fix: release

renovate (#167 )
Co-authored-by: m.schnitzler <martin.wb.2015@gmail.com> Co-committed-by: m.schnitzler <martin.wb.2015@gmail.com>
2026-04-30 23:55:22 +00:00 · 2026-04-30 23:55:13 +00:00 · 2026-04-30 15:02:16 +02:00
3 changed files with 12 additions and 55 deletions
@@ -1,17 +1,17 @@
 {
    "name": "vscodestat",
-    "version": "1.2.1",
+    "version": "1.2.2",
    "lockfileVersion": 3,
    "requires": true,
    "packages": {
        "": {
            "name": "vscodestat",
-            "version": "1.2.1",
+            "version": "1.2.2",
            "license": "ISC",
            "devDependencies": {
                "@types/mocha": "^10.0.10",
                "@types/node": "25.x",
-                "@types/vscode": "^1.116.0",
+                "@types/vscode": "^1.118.0",
                "@typescript-eslint/eslint-plugin": "^8.59.1",
                "@typescript-eslint/parser": "^8.59.1",
                "@vscode/test-cli": "^0.0.12",
@@ -310,9 +310,9 @@
            }
        },
        "node_modules/@types/vscode": {
-            "version": "1.116.0",
+            "version": "1.118.0",
-            "resolved": "https://registry.npmjs.org/@types/vscode/-/vscode-1.116.0.tgz",
+            "resolved": "https://registry.npmjs.org/@types/vscode/-/vscode-1.118.0.tgz",
-            "integrity": "sha512-sYHp4MO6BqJ2PD7Hjt0hlIS3tMaYsVPJrd0RUjDJ8HtOYnyJIEej0bLSccM8rE77WrC+Xox/kdBwEFDO8MsxNA==",
+            "integrity": "sha512-Ah6eTlqDcwIMELEVwQMO++rJAFBRz/oLluLD/vWdYrH1KuI9kfpaM+7pg0OvvascgcJy+ghLCERAYouM4QbzGw==",
            "dev": true,
            "license": "MIT"
        },
@@ -3138,9 +3138,9 @@
            }
        },
        "node_modules/tinyexec": {
-            "version": "1.1.1",
+            "version": "1.1.2",
-            "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.1.1.tgz",
+            "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.1.2.tgz",
-            "integrity": "sha512-VKS/ZaQhhkKFMANmAOhhXVoIfBXblQxGX1myCQ2faQrfmobMftXeJPcZGp0gS07ocvGJWDLZGyOZDadDBqYIJg==",
+            "integrity": "sha512-dAqSqE/RabpBKI8+h26GfLq6Vb3JVXs30XYQjdMjaj/c2tS8IYYMbIzP599KtRj7c57/wYApb3QjgRgXmrCukA==",
            "dev": true,
            "license": "MIT",
            "engines": {
@@ -1,7 +1,7 @@
 {
    "name": "vscodestat",
    "displayName": "vscodestat",
-    "version": "1.2.1",
+    "version": "1.2.2",
    "description": "",
    "categories": [
        "Other"
@@ -51,7 +51,7 @@
    "devDependencies": {
        "@types/mocha": "^10.0.10",
        "@types/node": "25.x",
-        "@types/vscode": "^1.116.0",
+        "@types/vscode": "^1.118.0",
        "@typescript-eslint/eslint-plugin": "^8.59.1",
        "@typescript-eslint/parser": "^8.59.1",
        "@vscode/test-cli": "^0.0.12",
@@ -64,7 +64,7 @@
        "typescript": "^6.0.3"
    },
    "engines": {
-        "vscode": "^1.116.0"
+        "vscode": "^1.118.0"
    },
    "icon": "icon.png",
    "extensionKind": [
@@ -14,18 +14,6 @@ NB : extension force-installed dans les containers vscode + vscodeluigi
 SECURITE
 --------
 [ ] vscodestat.url configurable user-side (CRITIQUE pour exfil)
    src/extension.ts:14-23 : commande `setUrl` permet au user de
    changer l'URL en runtime via `vscode.workspace.getConfiguration
    ().update('vscodestat.url', url, ConfigurationTarget.Global)`.
    Le user peut donc rediriger ses metriques vers son propre
    serveur. Dans le contexte (extension force-installed pour
    tracking employe), le user peut bypass le tracking en
    pointant sur `https://localhost/dummy` ou similar. Attendu /
    pas attendu ?
    NB : entrypoint.sh dans vscode/ overwrite la URL a chaque
    boot du container. Donc tracking restored. Mais pendant la
    session, user peut tweak. A documenter le comportement.
 [ ] makeHttpRequest envoie au serveur l'event sans auth
    src/extension.ts : `fetch(url, { method: 'POST',
@@ -33,26 +21,6 @@ SECURITE
    Cote serveur (cf monitoringserver/todo.txt), `/vscodestat` est
    aussi sans auth => tout le monde peut envoyer des metriques.
 [ ] extractProjectName fuite des paths potentiellement sensibles
    src/extension.ts :
        const match = path.match(/\/docker\/([^/]+)/);
        if (match) return match[1];
    Si un user ouvre un fichier hors `/docker/X/...`, le
    `extractProjectName` retourne null, donc `project: null`
    envoye. Pas un leak direct, mais combine au tracking precis,
    profile complet de l'activite hors-projet.
 [ ] Le user peut DISABLE l'extension volontairement
    Standard VSCode : un user peut desactiver toute extension.
    Le force-install au boot du container la re-active, mais
    pendant la session, l'employe peut couper le tracking.
    Pattern de force-tracking discutable (transparency).
 [ ] Pas de TLS pinning sur fetch
    Si l'URL pointe vers HTTPS (probablement),
    `monitoringserver.raphaelpiccolo.com`, certificat valide. OK
    mais pas de pinning.
 BUGS / FRAGILITE
 ----------------
 [ ] Pas de batching
@@ -63,14 +31,3 @@ BUGS / FRAGILITE
    src/extension.ts : catch + console.error. Pas de
    retry, pas de notification user. Si serveur down, events
    perdus.
 [ ] extractProjectName : path Windows hardcode au regex
    src/extension.ts : replace `\\` -> `/` puis match
    `/docker/(...)/`. OK pour les conventions /root/docker, mais
    si project hors `docker/`, retourne null. A clarifier.
 CONVENTIONS
 -----------
 [ ] Pas de README detaille sur l'integration serveur
    README mentionne juste "Sample url". A documenter le format
    JSON envoye et le comportement.
Author	SHA1	Message	Date
root	a574802ffb	fix: release continuous-integration/drone/tag Build is passing Details	2026-04-30 23:55:22 +00:00
m.schnitzler	228211991d	renovate (#167 ) Co-authored-by: m.schnitzler <martin.wb.2015@gmail.com> Co-committed-by: m.schnitzler <martin.wb.2015@gmail.com>	2026-04-30 23:55:13 +00:00
root	be832c4df4	up	2026-04-30 15:02:16 +02:00