Security: fix eslint for devextreme-cli

.github/actions/eslint-analysis/action.yml

@@ -0,0 +1,58 @@
+name: 'ESLint Security Analysis'
+description: 'Runs ESLint security analysis using bundled security rules package'
+
+branding:
+  icon: 'shield'
+  color: 'blue'
+
+inputs:
+  repository-path:
+    description: 'Path to the repository to analyze'
+    required: false
+    default: ''
+  verbose:
+    description: 'Enable verbose logging'
+    required: false
+    default: 'false'
+  warnings:
+    description: 'Include warnings in the report'
+    required: false
+    default: 'false'
+  show-summary:
+    description: 'Write markdown report to GitHub Step Summary'
+    required: false
+    default: 'true'
+  export-artifacts:
+    description: 'Comma-separated artifact types to export: summary, analysis-result (empty = no artifact export)'
+    required: false
+    default: ''
+  summary-artifact-name:
+    description: 'Artifact name for exported summary markdown (used when export-artifacts includes "summary")'
+    required: false
+    default: ''
+  analysis-result-artifact-name:
+    description: 'Artifact name for exported analysis result (used when export-artifacts includes "analysis-result")'
+    required: false
+    default: ''
+  artifact-retention-days:
+    description: 'Number of days to retain exported artifacts'
+    required: false
+    default: '7'
+  github-token:
+    description: 'GitHub token used to query pull request changed files'
+    required: false
+    default: '${{ github.token }}'
+
+outputs:
+  result:
+    description: 'Result of linting: success or failure'
+  summary-artifact:
+    description: 'Artifact name containing markdown summary when exported (empty otherwise)'
+  analysis-result-artifact:
+    description: 'Artifact name containing analysis result JSON when exported (empty otherwise)'
+  exported-artifacts:
+    description: 'JSON array of exported artifacts in the form [{"type":"summary|analysis-result","name":"..."}]'
+
+runs:
+  using: 'node24'
+  main: 'index.js'

.github/eslint-js-security.config.json

@@ -0,0 +1,6 @@
+{
+    "ignores": [
+        "packages/devextreme-cli/src/templates/**",
+        "packages/devextreme-schematics/src/**/files/**"
+    ]
+}

.github/workflows/applications.yml

@@ -78,6 +78,20 @@ jobs:
       if: ${{ matrix.OS != 'windows-latest' }}
       run: pnpm run lint-template -e ${{ matrix.APPROACH }} ${{ env.DEPS_VERSION_TAG_PARAM }}
 
+    - name: Download ESLint Security Analysis action
+      if: ${{ matrix.OS != 'windows-latest' }}
+      run: |
+        curl -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+          -H "Accept: application/vnd.github.v3.raw" \
+          -L "https://api.github.com/repos/DevExpress/jssecurity/contents/.github/actions/eslint-analysis/index.js?ref=production" \
+          -o .github/actions/eslint-analysis/index.js
+
+    - name: ESLint Security Analysis
+      if: ${{ matrix.OS != 'windows-latest' }}
+      uses: ./.github/actions/eslint-analysis
+      with:
+        repository-path: packages/devextreme-cli/testing/sandbox/${{ matrix.APPROACH }}/my-app
+
     - name: Run template tests
       if: ${{ matrix.OS != 'windows-latest' }}
       env: