mirror of
https://github.com/MichMich/MagicMirror.git
synced 2026-06-04 02:10:43 +00:00
fb41d24ef5
## Release Notes Thanks to: @cgillinger, @khassel, @KristjanESPERANTO, @sonnyb9 > ⚠️ This release needs nodejs version >=22.21.1 <23 || >=24 (no change to previous release) [Compare to previous Release v2.35.0](https://github.com/MagicMirrorOrg/MagicMirror/compare/v2.35.0...v2.36.0) This release falls outside the quarterly schedule. We opted for an early release due to: - Security fix for the internal cors proxy - API change of the weather provider smi - Several bug fixes ### Breaking Changes The cors proxy is now disabled by default. If required, it must be explicitly enabled in the `config.js` file. See the [documentation](https://docs.magicmirror.builders/configuration/cors.html). ### ⚠️ Security You can find several publicly accessible MagicMirror² instances. This should never be done. Doing so makes your entire configuration, including secrets and API keys, publicly visible. Furthermore, it allows attackers to target the host; this is only prevented beginning with this release. Public MagicMirror² instances should always run behind a reverse proxy with authentication. ### [core] - Prepare Release 2.36.0 (#4126) - Allow HTTPFetcher to pass through 304 responses (#4120) - fix(http-fetcher): fall back to reloadInterval after retries exhausted (#4113) - config endpoint must handle functions in module configs (#4106) - fix replaceSecretPlaceholder (#4104) - restrict replaceSecretPlaceholder to cors with allowWhitelist (#4102) - fix: prevent crash when config is undefined in socket handler (#4096) - fix cors function for alpine linux (#4091) - fix(cors): prevent SSRF via DNS rebinding (#4090) - add option to disable or restrict cors endpoint (#4087) - fix: prevent SSRF via /cors endpoint by blocking private/reserved IPs (#4084) - chore: add permissions section to enforce pull-request rules workflow (#4079) - update version for develop ### [dependencies] - update dependencies (#4124) - chore: update dependencies (#4088) - refactor: enable ESLint rule "no-unused-vars" and handle related issues (#4080) ### [modules/newsfeed] - fix(newsfeed): prevent duplicate parse error callback when using pipeline (#4083) ### [modules/updatenotification] - fix(updatenotification): harden git command execution + simplify checkUpdates (#4115) - fix(tests): correct import path for git_helper module in updatenotification tests (#4078) ### [modules/weather] - fix(weather): use nearest openmeteo hourly data (#4123) - fix(weather): avoid loading state after reconnect (#4121) - weather: fix UV index display and add WeatherFlow precipitation (#4108) - fix(weather): restore OpenWeatherMap v2.5 support (#4101) - fix(weather): use stable instanceId to prevent duplicate fetchers (#4092) - SMHI: migrate to SNOW1gv1 API (replace deprecated PMP3gv2) (#4082) ### [testing] - ci(actions): set explicit token permissions (#4114) - fix(http_fetcher): use undici.fetch when dispatcher is present (#4097) - ci(codeql): also scan develop branch on push and PR (#4086) - refactor: replace implicit global config with explicit global.config (#4085) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: sam detweiler <sdetweil@gmail.com> Co-authored-by: Kristjan ESPERANTO <35647502+KristjanESPERANTO@users.noreply.github.com> Co-authored-by: Veeck <github@veeck.de> Co-authored-by: veeck <gitkraken@veeck.de> Co-authored-by: Magnus <34011212+MagMar94@users.noreply.github.com> Co-authored-by: Ikko Eltociear Ashimine <eltociear@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: DevIncomin <56730075+Developer-Incoming@users.noreply.github.com> Co-authored-by: Nathan <n8nyoung@gmail.com> Co-authored-by: mixasgr <mixasgr@users.noreply.github.com> Co-authored-by: Savvas Adamtziloglou <savvas-gr@greeklug.gr> Co-authored-by: Konstantinos <geraki@gmail.com> Co-authored-by: OWL4C <124401812+OWL4C@users.noreply.github.com> Co-authored-by: BugHaver <43462320+bughaver@users.noreply.github.com> Co-authored-by: BugHaver <43462320+lsaadeh@users.noreply.github.com> Co-authored-by: Bugsounet - Cédric <github@bugsounet.fr> Co-authored-by: Koen Konst <koenspero@gmail.com> Co-authored-by: Koen Konst <c.h.konst@avisi.nl> Co-authored-by: dathbe <github@beffa.us> Co-authored-by: Marcel <m-idler@users.noreply.github.com> Co-authored-by: Kevin G. <crazylegstoo@gmail.com> Co-authored-by: Jboucly <33218155+jboucly@users.noreply.github.com> Co-authored-by: Jboucly <contact@jboucly.fr> Co-authored-by: Jarno <54169345+jarnoml@users.noreply.github.com> Co-authored-by: Jordan Welch <JordanHWelch@gmail.com> Co-authored-by: Blackspirits <blackspirits@gmail.com> Co-authored-by: Samed Ozdemir <samed@xsor.io> Co-authored-by: in-voker <58696565+in-voker@users.noreply.github.com> Co-authored-by: Andrés Vanegas Jiménez <142350+angeldeejay@users.noreply.github.com> Co-authored-by: cgillinger <christian.gillinger@gmail.com> Co-authored-by: Sonny B <43247590+sonnyb9@users.noreply.github.com> Co-authored-by: sonnyb9 <sonnyb9@users.noreply.github.com>
176 lines
5.3 KiB
JavaScript
176 lines
5.3 KiB
JavaScript
import {defineConfig, globalIgnores} from "eslint/config";
|
|
import globals from "globals";
|
|
import {flatConfigs as importX} from "eslint-plugin-import-x";
|
|
import js from "@eslint/js";
|
|
import jsdocPlugin from "eslint-plugin-jsdoc";
|
|
import {configs as packageJsonConfigs} from "eslint-plugin-package-json";
|
|
import playwright from "eslint-plugin-playwright";
|
|
import stylistic from "@stylistic/eslint-plugin";
|
|
import vitest from "@vitest/eslint-plugin";
|
|
|
|
export default defineConfig([
|
|
globalIgnores(["config/**", "modules/**/*", "js/positions.js", "tests/configs/config_variables.js"]),
|
|
{
|
|
files: ["**/*.js"],
|
|
languageOptions: {
|
|
ecmaVersion: "latest",
|
|
globals: {
|
|
...globals.browser,
|
|
...globals.node,
|
|
Log: "readonly",
|
|
MM: "readonly",
|
|
Module: "readonly",
|
|
config: "readonly",
|
|
moment: "readonly"
|
|
}
|
|
},
|
|
extends: [importX.recommended, js.configs.recommended, jsdocPlugin.configs["flat/recommended"], stylistic.configs.all],
|
|
rules: {
|
|
"@stylistic/array-element-newline": ["error", "consistent"],
|
|
"@stylistic/arrow-parens": ["error", "always"],
|
|
"@stylistic/brace-style": "off",
|
|
"@stylistic/dot-location": ["error", "property"],
|
|
"@stylistic/function-call-argument-newline": ["error", "consistent"],
|
|
"@stylistic/function-paren-newline": ["error", "consistent"],
|
|
"@stylistic/implicit-arrow-linebreak": ["error", "beside"],
|
|
"@stylistic/indent": ["error", "tab"],
|
|
"@stylistic/max-statements-per-line": ["error", {max: 2}],
|
|
"@stylistic/multiline-comment-style": "off",
|
|
"@stylistic/multiline-ternary": ["error", "always-multiline"],
|
|
"@stylistic/newline-per-chained-call": ["error", {ignoreChainWithDepth: 4}],
|
|
"@stylistic/no-extra-parens": "off",
|
|
"@stylistic/no-tabs": "off",
|
|
"@stylistic/object-curly-spacing": ["error", "always"],
|
|
"@stylistic/object-property-newline": ["error", {allowAllPropertiesOnSameLine: true}],
|
|
"@stylistic/operator-linebreak": ["error", "before"],
|
|
"@stylistic/padded-blocks": "off",
|
|
"@stylistic/quote-props": ["error", "as-needed"],
|
|
"@stylistic/quotes": ["error", "double"],
|
|
"@stylistic/semi": ["error", "always"],
|
|
"@stylistic/space-before-function-paren": ["error", "always"],
|
|
"@stylistic/spaced-comment": "off",
|
|
"dot-notation": "error",
|
|
eqeqeq: ["error", "always", {null: "ignore"}],
|
|
"id-length": "off",
|
|
"import-x/extensions": "error",
|
|
"import-x/newline-after-import": "error",
|
|
"import-x/order": "error",
|
|
"init-declarations": "off",
|
|
"max-lines-per-function": ["warn", 400],
|
|
"max-statements": "off",
|
|
"no-global-assign": "off",
|
|
"no-inline-comments": "off",
|
|
"no-magic-numbers": "off",
|
|
"no-param-reassign": "error",
|
|
"no-plusplus": "off",
|
|
"no-prototype-builtins": "off",
|
|
"no-ternary": "off",
|
|
"no-throw-literal": "error",
|
|
"no-undefined": "off",
|
|
"no-unneeded-ternary": "error",
|
|
"no-useless-return": "error",
|
|
"no-warning-comments": "off",
|
|
"object-shorthand": ["error", "methods"],
|
|
"one-var": "off",
|
|
"prefer-template": "error",
|
|
"require-await": "error",
|
|
"sort-keys": "off"
|
|
}
|
|
},
|
|
{
|
|
files: ["**/*.js"],
|
|
ignores: [
|
|
"clientonly/index.js",
|
|
"js/logger.js",
|
|
"tests/**/*.js"
|
|
],
|
|
rules: {"no-console": "error"}
|
|
},
|
|
{
|
|
files: ["**/package.json"],
|
|
extends: [packageJsonConfigs.recommended]
|
|
},
|
|
{
|
|
files: ["**/*.mjs"],
|
|
languageOptions: {
|
|
ecmaVersion: "latest",
|
|
globals: {
|
|
...globals.node
|
|
},
|
|
sourceType: "module"
|
|
},
|
|
extends: [importX.recommended, js.configs.all, stylistic.configs.all],
|
|
rules: {
|
|
"@stylistic/array-element-newline": "off",
|
|
"@stylistic/indent": ["error", "tab"],
|
|
"@stylistic/object-property-newline": ["error", {allowAllPropertiesOnSameLine: true}],
|
|
"@stylistic/padded-blocks": ["error", "never"],
|
|
"@stylistic/quote-props": ["error", "as-needed"],
|
|
"import-x/no-unresolved": ["error", {ignore: ["eslint/config"]}],
|
|
"max-lines-per-function": ["error", 100],
|
|
"no-magic-numbers": "off",
|
|
"one-var": ["error", "never"],
|
|
"sort-keys": "off"
|
|
}
|
|
},
|
|
{
|
|
files: ["tests/**/*.js"],
|
|
languageOptions: {
|
|
globals: {
|
|
...vitest.environments.env.globals
|
|
}
|
|
},
|
|
extends: [vitest.configs.recommended],
|
|
rules: {
|
|
"vitest/consistent-test-it": "error",
|
|
"vitest/expect-expect": [
|
|
"error",
|
|
{
|
|
assertFunctionNames: [
|
|
"expect",
|
|
"testElementLength",
|
|
"testTextContain",
|
|
"doTest",
|
|
"runAnimationTest",
|
|
"waitForAnimationClass",
|
|
"assertNoAnimationWithin"
|
|
]
|
|
}
|
|
],
|
|
"vitest/max-nested-describe": ["error", {max: 3}],
|
|
"vitest/prefer-to-be": "error",
|
|
"vitest/prefer-to-have-length": "error",
|
|
"max-lines-per-function": "off"
|
|
}
|
|
},
|
|
{
|
|
files: ["tests/unit/modules/default/weather/providers/*.js"],
|
|
rules: {
|
|
"import-x/namespace": "off",
|
|
"import-x/named": "off",
|
|
"import-x/default": "off",
|
|
"import-x/extensions": "off"
|
|
}
|
|
},
|
|
{
|
|
files: ["tests/configs/modules/weather/*.js"],
|
|
rules: {
|
|
"@stylistic/quotes": "off"
|
|
}
|
|
},
|
|
{
|
|
files: ["tests/e2e/**/*.js"],
|
|
extends: [playwright.configs["flat/recommended"]],
|
|
rules: {
|
|
|
|
/*
|
|
* Tests use Vitest-style plain beforeAll()/afterAll() calls, not Playwright's
|
|
* test.beforeAll() style. The rule incorrectly treats all plain hook calls
|
|
* as the same unnamed type, flagging the second hook as a duplicate.
|
|
*/
|
|
"playwright/no-duplicate-hooks": "off",
|
|
"playwright/no-standalone-expect": "off"
|
|
}
|
|
}
|
|
]);
|