Merge branch 'master' into copilot/remove-jquery-dependabot-alerts

Author: Lipata

.github/workflows/codeql-analysis.yml

@@ -23,6 +23,9 @@ on:
 jobs:
   analyze:
     name: Analyze
+    permissions:
+      contents: read
+      security-events: write
     runs-on: ubuntu-latest
 
     strategy:

.github/workflows/nodejs.yml

@@ -1,4 +1,7 @@
 name: Node.js CI
+permissions:
+  contents: read
+  checks: write
 
 on:
   push:
@@ -35,6 +38,7 @@ jobs:
         run: yarn coverage
       - name: Publish to coveralls.io
         if: matrix.node-version == '20.x'
-        uses: coverallsapp/[email protected]
+        # coverallsapp/github-action@cfd0633edbd2411b532b808ba7a8b5e04f76d2c8 corresponds to v2.3.4
+        uses: coverallsapp/github-action@cfd0633edbd2411b532b808ba7a8b5e04f76d2c8
         with:
             github-token: ${{ github.token }}

.github/workflows/npm-publish.yml

@@ -3,6 +3,9 @@ on:
   release:
     types: [created]
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest

CHANGELOG.md

@@ -1,3 +1,35 @@
+# [14.7.0](https://github.com/IgniteUI/igniteui-cli/compare/v14.6.6...v14.7.0) (2025-11-17)
+## What's Changed
+
+* feat(ng): use ng lint schematic by @Lipata in https://github.com/IgniteUI/igniteui-cli/pull/1439
+* chore(ng): add overrides to remove npm i warnings by @Lipata in https://github.com/IgniteUI/igniteui-cli/pull/1440
+* chore: address dependabot security alerts by @Copilot in https://github.com/IgniteUI/igniteui-cli/pull/1437
+* fix: command injection vulnerabilities in PackageManager and start command by @Copilot in https://github.com/IgniteUI/igniteui-cli/pull/1438
+* Fix code scanning alert: Potential file system race conditions by @Hristo313 in https://github.com/IgniteUI/igniteui-cli/pull/1446
+* Potential fix for code scanning alert: Workflow does not contain permissions by @Hristo313 in https://github.com/IgniteUI/igniteui-cli/pull/1445
+* build(deps): bump eazy-logger from 4.0.1 to 4.1.0 in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/IgniteUI/igniteui-cli/pull/1436
+* merge 14.6.x into master by @Lipata in https://github.com/IgniteUI/igniteui-cli/pull/1451
+
+**Full Changelog**: https://github.com/IgniteUI/igniteui-cli/compare/v14.6.6...v14.7.0
+
+# [14.6.6](https://github.com/IgniteUI/igniteui-cli/compare/v14.6.5...v14.6.6) (2025-11-12)
+
+## What's Changed
+* Update github pages workflow step by @Hristo313 in https://github.com/IgniteUI/igniteui-cli/pull/1452
+* Update react test setup configuration by @Hristo313 in https://github.com/IgniteUI/igniteui-cli/pull/1453
+
+**Full Changelog**: https://github.com/IgniteUI/igniteui-cli/compare/v14.6.5...v14.6.6
+
+# [14.6.5](https://github.com/IgniteUI/igniteui-cli/compare/v14.6.4...v14.6.5) (2025-11-10)
+
+## What's Changed
+
+* ci(react): install Playwright in the YAML file by @Lipata in https://github.com/IgniteUI/igniteui-cli/pull/1450
+* build(deps): bump eazy-logger from 4.0.1 to 4.1.0 in the npm_and_yarn group across 1 directory by @dependabot[bot] in https://github.com/IgniteUI/igniteui-cli/pull/1436
+
+
+**Full Changelog**: https://github.com/IgniteUI/igniteui-cli/compare/v14.6.4...v14.6.5
+
 # [14.6.4](https://github.com/IgniteUI/igniteui-cli/compare/v14.6.3...v14.6.4) (2025-10-14)
 
 ## What's Changed

packages/cli/lib/commands/start.ts

@@ -7,11 +7,16 @@ import { PositionalArgs, StartCommandType } from "./types";
 import { ArgumentsCamelCase } from "yargs";
 
 const execSyncNpmStart = (port: number, options: ExecSyncOptions): void => {
+	const args = ['start'];
 	if (port) {
-		Util.execSync(`npm start -- --port=${port}`, options);
-		return;
+		// Validate port is a number to prevent command injection
+		if (!Number.isInteger(port) || port < 0 || port > 65535) {
+			Util.error(`Invalid port number: ${port}`, "red");
+			return;
+		}
+		args.push('--', `--port=${port}`);
 	}
-	Util.execSync(`npm start`, options);
+	Util.spawnSync('npm', args, options);
 };
 
 const command: StartCommandType = {

packages/cli/lib/templates/ReactTemplate.ts

@@ -109,8 +109,9 @@ export class ReactTemplate implements Template {
 		const components = require("@igniteui/cli-core/packages/components");
 		const igResPath = path.join(projectPath, this.igniteResources);
 
-		if (fs.existsSync(igResPath)) {
-			let igniteuiResFile = fs.readFileSync(igResPath, "utf8");
+		try {
+			const fd = fs.openSync(igResPath, fs.constants.O_RDWR | fs.constants.O_CREAT);
+			let igniteuiResFile = fs.readFileSync(fd, "utf8");
 			const freeVersionPath = "ignite-ui/";
 			const fullVersionPath = "@infragistics/ignite-ui-full/en/";
 			const dvPath = "@infragistics/ignite-ui-full/en/js/infragistics.dv.js";
@@ -123,16 +124,19 @@ export class ReactTemplate implements Template {
 					igniteuiResFile = igniteuiResFile.replace(freeVersionPath, fullVersionPath);
 					igniteuiResFile = igniteuiResFile.replace("-lite", "");
 				}
-				fs.writeFileSync(igResPath, igniteuiResFile);
+				fs.ftruncateSync(fd, 0);
+				fs.writeSync(fd, igniteuiResFile, 0);
 			}
 
 			if (dvDep && !igniteuiResFile.includes(dvPath)) {
-				fs.appendFileSync(igResPath, `${'\r\n// Ignite UI Charts Required JavaScript File\r\nimport "'
-					+ dvPath + '";\r\n'}`);
+				const endPos = fs.fstatSync(fd).size;
+				fs.writeSync(fd, `\r\n// Ignite UI Charts Required JavaScript File\r\nimport "${dvPath}";\r\n`, endPos);
 			}
 
-		} else {
-			Util.log(`igniteuiResources.js file NOT found!`);
+			fs.closeSync(fd);
+		} catch (err) {
+			Util.error(`Error while updating igniteuiResources.js: ${err.message}`);
+			throw err;
 		}
 	}
 

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "igniteui-cli",
-  "version": "14.6.5-beta.0",
+  "version": "14.7.0",
   "description": "CLI tool for creating Ignite UI projects",
   "keywords": [
     "CLI",
@@ -76,8 +76,8 @@
     "all": true
   },
   "dependencies": {
-    "@igniteui/angular-templates": "~20.1.1465-beta.0",
-    "@igniteui/cli-core": "~14.6.5-beta.0",
+    "@igniteui/angular-templates": "~20.1.1470",
+    "@igniteui/cli-core": "~14.7.0",
     "@inquirer/prompts": "^7.9.0",
     "@types/yargs": "^17.0.33",
     "chalk": "^5.3.0",

packages/cli/templates/react/igr-ts/projects/_base/files/__dot__azure/azure-pipelines.yml

@@ -19,5 +19,9 @@ steps:
     continueOnError: true
   - script: npm run build
     displayName: 'Build the project'
+  - script: npx playwright install chromium-headless-shell
+    displayName: 'Install Playwright browsers'
   - script: npm run test
     displayName: 'Run tests'
+    env:
+      CI: 'true'

packages/cli/templates/react/igr-ts/projects/_base/files/__dot__github/workflows/github-pages.yml

@@ -39,7 +39,7 @@ jobs:
         find ./dist/assets -type f -name "*.js" -exec sed -i 's|src/assets|${{ github.event.repository.name }}/assets|g' {} +;
         find ./dist/assets -type f -name "*.js" -exec sed -i 's|/static-data/|/${{ github.event.repository.name }}/static-data/|g' {} +
     - name: Copy Resources to dist
-      run: mkdir -p ./dist/assets && cp -R ./src/assets/* ./dist/assets/
+      run: if [ -d "./src/assets" ]; then mkdir -p ./dist/assets && cp -R ./src/assets/* ./dist/assets/; fi
     - name: SPA routing handling
       run: cp ./dist/index.html ./dist/404.html
     - name: Upload build artifact to GitHub Pages

packages/cli/templates/react/igr-ts/projects/_base/files/__dot__github/workflows/node.js.yml

@@ -29,5 +29,8 @@ jobs:
     - run: npm i # replace with 'npm ci' after committing lock file from first install
 #    - run: npm run lint
     - run: npm run build
+    - name: Install Playwright browsers
+      run: npx playwright install chromium-headless-shell
     - run: npm run test
-
+      env:
+        CI: 'true'