botframework-webchat 4.14.1 → 4.15.2-main.20220413.af6e8a3

package/src/adaptiveCards/Attachment/ReceiptCardContent.tsx

@@ -1,9 +1,9 @@
 /* eslint no-magic-numbers: ["error", { "ignore": [0, 1, 10, 15, 25, 50, 75] }] */
 
-import { DirectLineReceiptCard } from 'botframework-webchat-core';
 import { hooks } from 'botframework-webchat-component';
 import PropTypes from 'prop-types';
 import React, { FC, useMemo } from 'react';
+import type { DirectLineReceiptCard } from 'botframework-webchat-core';
 
 import AdaptiveCardBuilder from './AdaptiveCardBuilder';
 import AdaptiveCardRenderer from './AdaptiveCardRenderer';
@@ -55,54 +55,32 @@ const ReceiptCardContent: FC<ReceiptCardContentProps> = ({ actionPerformedClassN
       }
 
       items &&
-        items.map(
-          ({
-            image: { alt, tap: imageTap, url } = {},
-            price,
-            quantity,
-            subtitle,
-            tap,
-            text,
-            title
-          }: {
-            image: {
-              alt?: string;
-              tap?: any;
-              url?: string;
-            };
-            price: string;
-            quantity: string;
-            subtitle: string;
-            tap: any;
-            text: string;
-            title: string;
-          }) => {
-            let itemColumns;
-
-            if (url) {
-              const [itemImageColumn, ...columns] = builder.addColumnSet([15, 75, 10]);
-
-              itemColumns = columns;
-              builder.addImage(url, itemImageColumn, imageTap, alt);
-            } else {
-              itemColumns = builder.addColumnSet([75, 25], undefined, tap && tap);
-            }
-
-            const [itemTitleColumn, itemPriceColumn] = itemColumns;
-
-            builder.addTextBlock(
-              quantity ? `${title} &times; ${quantity}` : title,
-              { size: TextSize.Medium, weight: TextWeight.Bolder, wrap: richCardWrapTitle },
-              itemTitleColumn
-            );
-            builder.addTextBlock(subtitle, { size: TextSize.Medium, wrap: richCardWrapTitle }, itemTitleColumn);
-            builder.addTextBlock(price, { horizontalAlignment: HorizontalAlignment.Right }, itemPriceColumn);
-
-            if (text) {
-              builder.addTextBlock(text, { size: TextSize.Medium, wrap: richCardWrapTitle }, itemTitleColumn);
-            }
+        items.map(({ image: { alt, tap: imageTap, url } = {}, price, quantity, subtitle, tap, text, title }) => {
+          let itemColumns;
+
+          if (url) {
+            const [itemImageColumn, ...columns] = builder.addColumnSet([15, 75, 10]);
+
+            itemColumns = columns;
+            builder.addImage(url, itemImageColumn, imageTap, alt);
+          } else {
+            itemColumns = builder.addColumnSet([75, 25], undefined, tap && tap);
           }
-        );
+
+          const [itemTitleColumn, itemPriceColumn] = itemColumns;
+
+          builder.addTextBlock(
+            quantity ? `${title} &times; ${quantity}` : title,
+            { size: TextSize.Medium, weight: TextWeight.Bolder, wrap: richCardWrapTitle },
+            itemTitleColumn
+          );
+          builder.addTextBlock(subtitle, { size: TextSize.Medium, wrap: richCardWrapTitle }, itemTitleColumn);
+          builder.addTextBlock(price, { horizontalAlignment: HorizontalAlignment.Right }, itemPriceColumn);
+
+          if (text) {
+            builder.addTextBlock(text, { size: TextSize.Medium, wrap: richCardWrapTitle }, itemTitleColumn);
+          }
+        });
 
       if (!nullOrUndefined(vat)) {
         const vatCol = builder.addColumnSet([75, 25]);
@@ -152,6 +130,8 @@ ReceiptCardContent.defaultProps = {
 
 ReceiptCardContent.propTypes = {
   actionPerformedClassName: PropTypes.string,
+  // PropTypes cannot fully capture TypeScript types.
+  // @ts-ignore
   content: PropTypes.shape({
     buttons: PropTypes.array,
     facts: PropTypes.arrayOf(

package/src/adaptiveCards/Attachment/SignInCardContent.tsx

@@ -1,7 +1,7 @@
-import { DirectLineSignInCard } from 'botframework-webchat-core';
 import { hooks } from 'botframework-webchat-component';
 import PropTypes from 'prop-types';
 import React, { FC } from 'react';
+import type { DirectLineSignInCard } from 'botframework-webchat-core';
 
 import CommonCard from './CommonCard';
 

package/src/adaptiveCards/Attachment/ThumbnailCardContent.tsx

@@ -1,9 +1,9 @@
 /* eslint no-magic-numbers: ["error", { "ignore": [25, 75] }] */
 
-import { DirectLineThumbnailCard } from 'botframework-webchat-core';
 import { hooks } from 'botframework-webchat-component';
 import PropTypes from 'prop-types';
 import React, { FC, useMemo } from 'react';
+import type { DirectLineThumbnailCard } from 'botframework-webchat-core';
 
 import AdaptiveCardBuilder from './AdaptiveCardBuilder';
 import AdaptiveCardRenderer from './AdaptiveCardRenderer';
@@ -68,6 +68,8 @@ ThumbnailCardContent.defaultProps = {
 
 ThumbnailCardContent.propTypes = {
   actionPerformedClassName: PropTypes.string,
+  // PropTypes cannot fully capture TypeScript types.
+  // @ts-ignore
   content: PropTypes.shape({
     buttons: PropTypes.array,
     images: PropTypes.arrayOf(

package/src/adaptiveCards/Attachment/VideoCardContent.tsx

@@ -1,9 +1,9 @@
 /* eslint react/no-array-index-key: "off" */
 
-import { DirectLineVideoCard } from 'botframework-webchat-core';
 import { Components, hooks } from 'botframework-webchat-component';
 import PropTypes from 'prop-types';
 import React, { FC } from 'react';
+import type { DirectLineVideoCard } from 'botframework-webchat-core';
 
 import CommonCard from './CommonCard';
 
@@ -46,6 +46,8 @@ VideoCardContent.defaultProps = {
 
 VideoCardContent.propTypes = {
   actionPerformedClassName: PropTypes.string,
+  // PropTypes cannot fully capture TypeScript types.
+  // @ts-ignore
   content: PropTypes.shape({
     autoloop: PropTypes.bool,
     autostart: PropTypes.bool,
@@ -54,10 +56,10 @@ VideoCardContent.propTypes = {
     }),
     media: PropTypes.arrayOf(
       PropTypes.shape({
-        profile: PropTypes.string.isRequired,
+        profile: PropTypes.string,
         url: PropTypes.string.isRequired
       })
-    )
+    ).isRequired
   }).isRequired,
   disabled: PropTypes.bool
 };

package/src/adaptiveCards/Styles/StyleSet/AdaptiveCardRenderer.ts

@@ -9,6 +9,14 @@ export default function ({
 }: FullBundleStyleOptions) {
   return {
     '&.webchat__adaptive-card-renderer': {
+      // Related to #4075.
+      // Adaptive Cards assume its host is in "forced border-box" mode.
+      // In CSS, the default is "content-box" mode.
+      // https://developer.mozilla.org/en-US/docs/Web/CSS/box-sizing#values
+      '& *': {
+        boxSizing: 'border-box'
+      },
+
       '& .ac-input, & .ac-inlineActionButton, & .ac-quickActionButton': {
         fontFamily: primaryFont
       },

package/src/adaptiveCards/createAdaptiveCardsAttachmentMiddleware.tsx

@@ -16,7 +16,6 @@ export default function createAdaptiveCardsAttachmentMiddleware(): AttachmentMid
   // This is not returning a React component, but a render function.
   return () =>
     next =>
-    /* eslint-disable-next-line react/display-name */
     (...args) => {
       const [{ attachment }] = args;
 

package/src/createCognitiveServicesSpeechServicesPonyfillFactory.spec.js

@@ -19,19 +19,18 @@ beforeEach(() => {
 
   createPonyfill = require('web-speech-cognitive-services/lib/SpeechServices');
   createCognitiveServicesSpeechServicesPonyfillFactory =
-    // eslint-disable-next-line @typescript-eslint/no-var-requires
     require('./createCognitiveServicesSpeechServicesPonyfillFactory').default;
 
   window.AudioContext = class MockAudioContext {
     // eslint-disable-next-line class-methods-use-this
     createMediaStreamSource() {
-      // eslint-disable-next-line @typescript-eslint/no-empty-function
+      // eslint-disable-next-line no-empty-function
       return { connect: () => {} };
     }
 
     // eslint-disable-next-line class-methods-use-this
     createScriptProcessor() {
-      // eslint-disable-next-line @typescript-eslint/no-empty-function
+      // eslint-disable-next-line no-empty-function
       return { connect: () => {} };
     }
   };

package/src/createDirectLineSpeechAdapters.ts

@@ -1,7 +1,7 @@
 import { AudioConfig } from 'microsoft-cognitiveservices-speech-sdk';
 import { createAdapters } from 'botframework-directlinespeech-sdk';
-import { DirectLineJSBotConnection } from 'botframework-webchat-core';
 import { WebSpeechPonyfill } from 'botframework-webchat-api';
+import type { DirectLineJSBotConnection } from 'botframework-webchat-core';
 
 import CognitiveServicesAudioOutputFormat from './types/CognitiveServicesAudioOutputFormat';
 import CognitiveServicesCredentials from './types/CognitiveServicesCredentials';

package/src/index-es5.ts

@@ -1,32 +1,9 @@
 /* eslint dot-notation: ["error", { "allowPattern": "^WebChat$" }] */
 // window['WebChat'] is required for TypeScript
 
-// Polyfills for IE11 and other ES5 browsers
-// To maintain quality, we prefer polyfills without additives
-// For example, we prefer Promise implementation from "core-js" than "bluebird"
-
-import 'core-js/features/array/find-index';
-import 'core-js/features/array/find';
-import 'core-js/features/array/from';
-import 'core-js/features/array/includes';
-import 'core-js/features/array/iterator';
-import 'core-js/features/dom-collections';
-import 'core-js/features/math/sign';
-import 'core-js/features/number/is-finite';
-import 'core-js/features/object/assign';
-import 'core-js/features/object/entries';
-import 'core-js/features/object/from-entries';
-import 'core-js/features/object/is';
-import 'core-js/features/object/values';
-import 'core-js/features/promise';
-import 'core-js/features/promise/finally';
-import 'core-js/features/set';
-import 'core-js/features/string/ends-with';
-import 'core-js/features/string/starts-with';
-import 'core-js/features/symbol';
-
-import 'url-search-params-polyfill';
-import 'whatwg-fetch';
+// Importing polyfills required for IE11/ES5.
+import './polyfill';
+
 import { version } from './index-minimal';
 import addVersion from './addVersion';
 import defaultCreateDirectLine from './createDirectLine';

package/src/polyfill.ts

@@ -0,0 +1,29 @@
+// Polyfills for IE11 and other ES5 browsers
+// To maintain quality, we prefer polyfills without additives
+// For example, we prefer Promise implementation from "core-js" than "bluebird"
+
+// To reduce conflicts with hosting app, we should consider using
+// @babel/plugin-transform-runtime to polyfill in transpiled code directly.
+
+import 'core-js/features/array/find-index';
+import 'core-js/features/array/find';
+import 'core-js/features/array/from';
+import 'core-js/features/array/includes';
+import 'core-js/features/array/iterator';
+import 'core-js/features/dom-collections';
+import 'core-js/features/map';
+import 'core-js/features/math/sign';
+import 'core-js/features/number/is-finite';
+import 'core-js/features/object/assign';
+import 'core-js/features/object/entries';
+import 'core-js/features/object/from-entries';
+import 'core-js/features/object/is';
+import 'core-js/features/object/values';
+import 'core-js/features/promise';
+import 'core-js/features/promise/finally';
+import 'core-js/features/set';
+import 'core-js/features/string/ends-with';
+import 'core-js/features/string/starts-with';
+import 'core-js/features/symbol';
+import 'url-search-params-polyfill';
+import 'whatwg-fetch';

package/src/renderMarkdown.ts

@@ -57,6 +57,18 @@ const TRANSPARENT_GIF = 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAA
 // This is used for parsing Markdown for external links.
 const internalMarkdownIt = new MarkdownIt();
 
+const MARKDOWN_ATTRS_LEFT_DELIMITER = '⟬';
+// Make sure the delimiter is free from any RegExp characters, such as *, ?, etc.
+// IE11 does not support "u" flag and Babel could not remove it. We intentionally omitting the "u" flag here.
+// eslint-disable-next-line security/detect-non-literal-regexp, require-unicode-regexp
+const MARKDOWN_ATTRS_LEFT_DELIMITER_PATTERN = new RegExp(MARKDOWN_ATTRS_LEFT_DELIMITER, 'g');
+
+const MARKDOWN_ATTRS_RIGHT_DELIMITER = '⟭';
+// Make sure the delimiter is free from any RegExp characters, such as *, ?, etc.
+// IE11 does not support "u" flag and Babel could not remove it. We intentionally omitting the "u" flag here.
+// eslint-disable-next-line security/detect-non-literal-regexp, require-unicode-regexp
+const MARKDOWN_ATTRS_RIGHT_DELIMITER_PATTERN = new RegExp(MARKDOWN_ATTRS_RIGHT_DELIMITER, 'g');
+
 export default function render(
   markdown: string,
   { markdownRespectCRLF }: { markdownRespectCRLF: boolean },
@@ -66,16 +78,37 @@ export default function render(
     markdown = markdown.replace(/\n\r|\r\n/gu, carriageReturn => (carriageReturn === '\n\r' ? '\r\n' : '\n\r'));
   }
 
-  const html = new MarkdownIt({
+  // Related to #3165.
+  // We only support attributes "aria-label" and should leave other attributes as-is.
+  // However, `markdown-it-attrs` remove unrecognized attributes, such as {hello}.
+  // Before passing to `markdown-it-attrs`, we will convert known attributes from {aria-label="..."} into ⟬aria-label="..."⟭ (using white tortoise shell brackets).
+  // Then, we ask `markdown-it-attrs` to only process the new brackets, so it should only try to process things that we allowlisted.
+  // Lastly, we revert tortoise shell brackets back to curly brackets, for unprocessed attributes.
+  markdown = markdown
+    .replace(/\{\s*aria-label()\s*\}/giu, `${MARKDOWN_ATTRS_LEFT_DELIMITER}aria-label${MARKDOWN_ATTRS_RIGHT_DELIMITER}`)
+    .replace(
+      /\{\s*aria-label=("[^"]*"|[^\s}]*)\s*\}/giu,
+      (_, valueInsideQuotes) =>
+        `${MARKDOWN_ATTRS_LEFT_DELIMITER}aria-label=${valueInsideQuotes}${MARKDOWN_ATTRS_RIGHT_DELIMITER}`
+    );
+
+  let html = new MarkdownIt({
     breaks: false,
     html: false,
     linkify: true,
     typographer: true,
     xhtmlOut: true
   })
-    .use(markdownItAttrs)
+    .use(markdownItAttrs, {
+      // `markdown-it-attrs` is added for accessibility and allow bot developers to specify `aria-label`.
+      // We are allowlisting `aria-label` only as it is allowlisted in `sanitize-html`.
+      // Other `aria-*` will be sanitized even we allowlisted here.
+      allowedAttributes: ['aria-label'],
+      leftDelimiter: MARKDOWN_ATTRS_LEFT_DELIMITER,
+      rightDelimiter: MARKDOWN_ATTRS_RIGHT_DELIMITER
+    })
     .use(iterator, 'url_new_win', 'link_open', (tokens, index) => {
-      const token = tokens[index];
+      const token = tokens[+index];
 
       token.attrSet('rel', 'noopener noreferrer');
       token.attrSet('target', '_blank');
@@ -97,8 +130,11 @@ export default function render(
     })
     .render(markdown);
 
+  // Restore attributes not processed by `markdown-it-attrs`.
+  // TODO: [P2] #2511 After we fixed our polyfill story, we should use "String.prototype.replaceAll" instead of RegExp for replace all occurrences.
+  html = html.replace(MARKDOWN_ATTRS_LEFT_DELIMITER_PATTERN, '{').replace(MARKDOWN_ATTRS_RIGHT_DELIMITER_PATTERN, '}');
+
   // The signature from "sanitize-html" module is not correct.
-  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
   // @ts-ignore
   return sanitizeHTML(html, SANITIZE_HTML_OPTIONS);
 }

package/src/speech/CustomAudioInputStream.ts

@@ -22,6 +22,7 @@ import {
   type as Type
 } from 'microsoft-cognitiveservices-speech-sdk/distrib/lib/src/common.speech/Exports';
 
+import { isForbiddenPropertyName } from 'botframework-webchat-core';
 import { v4 } from 'uuid';
 import createDeferred, { DeferredPromise } from 'p-defer-es5';
 
@@ -88,9 +89,20 @@ abstract class CustomAudioInputStream extends AudioInputStream {
       id: options.id || v4().replace(/-/gu, '')
     };
 
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     this[SYMBOL_DEVICE_INFO_DEFERRED] = createDeferred<DeviceInfo>();
+
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     this[SYMBOL_EVENTS] = new EventSource<AudioSourceEvent>();
+
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     this[SYMBOL_FORMAT_DEFERRED] = createDeferred<AudioStreamFormatImpl>();
+
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     this[SYMBOL_OPTIONS] = normalizedOptions;
   }
 
@@ -101,9 +113,10 @@ abstract class CustomAudioInputStream extends AudioInputStream {
 
   /** Gets the event source for listening to events. */
   // ESLint: This code will only works in browsers other than IE11. Only works in ES5 is okay.
-  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
   // @ts-ignore Accessors are only available when targeting ECMAScript 5 and higher.ts(1056)
   get events(): EventSource<AudioSourceEvent> {
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     return this[SYMBOL_EVENTS];
   }
 
@@ -114,16 +127,19 @@ abstract class CustomAudioInputStream extends AudioInputStream {
   // Speech SDK quirks: In normal speech recognition, getter of "format" is called only after "attach".
   //                    But in Direct Line Speech, it is called before "attach".
   // ESLint: This code will only works in browsers other than IE11. Only works in ES5 is okay.
-  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
   // @ts-ignore Accessors are only available when targeting ECMAScript 5 and higher.ts(1056)
   get format(): Promise<AudioStreamFormatImpl> {
     this.debug('Getting "format".');
 
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     return this[SYMBOL_FORMAT_DEFERRED].promise;
   }
 
   /** Gets the ID of this audio stream. */
   id(): string {
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     return this[SYMBOL_OPTIONS].id;
   }
 
@@ -131,6 +147,8 @@ abstract class CustomAudioInputStream extends AudioInputStream {
   // Speech SDK quirks: In JavaScript, onXxx means "listen to event XXX".
   //                    Instead, in Speech SDK, it means "emit event XXX".
   protected onEvent(event: AudioSourceEvent): void {
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     this[SYMBOL_EVENTS].onEvent(event);
     Events.instance.onEvent(event);
   }
@@ -191,7 +209,6 @@ abstract class CustomAudioInputStream extends AudioInputStream {
 
   // Speech SDK quirks: Although "close" is marked as abstract, it is never called in our observations.
   // ESLint: Speech SDK requires this function, but we are not implementing it.
-  // eslint-disable-next-line class-methods-use-this
   close(): void {
     this.debug('Callback for "close".');
 
@@ -215,7 +232,8 @@ abstract class CustomAudioInputStream extends AudioInputStream {
   /** Log the message to console if `debug` is set to `true`. */
   private debug(message, ...args) {
     // ESLint: For debugging, will only log when "debug" is set to "true".
-    // eslint-disable-next-line no-console
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line no-console, security/detect-object-injection
     this[SYMBOL_OPTIONS].debug && console.info(`CustomAudioInputStream: ${message}`, ...args);
   }
 
@@ -240,7 +258,13 @@ abstract class CustomAudioInputStream extends AudioInputStream {
 
         // Although only getter of "format" is called before "attach" (in Direct Line Speech),
         // we are handling both "deviceInfo" and "format" in similar way for uniformity.
+
+        // False alarm: indexer is a constant of type Symbol.
+        // eslint-disable-next-line security/detect-object-injection
         this[SYMBOL_DEVICE_INFO_DEFERRED].resolve(deviceInfo);
+
+        // False alarm: indexer is a constant of type Symbol.
+        // eslint-disable-next-line security/detect-object-injection
         this[SYMBOL_FORMAT_DEFERRED].resolve(
           new AudioStreamFormatImpl(format.samplesPerSec, format.bitsPerSample, format.channels)
         );
@@ -300,21 +324,28 @@ abstract class CustomAudioInputStream extends AudioInputStream {
 
   /** Gets the device information. */
   // ESLint: This code will only works in browsers other than IE11. Only works in ES5 is okay.
-  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
   // @ts-ignore Accessors are only available when targeting ECMAScript 5 and higher.ts(1056)
   get deviceInfo(): Promise<ISpeechConfigAudioDevice> {
     this.debug(`Getting "deviceInfo".`);
 
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     return Promise.all([this[SYMBOL_DEVICE_INFO_DEFERRED].promise, this[SYMBOL_FORMAT_DEFERRED].promise]).then(
       ([{ connectivity, manufacturer, model, type }, { bitsPerSample, channels, samplesPerSec }]) => ({
         bitspersample: bitsPerSample,
         channelcount: channels,
         connectivity:
-          typeof connectivity === 'string' ? Connectivity[connectivity] : connectivity || Connectivity.Unknown,
+          typeof connectivity === 'string' && !isForbiddenPropertyName(connectivity)
+            ? // Mitigated through denylisting.
+              // eslint-disable-next-line security/detect-object-injection
+              Connectivity[connectivity]
+            : connectivity || Connectivity.Unknown,
         manufacturer: manufacturer || '',
         model: model || '',
         samplerate: samplesPerSec,
-        type: typeof type === 'string' ? Type[type] : type || Type.Unknown
+        // Mitigated through denylisting.
+        // eslint-disable-next-line security/detect-object-injection
+        type: typeof type === 'string' && !isForbiddenPropertyName(type) ? Type[type] : type || Type.Unknown
       })
     );
   }

package/src/speech/bytesPerSample.ts

@@ -1,4 +1,6 @@
 export default function bytesPerSample(settings: MediaTrackSettings) {
+  // `channelCount` is not on @types/web@0.0.54 yet, related to https://github.com/microsoft/TypeScript-DOM-lib-generator/issues/1290.
+  // @ts-ignore
   // eslint-disable-next-line no-magic-numbers
   return ((settings.sampleSize as number) >> 3) * (settings.channelCount as number) * (settings.sampleRate as number);
 }

package/src/speech/createAudioConfig.spec.js

@@ -1,4 +1,4 @@
-/* eslint @typescript-eslint/no-empty-function: "off" */
+/* eslint no-empty-function: "off" */
 
 import createAudioConfig from './createAudioConfig';
 

package/src/speech/createAudioConfig.ts

@@ -43,7 +43,12 @@ class CreateAudioConfigAudioInputStream extends CustomAudioInputStream {
 
     super({ debug });
 
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     this[SYMBOL_ATTACH] = attach;
+
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     this[SYMBOL_TURN_OFF] = turnOff;
   }
 
@@ -55,6 +60,8 @@ class CreateAudioConfigAudioInputStream extends CustomAudioInputStream {
     deviceInfo: DeviceInfo;
     format: Format;
   }> {
+    // False alarm: indexer is a constant of type Symbol.
+    // eslint-disable-next-line security/detect-object-injection
     return this[SYMBOL_ATTACH](audioNodeId);
   }
 

package/src/speech/createMicrophoneAudioConfigAndAudioContext.ts

@@ -22,6 +22,8 @@ const PCM_RECORDER_HARDCODED_SETTINGS: MediaTrackSettings = Object.freeze({
 
 const PCM_RECORDER_HARDCODED_FORMAT: Format = Object.freeze({
   bitsPerSample: PCM_RECORDER_HARDCODED_SETTINGS.sampleSize,
+  // `channelCount` is not on @types/web@0.0.54 yet, related to https://github.com/microsoft/TypeScript-DOM-lib-generator/issues/1290.
+  // @ts-ignore
   channels: PCM_RECORDER_HARDCODED_SETTINGS.channelCount,
   samplesPerSec: PCM_RECORDER_HARDCODED_SETTINGS.sampleRate
 });

package/src/speech/getUserMedia.ts

@@ -5,8 +5,11 @@ export default function getUserMedia(constraints: MediaStreamConstraints): Promi
     return navigator.mediaDevices.getUserMedia(constraints);
   }
 
-  // Although getUserMedia has vendor prefix, they are only used in very old version of browsers.
+  // We are intentionally using the deprecated `navigator.getUserMedia` to make sure backward compatibility.
+  // @ts-ignore
   if (typeof navigator.getUserMedia !== 'undefined') {
+    // We are intentionally using the deprecated `navigator.getUserMedia` to make sure backward compatibility.
+    // @ts-ignore
     return new Promise((resolve, reject) => navigator.getUserMedia(constraints, resolve, reject));
   }
 

package/.eslintignore

@@ -1 +0,0 @@
-/src/tsconfig.json