Skip to content

fix: satisfy ESLint ReDoS rule in DuckDB view parser#73

Merged
huyplb merged 1 commit into
mainfrom
fix/duckdb-eslint-unsafe-regex
Jul 15, 2026
Merged

fix: satisfy ESLint ReDoS rule in DuckDB view parser#73
huyplb merged 1 commit into
mainfrom
fix/duckdb-eslint-unsafe-regex

Conversation

@huyplb

@huyplb huyplb commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Fixes the ESLint security CI failure in Dependency Security run #147
  • Replaces [\s\S]*? in the DuckDB CREATE VIEW header stripper with bounded identifier tokens (same approach as DB2 / SQL Server)

The 7 detect-non-literal-fs-filename findings are warnings only (CLI/config paths by design) — no change needed.

Test plan

  • npx eslint packages/core/src/providers/duckDb/duckdb.provider.ts passes

Made with Cursor

Replace the lazy [\s\S]*? view-name matcher with bounded identifier
alternatives, matching the pattern used by DB2/SQL Server providers.

Co-authored-by: Cursor <cursoragent@cursor.com>
@huyplb huyplb merged commit 17af779 into main Jul 15, 2026
5 checks passed
@huyplb huyplb deleted the fix/duckdb-eslint-unsafe-regex branch July 15, 2026 03:29
@cursor

cursor Bot commented Jul 15, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_37eb2509-55c5-4040-93af-dec3c03c4927)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant