@forsakringskassan/commitlint-config 1.4.0 → 1.4.1

package/dist/commitlint.js

@@ -256387,18 +256387,35 @@ var wildcards = [
   test(/^Auto-merged (.*?) into (.*)/)
 ];
 
+// node_modules/@commitlint/is-ignored/lib/validate-ignore-func.js
+function validateIgnoreFunction(fn) {
+  const fnString = fn.toString();
+  const dangerousPattern = /(?:process|require|import|eval|fetch|XMLHttpRequest|fs|child_process)(?:\s*\.|\s*\()|(?:exec|execFile|spawn)\s*\(/;
+  if (dangerousPattern.test(fnString)) {
+    const match2 = fnString.match(dangerousPattern);
+    throw new Error(`Ignore function contains forbidden pattern: ${match2?.[0].trim()}`);
+  }
+}
+
 // node_modules/@commitlint/is-ignored/lib/is-ignored.js
 function isIgnored(commit = "", opts = {}) {
   const ignores = typeof opts.ignores === "undefined" ? [] : opts.ignores;
   if (!Array.isArray(ignores)) {
     throw new Error(`ignores must be of type array, received ${ignores} of type ${typeof ignores}`);
   }
+  ignores.forEach(validateIgnoreFunction);
   const invalids = ignores.filter((c) => typeof c !== "function");
   if (invalids.length > 0) {
     throw new Error(`ignores must be array of type function, received items of type: ${invalids.map((i) => typeof i).join(", ")}`);
   }
   const base = opts.defaults === false ? [] : wildcards;
-  return [...base, ...ignores].some((w) => w(commit));
+  return [...base, ...ignores].some((w) => {
+    const result = w(commit);
+    if (typeof result !== "boolean") {
+      throw new Error(`Ignore function must return a boolean, received ${typeof result}`);
+    }
+    return result;
+  });
 }
 
 // node_modules/@commitlint/parse/lib/index.js

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@forsakringskassan/commitlint-config",
-  "version": "1.4.0",
+  "version": "1.4.1",
   "description": "FK commitlint shareable config",
   "keywords": [
     "commitlint"