bito-code-review[bot] commented on code in PR #38253: URL: https://github.com/apache/superset/pull/38253#discussion_r2874640510
########## docs/yarn.lock: ########## @@ -10840,20 +11343,34 @@ [email protected], minimatch@^3.1.1, minimatch@^3.1.2: dependencies: brace-expansion "^1.1.7" -minimatch@^10.2.1, minimatch@^10.2.2: +minimatch@^10.2.1: version "10.2.2" resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-10.2.2.tgz#361603ee323cfb83496fea2ae17cc44ea4e1f99f"; integrity sha512-+G4CpNBxa5MprY+04MbgOw1v7So6n5JY166pFi9KfYwT78fxScCeSNQSNzp6dpPSW2rONOps6Ocam1wFhCgoVw== dependencies: brace-expansion "^5.0.2" +minimatch@^10.2.2: + version "10.2.4" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-10.2.4.tgz#465b3accbd0218b8281f5301e27cedc697f96fde"; + integrity sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg== + dependencies: + brace-expansion "^5.0.2" + minimatch@^5.0.1: version "5.1.6" resolved "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz"; integrity sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g== dependencies: brace-expansion "^2.0.1" +minimatch@^9.0.5: Review Comment: <div> <div id="suggestion"> <div id="issue"><b>Security vulnerability in minimatch</b></div> <div id="fix"> The added minimatch@^9.0.5 version contains a known Regular Expression Denial of Service (ReDoS) vulnerability that was patched in 9.0.7. While this version predates the public CVE disclosure, upgrading to 9.0.7 or later prevents potential DoS attacks when processing glob patterns with complex wildcards. </div> </div> <small><i>Code Review Run #294c22</i></small> </div> --- Should Bito avoid suggestions like this for future reviews? (<a href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>) - [ ] Yes, avoid them ########## docs/scripts/generate-superset-components.mjs: ########## @@ -1332,6 +1335,147 @@ ${sections} `; } +/** + * Build metadata for a component (for JSON output) + */ +function buildComponentMetadata(component, storyContent) { + const { componentName, description, category, sourceConfig, resolvedImportPath, extensionCompatible } = component; + const { args, controls, gallery, liveExample } = extractArgsAndControls(storyContent, componentName); + const labels = CATEGORY_LABELS[category] || { + title: category.charAt(0).toUpperCase() + category.slice(1).replace(/-/g, ' '), + }; + + return { + name: componentName, + category, + categoryLabel: labels.title || category, + description: description || '', + importPath: resolvedImportPath || sourceConfig.importPrefix, + package: sourceConfig.docImportPrefix, + extensionCompatible: Boolean(extensionCompatible), + propsCount: Object.keys(args).length, + controlsCount: controls.length, + hasGallery: Boolean(gallery && gallery.sizes && gallery.styles), + hasLiveExample: Boolean(liveExample), + docPath: `developer-docs/components/${category}/${componentName.toLowerCase()}`, + storyFile: component.relativePath, + }; +} + +/** + * Extract type and component export declarations from a component source file. + * Used to generate .d.ts type declarations for extension-compatible components. + */ +function extractComponentTypes(componentPath) { + if (!fs.existsSync(componentPath)) return null; + const content = fs.readFileSync(componentPath, 'utf-8'); + + const types = []; + // Match "export type Name = <definition>;" handling nested braces + // so object types like { a: string; b: number } are captured fully. + const typeRegex = /export\s+type\s+(\w+)\s*=\s*/g; + let typeMatch; + while ((typeMatch = typeRegex.exec(content)) !== null) { + const start = typeMatch.index + typeMatch[0].length; + let depth = 0; + let end = start; + for (let i = start; i < content.length; i++) { + const ch = content[i]; + if (ch === '{' || ch === '<' || ch === '(') depth++; + else if (ch === '}' || ch === '>' || ch === ')') depth--; + else if (ch === ';' && depth === 0) { + end = i; + break; + } + } + const definition = content.slice(start, end).trim(); + if (definition) { + types.push({ name: typeMatch[1], definition }); + } + } Review Comment: <div> <div id="suggestion"> <div id="issue"><b>Incomplete type extraction for interfaces</b></div> <div id="fix"> The typeRegex in extractComponentTypes only handles 'export type' declarations but ignores 'export interface', which are also valid TypeScript type declarations. This could result in incomplete type extraction and invalid .d.ts files if extension components use interfaces. Update the regex to /export\s+(type|interface)\s+(\w+)\s*[=:]?\s*/g, store the kind, and generate accordingly to ensure all types are captured correctly. </div> </div> <small><i>Code Review Run #294c22</i></small> </div> --- Should Bito avoid suggestions like this for future reviews? (<a href=https://alpha.bito.ai/home/ai-agents/review-rules>Manage Rules</a>) - [ ] Yes, avoid them -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
