VIP Code Analysis Bot requests changes to files in 17.7.0

WordPress / gutenberg

The Block Editor project for WordPress and beyond. Plugin is available from the official repository.

https://wordpress.org/gutenberg/

Other

10k stars 4.02k forks source link

VIP Code Analysis Bot requests changes to files in 17.7.0 #59207

Open marincarroll opened 4 months ago

marincarroll commented 4 months ago

Description

In repos belonging to the wpcomvip organization, an attempt to update to 17.7.0 results in the VIP Code Analysis Bot requesting numerous changes. (Most errors/warnings are associated with WordPressVIPMinimum, but some are WordPress and some Squiz).

Step-by-step reproduction instructions

1) Update Gutenberg to 17.7.0 in a repo belonging to the wpcomvip organization. 2) Open a PR for the changed plugin files. 3) Wait for VIP Code Analysis Bot to request changes

Screenshots, screen recording, code snippet

Environment info

Environment info is n/a because this is an issue that occurs during the PR process.

Please confirm that you have searched existing issues in the repo.

Yes

Please confirm that you have tested with all plugins deactivated except Gutenberg.

Yes

marincarroll commented 4 months ago

See my similar report on version 17.6.4 (Most requested changes are the same) https://github.com/WordPress/gutenberg/issues/58790

jordesign commented 4 months ago

Hi @marincarroll - is there a different resolution required for each of these issues? Or can a single issue cover both of them?

marincarroll commented 4 months ago

Hi @marincarroll - is there a different resolution required for each of these issues? Or can a single issue cover both of them?

Thanks for your response! There are multiple. You're probably right that they should be broken into different issues.

WordPressVIPMinimum.Hooks.RestrictedHooks.upload_mimes
WordPressVIPMinimum.JS.HTMLExecutingFunctions.append
WordPressVIPMinimum.JS.HTMLExecutingFunctions.write
WordPressVIPMinimum.JS.Window.location
WordPress.Security.EscapeOutput.OutputNotEscaped
WordPress.Security.EscapeOutput.ExceptionNotEscaped
Squiz.PHP.CommentedOutCode.Found

Mamaduka commented 4 months ago

Hey, @anton-vlasenko

Maybe you could help us out here.

anton-vlasenko commented 4 months ago

Hmm,

WordPress.Security.EscapeOutput.OutputNotEscaped
WordPress.Security.EscapeOutput.ExceptionNotEscaped
Squiz.PHP.CommentedOutCode.Found

These linter rules seem like the rules from the WordPress-Extra ruleset, but Gutenberg doesn't use that ruleset. It's likely that the wpcomvip organization's repositories use WordPress-Extra, which is why the bot is complaining. The specific files that the bot is complaining about need to be checked to confirm whether these complaints are valid/legitimate and related to upgrading to 17.7.0.