Merge branch 'master' into dependabot/npm_and_yarn/aws-sdk/client-ecs-3.731.1

s3cube · web-flow · commit 85098912908e · 2025-01-28T11:09:25.000-05:00
diff --git a/.github/workflows/notifications.yml b/.github/workflows/notifications.yml
@@ -13,6 +13,44 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - uses: actions/github-script@v7
+        id: sanitize-title
+        with:
+          script: |
+            const isPR = !!context.payload.pull_request;
+            const isIssue = !!context.payload.issue;
+            const item = isPR ? context.payload.pull_request : isIssue ? context.payload.issue : context.payload.issue_comment.issue;
+            
+            // Sanitization functions
+            const sanitizeTitle = (title) => {
+              return title
+                // Remove potential markdown formatting
+                .replace(/[*_~`]/g, '')
+                // Remove potential HTML tags
+                .replace(/<[^>]*>/g, '')
+                // Remove multiple spaces
+                .replace(/\s{2,}/g, ' ')
+                // Trim whitespace
+                .trim()
+                // Enforce max length of 100
+                .substring(0, 100);
+            };
+            
+            // Escape special characters for Slack
+            const escapeForSlack = (text) => {
+              return text
+                .replace(/"/g, '&quot;')
+                .replace(/&/g, '&amp;')
+                .replace(/</g, '&lt;')
+                .replace(/[@]/g, '\\@')
+                .replace(/>/g, '&gt;')
+                .replace(/&amp;lt;/g, '&lt;')
+                .replace(/&amp;gt;/g, '&gt;');
+            };
+
+            const sanitizedTitle = escapeForSlack(sanitizeTitle(item.title));
+            console.log('Sanitized Title: ', sanitizedTitle);
+            core.setOutput('safe-title', sanitizedTitle);
       - name: Send notifications on Pull Request
         if: ${{ github.event_name == 'pull_request'}}
         id: slack_PR
@@ -23,7 +61,7 @@ jobs:
               "Notification Type": "Pull Request",
               "Notification URL":"${{ github.event.pull_request.html_url }}",
               "GitHub Repo": "${{ github.repository }}",
-              "Notification Title": "${{ github.event.pull_request.title }}"
+              "Notification Title": "${{ steps.sanitize-title.outputs.safe-title }}"
             }
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
@@ -37,7 +75,7 @@ jobs:
               "Notification Type": "Issue",
               "Notification URL":"${{ github.event.issue.html_url }}",
               "GitHub Repo": "${{ github.repository }}",
-              "Notification Title": "${{ github.event.issue.title }}"
+              "Notification Title": "${{ steps.sanitize-title.outputs.safe-title }}"
             }
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
@@ -51,7 +89,7 @@ jobs:
               "Notification Type": "Issue comment",
               "Notification URL":"${{ github.event.comment.html_url }}",
               "GitHub Repo": "${{ github.repository }}",
-              "Notification Title": "${{ github.event.issue_comment.issue.title }}"
+              "Notification Title": "${{ steps.sanitize-title.outputs.safe-title }}"
             }
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/dist/index.js b/dist/index.js
@@ -91071,6 +91071,14 @@ const { isUint8Array, isArrayBuffer } = __nccwpck_require__(98253)
 const { File: UndiciFile } = __nccwpck_require__(63041)
 const { parseMIMEType, serializeAMimeType } = __nccwpck_require__(94322)
 
+let random
+try {
+  const crypto = __nccwpck_require__(77598)
+  random = (max) => crypto.randomInt(0, max)
+} catch {
+  random = (max) => Math.floor(Math.random(max))
+}
+
 let ReadableStream = globalThis.ReadableStream
 
 /** @type {globalThis['File']} */
@@ -91156,7 +91164,7 @@ function extractBody (object, keepalive = false) {
     // Set source to a copy of the bytes held by object.
     source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength))
   } else if (util.isFormDataLike(object)) {
-    const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}`
+    const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}`
     const prefix = `--${boundary}\r\nContent-Disposition: form-data`
 
     /*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
@@ -105972,6 +105980,14 @@ module.exports = require("node:buffer");
 
 /***/ }),
 
+/***/ 77598:
+/***/ ((module) => {
+
+"use strict";
+module.exports = require("node:crypto");
+
+/***/ }),
+
 /***/ 78474:
 /***/ ((module) => {
 
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -33,7 +33,7 @@
   "devDependencies": {
     "@eslint/js": "^9.18.0",
     "@vercel/ncc": "^0.38.3",
-    "eslint": "^9.18.0",
+    "eslint": "^9.19.0",
     "globals": "^15.14.0",
     "jest": "^29.7.0"
   },
