You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is currently one unresolved warning in https://github.com/mozilla/pdf.js/security/code-scanning/257. It's interesting because the line has been there for almost a year now as it was introduced in 0c420f5, but merging 74c62ea 4 days ago seems to have triggered the alert, possibly because of new CodeQL rules having been deployed in the meantime and because the code touched in that commit is very close to this line.
As far as I can tell this looks like a false positive given that the variable swap seems to work if I try this in isolation. If it's indeed a false positive we can simply dismiss the alert in the UI (and we should report it to CodeQL given that previous time we did that it actually got fixed upstream), but if there is actually a bug here we should fix it.
/cc @calixteman as the original author of this code
The text was updated successfully, but these errors were encountered:
On the question on why ESLint doesn't pick this up, I'm guessing that the answer is that it's a static code-analyzer which means that it cannot (generally) detect that the w and h assignments doesn't have side-effects (e.g. they could be getters).
There is currently one unresolved warning in https://github.com/mozilla/pdf.js/security/code-scanning/257. It's interesting because the line has been there for almost a year now as it was introduced in 0c420f5, but merging 74c62ea 4 days ago seems to have triggered the alert, possibly because of new CodeQL rules having been deployed in the meantime and because the code touched in that commit is very close to this line.
As far as I can tell this looks like a false positive given that the variable swap seems to work if I try this in isolation. If it's indeed a false positive we can simply dismiss the alert in the UI (and we should report it to CodeQL given that previous time we did that it actually got fixed upstream), but if there is actually a bug here we should fix it.
/cc @calixteman as the original author of this code
The text was updated successfully, but these errors were encountered: