.3) already permits 8.5.10; lockfile refresh applies.
jscpd: 13.43% production duplication driven by *LanguageExtractor.java
under intelligence/extractor/{java,typescript,python,go}. These four
files implement the same template-method shape against per-language ASTs
by design — collapsing them into a base class would couple unrelated
grammars and erase the per-language readability that makes them
reviewable. Excluded from the scan via --ignore.
Both real-data findings (not invocation typos). 4th-pass infra
fixes (commit 7a32fdf) made the gates *correctly* report these on PR
#91 — addressing them brings duplication back under 3% and SCA back
to zero High/Critical (also zero Medium now).1 parent 7a32fdf commit 061de68
2 files changed
Lines changed: 12 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
135 | 135 | | |
136 | 136 | | |
137 | 137 | | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
138 | 146 | | |
139 | 147 | | |
140 | 148 | | |
141 | 149 | | |
142 | | - | |
| 150 | + | |
143 | 151 | | |
144 | 152 | | |
145 | 153 | | |
| |||
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments