akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 15 Packages Projects Releases Wiki Activity

chore: upgrade ESLint and related plugins to version 10.x

Browse Source 
- Updated @eslint/js and eslint to version 10.0.0 in package.json.
- Adjusted overrides for eslint-plugin-react-hooks, eslint-plugin-jsx-a11y, and eslint-plugin-promise to ensure compatibility with ESLint v10.
- Modified lefthook.yml to reflect the upgrade and noted the need for plugin support for ESLint v10.
This commit is contained in:
GitHub Actions
2026-03-12 00:00:01 +00:00
parent 2969eb58e4
commit 2e85a341c8
4 changed files with 462 additions and 393 deletions
Download Patch File Download Diff File Expand all files Collapse all files

216
docs/reports/qa_report.md
View File

@@ -1,184 +1,66 @@
# QA / Security Audit Report
# QA Report — ESLint v10 Upgrade (stacked on TypeScript 6.0)
**Feature**: Telegram Notification Provider + Test Remediation
**Date**: 2025-07-17
**Auditor**: QA Security Agent
**Overall Verdict**: ✅ **PASS — Ready to Merge**
**Date**: 2026-03-11
**Branch**: Current working branch (ESLint v10 + TypeScript 6.0)
**Scope**: Dev tooling upgrade — ESLint `^9.39.3 <10.0.0``^10.0.0`, @eslint/js same, 3 npm overrides for peer dep compatibility (react-hooks, jsx-a11y, promise). No source code changes.
---
## Summary
## Check Results
All 8 audit gates passed. Zero Critical or High severity findings across all security scans. Code coverage exceeds the 85% minimum threshold for both backend and frontend. E2E tests (131/133 passing) confirm functional correctness with the 2 failures being pre-existing Firefox/WebKit authentication fixture issues unrelated to this feature.
| # | Check | Status | Details |
|---|-------|--------|---------|
| 1 | Frontend Lint | **PASS** | 0 errors, 857 warnings (all pre-existing, exit 0) |
| 2 | Type Safety (`tsc --noEmit`) | **PASS** | Clean, no type errors |
| 3 | Frontend Unit Tests (Vitest) | **PASS** | 993 passed, 84 skipped, 0 failed (40 test files passed, 5 skipped) |
| 4 | Frontend Build (`vite build`) | **PASS** | 2455 modules transformed, built in 7.85s |
| 5 | Pre-commit Hooks (lefthook) | **PASS** | 6/6 applicable hooks passed (6 skipped — no matching staged files) |
| 6 | npm audit (`--omit=dev`) | **PASS** | 0 vulnerabilities |
| 7 | ESLint Version | **PASS** | v10.0.3 confirmed |
---
## Scope of Changes
## Warnings Detail (Check #1)
| File | Type | Summary |
|------|------|---------|
| `frontend/src/pages/Notifications.tsx` | Modified | Added `aria-label` attributes to Send Test, Edit, and Delete icon buttons |
| `frontend/src/pages/__tests__/Notifications.test.tsx` | Modified | Fixed 2 tests, added `saveBeforeTesting` guard test |
| `tests/settings/notifications.spec.ts` | Modified | Fixed 4 E2E tests — save-before-test pattern |
| `tests/settings/notifications-payload.spec.ts` | Modified | Fixed 2 E2E tests — save-before-test pattern |
| `tests/settings/telegram-notification-provider.spec.ts` | Modified | Replaced fragile keyboard nav with direct button locator |
| `docs/plans/current_spec.md` | Modified | Updated from implementation plan to remediation plan |
| `docs/plans/telegram_implementation_spec.md` | New | Archived original implementation plan |
857 warnings across 22 rules — all pre-existing, none introduced by the upgrade:
| Count | Rule | Category |
|------:|------|----------|
| 567 | `testing-library/no-node-access` | Test quality |
| 82 | `testing-library/prefer-find-by` | Test quality |
| 54 | `jsx-a11y/label-has-associated-control` | Accessibility |
| 37 | `unicorn/no-useless-undefined` | Code style |
| 29 | `testing-library/no-container` | Test quality |
| 18 | `jsx-a11y/click-events-have-key-events` | Accessibility |
| 18 | `jsx-a11y/no-static-element-interactions` | Accessibility |
| 13 | `testing-library/no-unnecessary-act` | Test quality |
| 12 | `vitest/no-disabled-tests` | Test quality |
| 4 | `vitest/expect-expect` | Test quality |
| 3 | `react-compiler/react-compiler` | React |
| 3 | `security/detect-non-literal-regexp` | Security |
| 2 | `security/detect-unsafe-regex` | Security |
| 2 | `sonarjs/no-identical-functions` | Code quality |
| 2 | `promise/always-return` | Async |
| 2 | `jsx-a11y/role-has-required-aria-props` | Accessibility |
| 2 | `jsx-a11y/heading-has-content` | Accessibility |
| 2 | `jsx-a11y/no-autofocus` | Accessibility |
| 2 | `testing-library/no-manual-cleanup` | Test quality |
| 1 | `unicorn/no-array-for-each` | Code style |
| 1 | `testing-library/prefer-screen-queries` | Test quality |
| 1 | `testing-library/prefer-presence-queries` | Test quality |
These warnings are pre-existing and unrelated to the ESLint v10 upgrade.
---
## Audit Checklist
## Skipped Scans (per task scope)
### 1. Pre-commit Hooks (lefthook)
| Status | Details |
|--------|---------|
| ✅ PASS | 6/6 hooks executed and passed |
Hooks executed: `check-yaml`, `actionlint`, `end-of-file-fixer`, `trailing-whitespace`, `dockerfile-check`, `shellcheck`
Language-specific hooks (Go lint, frontend lint) skipped — no staged files at audit time.
- **GORM Security Scan** — No backend model changes
- **CodeQL Go** — No Go code changed
- **Docker Image Security** — Dev tooling only, not deployed
---
### 2. Backend Unit Test Coverage
## Overall Verdict: **PASS**
| Metric | Value | Threshold | Status |
|--------|-------|-----------|--------|
| Statements | 87.9% | 85% | ✅ PASS |
| Lines | 88.1% | 85% | ✅ PASS |
Command: `bash scripts/go-test-coverage.sh`
---
### 3. Frontend Unit Test Coverage
| Metric | Value | Threshold | Status |
|--------|-------|-----------|--------|
| Statements | 89.01% | 85% | ✅ PASS |
| Branches | 81.07% | — | Advisory |
| Functions | 86.18% | 85% | ✅ PASS |
| Lines | 89.73% | 85% | ✅ PASS |
- **Test files**: 158 passed
- **Tests**: 1871 passed, 5 skipped, 0 failed
Command: `npx vitest run --coverage`
---
### 4. TypeScript Type Check
| Status | Details |
|--------|---------|
| ✅ PASS | `npx tsc --noEmit` — zero errors |
---
### 5. Local Patch Coverage Report
| Scope | Patch Coverage | Status |
|-------|---------------|--------|
| Overall | 87.6% | Advisory (90% target) |
| Backend | 87.2% | ✅ PASS (≥85%) |
| Frontend | 88.6% | ✅ PASS (≥85%) |
Artifacts generated:
- `test-results/local-patch-report.md`
- `test-results/local-patch-report.json`
Files needing additional coverage (advisory, non-blocking):
- `EncryptionManagement.tsx`
- `Notifications.tsx`
- `notification_provider_handler.go`
- `notification_service.go`
- `http_wrapper.go`
---
### 6. Trivy Filesystem Scan
| Category | Count | Status |
|----------|-------|--------|
| Critical | 0 | ✅ |
| High | 0 | ✅ |
| Medium | 0 | ✅ |
| Low | 0 | ✅ |
| Secrets | 0 | ✅ |
Command: `trivy fs --severity CRITICAL,HIGH,MEDIUM,LOW --scanners vuln,secret .`
---
### 7. Docker Image Scan (Grype)
| Severity | Count | Status |
|----------|-------|--------|
| Critical | 0 | ✅ PASS |
| High | 0 | ✅ PASS |
| Medium | 12 | Non-blocking |
| Low | 3 | Non-blocking |
- **SBOM packages**: 1672
- **Docker build**: All stages cached (no build changes)
- All Medium/Low findings are in base image dependencies, not in application code
---
### 8. CodeQL Static Analysis
| Language | Errors | Warnings | Status |
|----------|--------|----------|--------|
| Go | 0 | 0 | ✅ PASS |
| JavaScript/TypeScript | 0 | 0 | ✅ PASS |
- JS/TS scan covered 354/354 files
- 1 informational note: semicolon style in test file (non-blocking)
---
## Additional Security Checks
### GORM Security Scan
**Status**: Not applicable — no changes to `backend/internal/models/**`, GORM services, or migrations in this PR.
### Gotify Token Exposure Review
| Location | Status |
|----------|--------|
| Logs & test artifacts | ✅ Clean |
| API examples & report output | ✅ Clean |
| Screenshots | ✅ Clean |
| Tokenized URL query strings | ✅ Clean |
---
## E2E Test Results (Pre-verified)
| Metric | Value |
|--------|-------|
| Total tests | 133 |
| Passed | 131 |
| Failed | 2 (pre-existing) |
The 2 failures are pre-existing Firefox/WebKit authentication fixture issues unrelated to this feature. These were verified prior to this audit and were **not re-run** per instructions.
---
## Risk Assessment
| Risk Area | Assessment |
|-----------|-----------|
| Security vulnerabilities | **None** — all scans clean |
| Regression risk | **Low** — changes are additive (aria-labels) and test fixes |
| Test coverage gaps | **Low** — all coverage thresholds exceeded |
| Token/secret leakage | **None** — all artifact scans clean |
---
## Verdict
**✅ PASS — All gates satisfied. Feature is ready to merge.**
All 8 mandatory audit checks passed. No Critical or High severity security issues were identified. Code coverage exceeds minimum thresholds. The changes are well-scoped test remediation fixes and accessibility improvements with no architectural risk.
All 7 verification checks passed. The ESLint v10 upgrade is clean — zero regressions detected. The npm overrides for peer dep compatibility introduce no production vulnerabilities.