rick/LEDMatrix
1
0
Fork 0
mirror of https://github.com/ChuckBuilds/LEDMatrix.git synced 2026-05-16 02:13:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Codacy round-2 — urllib3 CVEs, missed JS/Python issues (#336)

Browse Source 
urllib3 CVEs (10 Trivy findings):
  plugin-repos/march-madness/requirements.txt: bump urllib3>=1.26.0 to
  >=2.2.2 to address CVE-2021-33503, CVE-2023-43804, CVE-2023-45803,
  CVE-2024-37891, and 2025-2026 decompression/redirect CVEs.

Missed code fixes from round-1:
  display_helper.py: remove unused draw=ImageDraw.Draw(img) — the method
  delegates to _draw_centered_text which creates its own draw context.
  custom-feeds.js:334: one bare removeCustomFeedRow(this) was missed by
  the earlier replace_all; changed to window.removeCustomFeedRow(this).
  app.js: add htmx to /* global */ declaration — htmx.ajax() is called
  at lines 146 and 172 but htmx was only declared in the extension files.
  timezone-selector.js:215: second unused catch (e) → catch {} missed
  when we fixed line 361 in round-1.

Bandit B110 annotations (3 new except/pass blocks from newer PRs):
  start.py: hostname -I IP parsing — non-critical startup info.
  display_controller.py: scroll_helper.get_portion_at — optional method.
  display_manager.py: canvas reset during cleanup — best-effort.

41 confirmed false positives suppressed via Codacy API:
  35x pyflakes in test/, plugin-repos/, scripts/ — not production code
  Flask 0.0.0.0, os.execvp, Bandit B603, vendor ESLint, already-fixed
  Biome noPrototypeBuiltins.

Co-authored-by: Chuck <chuck@example.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Chuck
2026-05-15 18:04:21 -04:00
committed by GitHub
parent d941c91f24
commit c6b79e11d5
8 changed files with 7 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web_interface/static/v3/js/widgets/custom-feeds.js
View File

@@ -331,7 +331,7 @@
removeButton.type = 'button';
removeButton.className = 'text-red-600 hover:text-red-800 px-2 py-1';
removeButton.addEventListener('click', function() {
removeCustomFeedRow(this);
window.removeCustomFeedRow(this);
});
const removeIcon = document.createElement('i');
removeIcon.className = 'fas fa-trash';

2
web_interface/static/v3/js/widgets/timezone-selector.js
View File

@@ -212,7 +212,7 @@
const parts = formatter.formatToParts(now);
const offsetPart = parts.find(p => p.type === 'timeZoneName');
return offsetPart ? offsetPart.value : '';
} catch (e) {
} catch {
return '';
}
}