Summary
A third remediation stream in actions/setup/js covers control-flow and request-construction correctness: interpolated github.request() routes, new URL(...) without guarding throws, and core.setFailed() call sites that do not immediately transfer control. Address these findings together where they share the same root cause of unsafe control or request construction.
Affected files
Representative files from the current lint run:
actions/setup/js/add_reaction.cjs
actions/setup/js/add_reaction_and_edit_comment.cjs
actions/setup/js/add_workflow_run_comment.cjs
actions/setup/js/artifact_client.cjs
actions/setup/js/check_team_member.cjs
actions/setup/js/generate_history_link.cjs
actions/setup/js/mcp_cli_bridge.cjs
actions/setup/js/mount_mcp_as_cli.cjs
actions/setup/js/route_slash_command.cjs
actions/setup/js/safe_output_handler_manager.cjs
Representative diagnostics
add_reaction.cjs:193:41 — avoid opaque interpolated route argument to github.request()
add_workflow_run_comment.cjs:444:47 — avoid concatenated dynamic route argument to github.request()
route_slash_command.cjs:180:30 — use typed placeholder route form instead of interpolated template literal
artifact_client.cjs:73:10 — wrap new URL(url) in try/catch
generate_history_link.cjs:61:15 — wrap new URL(${server}/search) in try/catch
check_team_member.cjs:39:3 — add immediate control transfer after core.setFailed()
safe_output_handler_manager.cjs:1644:7 — add immediate control transfer after core.setFailed()
Expected outcome
github.request() calls use typed static route strings with parameters instead of interpolated whole-route expressions
new URL(...) failures are handled explicitly in flagged call sites
core.setFailed() paths do not continue execution after failure
- The affected files no longer trigger these route/URL/control-flow custom lint rules
Checklist
Source
Daily ESLint Monster remediation stream from workflow run 29538839244.
Generated by 🧹 ESLint Monster · 15.6 AIC · ⌖ 8.47 AIC · ⊞ 3.9K · ◷
Summary
A third remediation stream in
actions/setup/jscovers control-flow and request-construction correctness: interpolatedgithub.request()routes,new URL(...)without guarding throws, andcore.setFailed()call sites that do not immediately transfer control. Address these findings together where they share the same root cause of unsafe control or request construction.Affected files
Representative files from the current lint run:
actions/setup/js/add_reaction.cjsactions/setup/js/add_reaction_and_edit_comment.cjsactions/setup/js/add_workflow_run_comment.cjsactions/setup/js/artifact_client.cjsactions/setup/js/check_team_member.cjsactions/setup/js/generate_history_link.cjsactions/setup/js/mcp_cli_bridge.cjsactions/setup/js/mount_mcp_as_cli.cjsactions/setup/js/route_slash_command.cjsactions/setup/js/safe_output_handler_manager.cjsRepresentative diagnostics
add_reaction.cjs:193:41— avoid opaque interpolated route argument togithub.request()add_workflow_run_comment.cjs:444:47— avoid concatenated dynamic route argument togithub.request()route_slash_command.cjs:180:30— use typed placeholder route form instead of interpolated template literalartifact_client.cjs:73:10— wrapnew URL(url)in try/catchgenerate_history_link.cjs:61:15— wrapnew URL(${server}/search)in try/catchcheck_team_member.cjs:39:3— add immediate control transfer aftercore.setFailed()safe_output_handler_manager.cjs:1644:7— add immediate control transfer aftercore.setFailed()Expected outcome
github.request()calls use typed static route strings with parameters instead of interpolated whole-route expressionsnew URL(...)failures are handled explicitly in flagged call sitescore.setFailed()paths do not continue execution after failureChecklist
github.request()route strings with typed placeholder formsnew URL(...)constructions with try/catchcore.setFailed()in flagged pathsactions/setup/jsnpm run lint:setup-jsSource
Daily ESLint Monster remediation stream from workflow run 29538839244.