Skip to content

fix: Refactor tarball creation to use execFileSync #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
odaysec wants to merge 3 commits into
base: master
Choose a base branch
from
Open

fix: Refactor tarball creation to use execFileSync #186

odaysec wants to merge 3 commits into from

Conversation

@odaysec
Copy link

@odaysec odaysec commented Nov 22, 2025
edited
Loading

To safely fix the problem, we should avoid passing shell-constructed string commands to execSync, and instead use APIs that accept arguments as an array, preventing unwanted shell interpretation. For Node.js, child_process.execFileSync allows us to execute commands directly with arguments, bypassing shell parsing. The solution is to replace:

execSync(`yarn pack --filename ${tarballPath}`, { ... });

with:

execFileSync('yarn', ['pack', '--filename', tarballPath], { ... });
  1. Update the imports to include execFileSync from child_process.
  2. Change the corresponding line inside the per-project loop (line 109) to use execFileSync instead of execSync, providing the arguments array.
  3. No additional sanitation needed as execFileSync passes arguments safely.

How has it been tested?

  • Unit tests
  • Interaction tests
  • Pseudo State tests
  • Manual - Web
  • Manual - Android (Emulator / Device)
  • Manual - iOS (Emulator / Device)

Testing instructions

Illustrations/Icons Checklist

Required if this PR changes files under packages/illustrations/** or packages/icons/**

  • verified visreg changes with Terran (include link to visreg run/approval)
  • all illustration/icons names have been reviewed by Dom and/or Terran

Change management

type=routine
risk=low
impact=sev5

automerge=false

@hcopp
feat: Charts beta 6 (coinbase#146)
a3a2aa6 
* Support connectNulls on web

* Drop unused code on mobile scrubber

* Support connectNulls on mobile

* Update examples

* Update inset

* Fix mobile scrubber reference line text offset

* Add axis labels

* Drop classnames and styles from mobile axes

* Support custom LineComponent components

* Showcase highlighted bar for candlestick example

* Wip accessibility label on scrubber

* feat: switch mobile charts to react-native-skia & implement easy chart gradient support (coinbase#123)

* Initial migration of mobile charts

* continue mobile progress

* Wip color map

* Cleanup colorMap

* Simplify chart text

* Remove remaining uses of react-native-svg

* Continue bar chart work

* Drop usage of its-fine

* Remove wip docs

* Simplify utils index

* Stop normalization of continuous scales to percentages

* Cleanup examples

* Bring color map into context

* Cleanup debug

* Enable alpha calculation dynamically for color map

* Adjust mobile examples

* Get color map to return undefined rather than null

* Start of web colorMap

* Fix dotted area

* Added UV index test

* Update lines

* Add mobile uv chart tests

* Fix continuous scales

* Rename colorMap to gradient

* Fix gradient area issues

* Continue cleanup of gradient and drop GradientLine

* Cleanup gradients on mobile and get points on both

* Fix mobile point issues

* Wip scrubber beacon label on mobile

* Simplify fonts

* Simplify animations

* Continue animation progress

* Reuse usePathAnimation

* Animation to transition to match rollingnumber

* Add transitionConfig to charts

* Drop use of onScrubberEnter for performance

* Continue performance improvements

* Simplify mobile chart text

* Simplify bar chart

* Adjust transition config to match rollingnumber

* Support point animations

* Simplify gradient calculation

* Improve web gradients

* Cleanup web dotted area

* Switch animate.ts to transition.ts

* Start web transition migration

* Support transitions for points

* Update path transformation to d3-path-interpolate

* Drop use state for path tracking

* Update path on interruption

* Hide point and scrubber beacon when outside domain

* Simplify usePathTransition on web

* Update version

* Have transitions match across web and mobile

* Update line and area types

* Fix interrupted animation

* Cleanup usePathTransition

* Implement line and area transitionConfigs on web

* Cleanup props

* Animate gradients on web

* Allow interruptible path animations on mobile

* Re-enable custom mobile animations for line/area

* Support bar with path on mobile

* Cleanup types

* Adjust types and drop ChartCanvas

* Fix ChartText update state issues

* Add transition / animation notes for line chart

* Fix float rounding issues with bar border rounding

* Update examples

* Adjust color space for gradients

* Update examples

* Update line and area chart examples

* Simplify web area chart example

* Start web gradient simplificaiton on web

* Fix log scale issues with gradient

* Wip web gradient rework

* Simplify gradient.ts part 2

* Finish web gradient simplification

* Improve animations on mobile

* Finish polishing of gradients

* Adjust x axis based on scale result

* start migration to serializable scales

* Start migration of mobile animations

* Migrate scrubber provider

* Implement scale for scrubber line

* Got scrubber beacons to work

* Start on scrubber beacon label

* Switch to 'bump' from 'linear' as default

* Track scrubber beacon label to beacon

* Simplify label positioning p1

* Get collision detection to work

* Simplify generation of labels

* Support color for series

* Disable repositioning of the label

* Support text animation

* Get tests to pass for line path generation

* Improve label coordination

* Simplify code

* Update solid area

* Simplify transitions

* Simplify scrubber

* Get scrubber beacon working

* Simplify area on mobile

* Update dotted area

* Update support for scrubber beacon

* Get scrubber beacons to animate

* Update changelog

* Fix bug on mobile

* Support band scale on mobile

* Update bar chart

* Support animated bar charts

* Add work in progress interpolate

* Support upside down line chart

* Support upside down line chart on mobile

* Cleanup chart components

* Simplify line

* Start scrubber simplification

* Bump versions

* Fix bar issues

* Start simplification of scrubber

* Start cleanup of ChartText

* Continue mobile chart text implementation

* Rename SmartChartTextGroup

* Continue mobile text simplification

* Simplify transitions

* Start area simplification

* Simplify dotted area on mobile

* Drop getGradientScale

* Continue simplifying mobile area

* Support animated chart text scrubber labels

* Finish cleanup of areas

* Start line simplification

* Start web line simplification

* Reuse fonts on mobile

* Update chart logs

* Simplify gradient stops

* Simplify mobile path props

* Fix scrubber reference line alignment

* Support ChartText with alignment on mobile

* Simplify enter animations

* Update web animations

* Improve performance of scrubber on mobile

* Start refresh of line chart documentation

* Continue docs

* Continue progress

* Continue line chart documentation

* Continue progress on line chart docs

* Finish draft of web line chart

* Update LineChart stories

* Wip mobile chart examples

* Finish updating mobile examples

* Wip

* Continue mobile examples cleanup

* Polish transition.ts

* Add transition tests

* Make chart.ts consistent across platforms

* Simplify barchart

* Make web and mobile series labels consistent as string only

* feat: rework scrubber (coinbase#166)

* Bring scrubber beacon label group to web

* Expose min label gap

* fix labels

* Simplify calculations

* Switch to DefaultScrubberBeaconLabel

* Update scrubber

* Fix scrubber groups pushing others

* Add scrubber tests

* Support custom components in docs

* Improve scrubber docs

* Bring web changes to mobile

* Bring changes to mobile

* Finish docs

* Cleanup spaces

* feat: rework scrubber beacon (coinbase#165)

* Start scrubber beacon rework

* Bring maxDataLength into context

* Continue implementation

* Update web example

* Remove scrubber beacon

* Update comments

* Fix scrubber beacon animations

* Finisb scrubber docs

* Bring scrubber examples to docs

* Hide scrubber when outside of drawing area

* Improve monotone asset price example

* Add custom beacon example

* feat: scrubber label rework (coinbase#168)

* Simplify default props

* Simplify labels

* Fix bounds calculation

* Finish

* Fix couple of issues

* Support default axis tick label

* Clarify mobile charts

* Default prevent collapse of cartesian chart

* Fix cartesian chart ref

* Fix line chart

* Hide scrubber beacon when data is null

* Update docs required dependencies

* Improve candlestick example contrast

* feat: refresh scrubber beacon (coinbase#176)

* feat: refresh chart scrubber animation

* Use pulseOpacityStart and pulseOpacityEnd

* Fix pulse delay when going from scrubbing to not

* feat: update chart points to support custom labels (coinbase#175)

* Update point component

* Update docs

* Update docgen

* Update examples

* Add tests and cleanup point

* Remove netlify

* Fix points

* Prevent initial animation from 0,0 on mobile

* Fix comment

* Simplify point setup

* Support single boolean elevation

* Simplify props

* Drop remaining mobile testIDs

* Fix type

* Switch chart ref to svg

* Update maxDataLength

* Remove ouddated todos

* Fix transitions

* Fix chart utils on web

* Update font docs

* feat: add base props for remaining chart components (coinbase#178)

* feat: add base props to remaining charts

* Update remaining components

* Cleaning up props

* Make mobile path disable clip consistent with web

* Fix point and update yarn.lock

* Adjust clipPath

* Adjust spacing of props

* Swap component props and base/regular props

* fix: shrink scrubber beacon animation (coinbase#181)

* Support hiding beacons when not scrubbing

* Move context bridge to mobile visualization

* Notify in doc site about chart bridge provider

* Support labelFonts

* Support label insets

* adjust example

* Fix doc site examples

* Undo web changes

* Fix lint

* Simplify mobile text alignment

* Cleanup types

* Add more examples

* Remove unnecessary variable
@cb-heimdall
Copy link
Collaborator

cb-heimdall commented Nov 22, 2025
edited
Loading

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 1
Global minimum 0
Max 1
1
1 if commit is unverified 1
Sum 2
CODEOWNERS 🟡 See below

🟡 CODEOWNERS

Code Owner Status Calculation
ui-systems-eng-team 🟡 0/1
Denominator calculation
Additional CODEOWNERS Requirement
Show calculation
Sum 0
0
From CODEOWNERS 1
Sum 1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@odaysec @cb-heimdall @hcopp