Remove eval() security risk by extracting getMajorVersion to shared module

[Copilot]

Addresses security feedback on using eval() in functional tests to extract and test the getMajorVersion function from extension.js.

Changes

• Created scripts/utils.js: Shared module exporting getMajorVersion function
• Updated extension.js: Import getMajorVersion from utils instead of inline definition
• Updated scripts/functional-tests.js: Direct import replaces regex extraction + eval pattern

Before

// functional-tests.js
const content = fs.readFileSync(EXTENSION_JS, 'utf8');
const funcMatch = content.match(/const getMajorVersion = \(version\) => {[^}]+}/s);
cachedGetMajorVersion = eval(`(${funcMatch[0].replace('const getMajorVersion = ', '')})`);

After

// scripts/utils.js
function getMajorVersion(version) {
  if (!version) return null;
  const match = version.match(/^[~^>=<]*(\d+)/);
  return match ? parseInt(match[1], 10) : null;
}
module.exports = { getMajorVersion };

// extension.js & functional-tests.js
const { getMajorVersion } = require('./scripts/utils');

Eliminates eval() while maintaining identical functionality. All 31 functional tests pass.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Pull request overview

This PR removes a security vulnerability by eliminating the use of eval() in functional tests. The getMajorVersion utility function is extracted from extension.js into a new shared module scripts/utils.js, which is then imported by both the main extension and the functional tests.

Changes:

• Created a new shared utility module scripts/utils.js with the getMajorVersion function
• Updated extension.js to import getMajorVersion from the shared module instead of defining it inline
• Updated scripts/functional-tests.js to import getMajorVersion directly instead of using regex extraction and eval()

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
scripts/utils.js	New shared utility module exporting getMajorVersion for extracting major version numbers from semver strings
scripts/functional-tests.js	Removed eval() security risk by importing getMajorVersion directly; eliminated helper function that extracted code via regex
extension.js	Refactored to import getMajorVersion from shared utils module instead of inline definition

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.