Merge pull request #1 from Optable/fetch-upstream

Fetch upstream

.circleci/config.yml

@@ -7,7 +7,7 @@ aliases:
   - &environment
       docker:
         # specify the version you desire here
-        - image: circleci/node:12.16.1-browsers
+        - image: cimg/node:20.14.0-browsers
       resource_class: xlarge
         # Specify service dependencies here if necessary
         # CircleCI maintains a library of pre-built images
@@ -18,8 +18,6 @@ aliases:
   - &restore_dep_cache
       keys:
         - v1-dependencies-{{ checksum "package.json" }}
-        # fallback to using the latest cache if no exact match is found
-        - v1-dependencies-
 
   - &save_dep_cache
       paths:

.devcontainer/Dockerfile

@@ -1,4 +1,4 @@
-ARG VARIANT="12"
+ARG VARIANT="20"
 FROM mcr.microsoft.com/vscode/devcontainers/javascript-node:${VARIANT}
 
 RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor > /usr/share/keyrings/yarn-archive-keyring.gpg

.eslintrc.js

@@ -11,12 +11,25 @@ module.exports = {
       node: {
         moduleDirectory: ['node_modules', './']
       }
+    },
+    'jsdoc': {
+      mode: 'typescript',
+      tagNamePreference: {
+        'tag constructor': 'constructor',
+        extends: 'extends',
+        method: 'method',
+        return: 'return',
+      }
     }
   },
-  extends: 'standard',
+  extends: [
+    'standard',
+    'plugin:jsdoc/recommended'
+  ],
   plugins: [
     'prebid',
-    'import'
+    'import',
+    'jsdoc'
   ],
   globals: {
     'BROWSERSTACK_USERNAME': false,
@@ -29,6 +42,7 @@ module.exports = {
     sourceType: 'module',
     ecmaVersion: 2018,
   },
+  ignorePatterns: ['libraries/creative-renderer*'],
 
   rules: {
     'comma-dangle': 'off',
@@ -46,6 +60,25 @@ module.exports = {
     'no-undef': 2,
     'no-useless-escape': 'off',
     'no-console': 'error',
+    'jsdoc/check-types': 'off',
+    'jsdoc/no-defaults': 'off',
+    'jsdoc/newline-after-description': 'off',
+    'jsdoc/require-jsdoc': 'off',
+    'jsdoc/require-param': 'off',
+    'jsdoc/require-param-description': 'off',
+    'jsdoc/require-param-name': 'off',
+    'jsdoc/require-param-type': 'off',
+    'jsdoc/require-property': 'off',
+    'jsdoc/require-property-description': 'off',
+    'jsdoc/require-property-name': 'off',
+    'jsdoc/require-property-type': 'off',
+    'jsdoc/require-returns': 'off',
+    'jsdoc/require-returns-check': 'off',
+    'jsdoc/require-returns-description': 'off',
+    'jsdoc/require-returns-type': 'off',
+    'jsdoc/require-yields': 'off',
+    'jsdoc/require-yields-check': 'off',
+    'jsdoc/tag-lines': 'off'
   },
   overrides: Object.keys(allowedModules).map((key) => ({
     files: key + '/**/*.js',
@@ -57,11 +90,48 @@ module.exports = {
           name: 'require',
           message: 'use import instead'
         }
+      ],
+      'prebid/no-global': [
+        'error',
+        ...['localStorage', 'sessionStorage'].map(name => ({name, message: 'use storageManager instead'})),
+        {
+          name: 'XMLHttpRequest',
+          message: 'use ajax.js instead'
+        },
+      ],
+      'prebid/no-member': [
+        'error',
+        {
+          name: 'cookie',
+          target: 'document',
+          message: 'use storageManager instead'
+        },
+        {
+          name: 'sendBeacon',
+          target: 'navigator',
+          message: 'use ajax.js instead'
+        },
+        ...['outerText', 'innerText'].map(name => ({
+          name,
+          message: 'use .textContent instead'
+        }))
       ]
     }
   })).concat([{
     // code in other packages (such as plugins/eslint) is not "seen" by babel and its parser will complain.
     files: 'plugins/*/**/*.js',
     parser: 'esprima'
+  }, {
+    files: '**BidAdapter.js',
+    rules: {
+      'no-restricted-imports': [
+        'error', {
+          patterns: [
+            '**/src/events.js',
+            '**/src/adloader.js'
+          ]
+        }
+      ]
+    }
   }])
 };

.github/PULL_REQUEST_TEMPLATE.md

@@ -16,7 +16,8 @@ For any user facing change, submit a link to a PR on the docs repo at https://gi
 <!-- Remove items that don't apply and/or select an item by changing [ ] to [x] -->
 - [ ] Bugfix
 - [ ] Feature
-- [ ] New bidder adapter  <!--  IMPORTANT: if checking here, also submit your bidder params documentation here https://github.com/prebid/prebid.github.io/tree/master/dev-docs/bidders --> 
+- [ ] New bidder adapter  <!--  IMPORTANT: also submit your bidder parameter documentation as noted in https://docs.prebid.org/dev-docs/bidder-adaptor.html#submitting-your-adapter -->
+- [ ] Updated bidder adapter  <!--  IMPORTANT: (1) consider whether you need to upgrade your bidder parameter documentation in https://github.com/prebid/prebid.github.io/tree/master/dev-docs/bidders and (2) if you have a Prebid Server adapter, please consider whether that should be updated as well. --> 
 - [ ] Code style update (formatting, local variables)
 - [ ] Refactoring (no functional changes, no api changes)
 - [ ] Build related changes
@@ -40,7 +41,7 @@ For any user facing change, submit a link to a PR on the docs repo at https://gi
 }
 ```
 
-Be sure to test the integration with your adserver using the [Hello World](/integrationExamples/gpt/hello_world.html) sample page. -->
+Be sure to test the integration with your adserver using the [Hello World](https://github.com/prebid/Prebid.js/blob/master/integrationExamples/gpt/hello_world.html) sample page. -->
 
 
 ## Other information

.github/codeql/codeql-config.yml

@@ -2,3 +2,6 @@ paths:
   - src
   - modules
   - libraries
+queries:
+  - name: Prebid queries
+    uses: ./.github/codeql/queries

.github/codeql/queries/deviceMemory.ql

@@ -0,0 +1,14 @@
+/**
+ * @id prebid/device-memory
+ * @name Access to navigator.deviceMemory
+ * @kind problem
+ * @problem.severity warning
+ * @description Finds uses of deviceMemory
+ */
+
+import prebid
+
+from SourceNode nav
+where
+ nav = windowPropertyRead("navigator")
+select nav.getAPropertyRead("deviceMemory"), "deviceMemory is an indicator of fingerprinting"

.github/codeql/queries/hardwareConcurrency.ql

@@ -0,0 +1,14 @@
+/**
+ * @id prebid/hardware-concurrency
+ * @name Access to navigator.hardwareConcurrency
+ * @kind problem
+ * @problem.severity warning
+ * @description Finds uses of hardwareConcurrency
+ */
+
+import prebid
+
+from SourceNode nav
+where
+ nav = windowPropertyRead("navigator")
+select nav.getAPropertyRead("hardwareConcurrency"), "hardwareConcurrency is an indicator of fingerprinting"

.github/codeql/queries/prebid.qll

@@ -0,0 +1,36 @@
+import javascript
+import DataFlow
+
+SourceNode otherWindow() {
+ result = globalVarRef("top") or
+ result = globalVarRef("self") or
+ result = globalVarRef("parent") or
+ result = globalVarRef("frames").getAPropertyRead() or
+ result = DOM::documentRef().getAPropertyRead("defaultView")
+}
+
+SourceNode connectedWindow(SourceNode win) {
+  result = win.getAPropertyRead("self") or
+  result = win.getAPropertyRead("top") or
+  result = win.getAPropertyRead("parent") or
+  result = win.getAPropertyRead("frames").getAPropertyRead() or
+  result = win.getAPropertyRead("document").getAPropertyRead("defaultView")
+}
+
+SourceNode relatedWindow(SourceNode win) {
+  result = connectedWindow(win) or
+  result = relatedWindow+(connectedWindow(win))
+}
+
+SourceNode anyWindow() {
+  result = otherWindow() or
+  result = relatedWindow(otherWindow())
+}
+
+/*
+ Matches uses of property `prop` done on any window object.
+*/
+SourceNode windowPropertyRead(string prop) {
+  result = globalVarRef(prop) or
+  result = anyWindow().getAPropertyRead(prop)
+}

.github/codeql/queries/qlpack.yml

@@ -0,0 +1,8 @@
+---
+library: false
+warnOnImplicitThis: false
+name: queries
+version: 0.0.1
+dependencies:
+  codeql/javascript-all: ^1.1.1
+  codeql/javascript-queries: ^1.1.0

.github/release-drafter.yml

@@ -1,6 +1,10 @@
 
 name-template: 'Prebid $RESOLVED_VERSION Release'
 tag-template: '$RESOLVED_VERSION'
+autolabeler:
+  - label: 'maintenance'
+    title:
+      - '/^(?!.*(bug|initial|release|fix)).*$/i'
 categories:
   - title: '🚀 New Features'
     label: 'feature'

.github/workflows/codeql-analysis.yml

@@ -38,11 +38,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         config-file: ./.github/codeql/codeql-config.yml
@@ -57,7 +57,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -70,4 +70,4 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/issue_tracker.yml

@@ -14,7 +14,7 @@ jobs:
     steps:
       - name: Generate token
         id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
         with:
           app_id: ${{ secrets.ISSUE_APP_ID }}
           private_key: ${{ secrets.ISSUE_APP_PEM }}