build(deps-dev): bump the npm_and_yarn group across 2 directories with 1 update#228
Closed
dependabot[bot] wants to merge 219 commits into
Closed
build(deps-dev): bump the npm_and_yarn group across 2 directories with 1 update#228dependabot[bot] wants to merge 219 commits into
dependabot[bot] wants to merge 219 commits into
Conversation
This commit contains: - Authentication system with Keycloak integration - User management functionality - Test results API implementation - Comprehensive test suite with: - Unit tests - Integration tests - UI tests with behavior-focused approach - System tests - Development environment configuration - Structured logging with Pino - Code quality tools: - Prettier configuration - Linting setup - Test organization and project structure improvements - Documentation updates
* Adding a pull request workflow file * Revert "Adding a pull request workflow file" This reverts commit d3a0361. * Restore pullRequest.yml workflow file * Adding a PR workflow * Adding docker-compose to the workflow
* fixing build warnings * Canceling concurrent builds and setting up concurrency rules
## Changes Made adding permissions to the pull request workflow ## Description This PR implements the changes described in the title. ## Testing - [ ] Changes have been tested locally - [ ] No breaking changes introduced ## Additional Notes Generated automatically via PowerShell script with GitHub Copilot assistance. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…unburst graph (#7) This pull request introduces several changes across the codebase, focusing on improving user management, adding new features, and cleaning up environment configurations. The most significant updates include transitioning from usernames to emails for user identification, adding a Zoomable Sunburst visualization component, and enhancing navigation with links to new dashboards. ### User Management Updates: * Changed user identification from `username` to `email` in `.env`, `.env.example`, and `README.md`, aligning with best practices for user management. [[1]](diffhunk://#diff-e9cbb0224c4a3d23a6019ba557e0cd568c1ad5e1582ff1e335fb7d99b7a1055dL39-R55) [[2]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L153-R164) * Updated the admin user management page to display and use `email` instead of `username`. [[1]](diffhunk://#diff-f72db063050efe4fda551b0d266bf53d5ee3a883a828a1203e8b5b0f1e4fe78eL171-R171) [[2]](diffhunk://#diff-f72db063050efe4fda551b0d266bf53d5ee3a883a828a1203e8b5b0f1e4fe78eL215-R218) ### Feature Additions: * Added a new `ZoomableSunburst` component for visualizing test results using D3.js. This reusable component supports interaction and provides detailed tooltips. * Introduced links to the "Test Results Dashboard" in the header and dashboard page, improving navigation. [[1]](diffhunk://#diff-940a5ae8f5fb47c5c177e82e62f63d31a84d367613d20e22294c818fd4bc562fR30-R33) [[2]](diffhunk://#diff-b681b71028a80956c734959f0977f7d1c526d44cd0962324f9dfd3059aae59f1R41-R92) ### Environment Configuration Cleanup: * Removed environment-specific configuration files (`.env.development`, `.env.production`, `.env.staging`) to centralize sensitive data management and reduce redundancy. [[1]](diffhunk://#diff-da4c41d59c967338247b2f0ea6d845ab05171f942fd9521b96d3304202185db9L1-L42) [[2]](diffhunk://#diff-48f73ea2653e45c41f31afc2d42dfde14d8caf26d8dd24d3d2a81a52604f4cb6L1-L42) [[3]](diffhunk://#diff-53003b50d89f576ea396020048779f70e1f21c14f36ac067c52c269e041c50d9L1-L42) ### Dependency Updates: * Added `d3` and `@types/d3` to `package.json` to support the new visualization component. ### Documentation and Example Updates: * Updated the `scripts/setup-keycloak-cli.js` example to use localhost configurations for better local testing. These changes collectively improve the application's usability, maintainability, and feature set.
This pull request simplifies the Keycloak setup process by consolidating the functionality of the CLI wrapper into the main `setup-keycloak.js` script and removing the redundant `setup-keycloak-cli.js` script. It also updates documentation and configuration files to reflect these changes. ### Keycloak Setup Consolidation: * [`scripts/setup-keycloak.js`](diffhunk://#diff-c3a70d9661cdf7c73862df4f36fcf9a52e4ddd906a09b5c06196a3ce6b0122eeR12-R15): Added CLI argument processing directly into the main setup script, including support for help instructions and overriding environment variables. This eliminates the need for a separate CLI wrapper. [[1]](diffhunk://#diff-c3a70d9661cdf7c73862df4f36fcf9a52e4ddd906a09b5c06196a3ce6b0122eeR12-R15) [[2]](diffhunk://#diff-c3a70d9661cdf7c73862df4f36fcf9a52e4ddd906a09b5c06196a3ce6b0122eeR31-R104) * [`scripts/setup-keycloak-cli.js`](diffhunk://#diff-42c8a454a8dd9b6988fd11dbc7c30c4f3edee8ec4b011c146bfdcdeafbfee580L1-L90): Removed the redundant script that previously handled CLI arguments for Keycloak setup. Its functionality is now integrated into `setup-keycloak.js`. ### Documentation Updates: * [`docs/ENVIRONMENT.md`](diffhunk://#diff-acaafd1c78bda5df9799ea365f8240f5942c11bdfc484229cfeca80ae213ca7bL100-R104): Updated example commands and documentation to use `setup-keycloak.js` instead of the removed `setup-keycloak-cli.js`. ### Configuration Updates: * [`package.json`](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L10): Removed the `setup:keycloak:cli` script and updated the `dev` script to use `setup-keycloak.js` directly.
This pull request introduces optimizations to improve the user experience, particularly around authentication and routing. Key changes include faster redirects, streamlined login flow, and enhanced initialization for the Keycloak provider. ### Authentication Flow Improvements: * [`src/auth/KeycloakProvider.tsx`](diffhunk://#diff-feea8c9247ae9ba4657fdd270afedd78cce48995dd525fcd12426c8bb4b38456R77-R92): Enhanced Keycloak initialization by adding fast initialization options (`flow`, `responseMode`) and ensuring stored tokens are used directly when available. Background loading of the user profile prevents UI blocking during initial authentication. [[1]](diffhunk://#diff-feea8c9247ae9ba4657fdd270afedd78cce48995dd525fcd12426c8bb4b38456R77-R92) [[2]](diffhunk://#diff-feea8c9247ae9ba4657fdd270afedd78cce48995dd525fcd12426c8bb4b38456R107-R119) * [`src/auth/KeycloakProvider.tsx`](diffhunk://#diff-feea8c9247ae9ba4657fdd270afedd78cce48995dd525fcd12426c8bb4b38456R221-R229): Updated the `login` function to avoid automatic redirects and ensure explicit calls to Keycloak-hosted login are handled correctly. ### Routing Optimizations: * [`src/pages/index.tsx`](diffhunk://#diff-18e0d4553c97cfc420e938ccafb4e3a688e782fa4512ba4ceae3e2a6f24c1987L6-R30): Implemented fast redirect logic to the login page or dashboard without waiting for the loading state, eliminating the "Redirecting..." UI for a smoother experience. * [`src/pages/login.tsx`](diffhunk://#diff-cd54149b4c3f0a12502acd6d824b642db9085fd7c1a403bd829ce37439294a2eL93-R103): Improved the login page by showing the login form immediately during loading, enhancing time-to-paint and user experience. Added immediate redirection for authenticated users. ### Development Workflow Update: * [`package.json`](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L8-R8): Updated the `dev` script to include the `--turbopack` flag for faster development builds. --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This pull request introduces several updates to dependencies, authentication logic, and testing infrastructure. The most significant changes include migrating from `jsonwebtoken` to `jose` for JWT handling, adding audience mapper creation in Keycloak setup scripts, and updating unit and integration tests to align with the new authentication library. ### Dependency Updates: * [`package.json`](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L30-R66): Migrated from `jsonwebtoken` to `jose` for improved JWT handling and updated multiple dependencies, including `@types/react`, `next`, `eslint`, and `zod` to their latest versions. ### Keycloak Integration Enhancements: * [`scripts/setup-keycloak.js`](diffhunk://#diff-c3a70d9661cdf7c73862df4f36fcf9a52e4ddd906a09b5c06196a3ce6b0122eeR337-R338): Added functionality to create an audience mapper for Keycloak clients, ensuring proper token audience configuration. This includes checks for existing mappers and creation logic. [[1]](diffhunk://#diff-c3a70d9661cdf7c73862df4f36fcf9a52e4ddd906a09b5c06196a3ce6b0122eeR337-R338) [[2]](diffhunk://#diff-c3a70d9661cdf7c73862df4f36fcf9a52e4ddd906a09b5c06196a3ce6b0122eeR368-R430) ### Authentication Logic Migration: * [`src/auth/apiAuth.ts`](diffhunk://#diff-1e7745310a4617476118aff0ce8a62f7b076c8eb17d9c1f4da65b84c30ab99a3L3-R3): Replaced `jsonwebtoken` with `jose` for JWT verification, simplifying JWKS handling using `createRemoteJWKSet`. Updated `KeycloakTokenPayload` interface to extend `JWTPayload` for better compatibility. [[1]](diffhunk://#diff-1e7745310a4617476118aff0ce8a62f7b076c8eb17d9c1f4da65b84c30ab99a3L3-R3) [[2]](diffhunk://#diff-1e7745310a4617476118aff0ce8a62f7b076c8eb17d9c1f4da65b84c30ab99a3L15-L23) [[3]](diffhunk://#diff-1e7745310a4617476118aff0ce8a62f7b076c8eb17d9c1f4da65b84c30ab99a3L44-R55) ### Test Updates: * [`tests/unit/apiAuth.test.ts`](diffhunk://#diff-9dfc342a84081c53f7b1de67a3f2797efc7e833b89a18fa029bad17e2ce1f2caL3): Refactored tests to mock `jose` methods (`jwtVerify`, `createRemoteJWKSet`) instead of `jsonwebtoken`. Updated test cases to reflect new audience validation and token verification logic. [[1]](diffhunk://#diff-9dfc342a84081c53f7b1de67a3f2797efc7e833b89a18fa029bad17e2ce1f2caL3) [[2]](diffhunk://#diff-9dfc342a84081c53f7b1de67a3f2797efc7e833b89a18fa029bad17e2ce1f2caL14-R19) [[3]](diffhunk://#diff-9dfc342a84081c53f7b1de67a3f2797efc7e833b89a18fa029bad17e2ce1f2caL53-R44) [[4]](diffhunk://#diff-9dfc342a84081c53f7b1de67a3f2797efc7e833b89a18fa029bad17e2ce1f2caL87-R73) [[5]](diffhunk://#diff-9dfc342a84081c53f7b1de67a3f2797efc7e833b89a18fa029bad17e2ce1f2caL116-R109) [[6]](diffhunk://#diff-9dfc342a84081c53f7b1de67a3f2797efc7e833b89a18fa029bad17e2ce1f2caL153-R144) * [`tests/integration/api.test.ts`](diffhunk://#diff-831aafd9ac2a5c5376be4f62ea2aea0511bfdc7a0c37efddc7da2ce6f00ba640L13-R26): Adjusted integration tests to mock `jose` for JWT verification and audience validation. * [`tests/utils/mockApiAuth.ts`](diffhunk://#diff-c705d5fb801bfab392d621b65dd80a7b2fcca22e62120297347e6c51d331360cL4): Removed `jsonwebtoken` references in the mock authentication utility. These changes improve authentication security, streamline token validation, and ensure compatibility with updated dependencies. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…#11) This pull request introduces a migration from `jest-playwright-preset` to a custom Playwright setup, along with related updates to dependencies and test configurations. The changes aim to simplify the integration of Playwright, improve maintainability, and enhance testing capabilities. ### Migration to custom Playwright setup: * [`tests/jest-playwright-setup.js`](diffhunk://#diff-1787ebcfffef4d957f7cfa24bf3f68688365e4b917a6ab9e0bff4206b113c1c8R1-R138): Added a custom Jest setup file to replace `jest-playwright-preset`. This file includes utility functions for deep merging configurations, loading custom configurations, and managing Playwright resources (browser, context, and page). It also provides helper functions for resetting the browser, context, and page state. ### Dependency updates: * [`package.json`](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L61-R66): Removed `jest-playwright-preset` and `expect-playwright` dependencies, and added `playwright` as a new dependency. Updated the `postinstall` script to install Playwright's Chromium browser. [[1]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L61-R66) [[2]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L20-R20) ### Configuration changes: * [`jest-playwright.config.js`](diffhunk://#diff-f4c7495e39ea08cd5616592f7c1ffb00d5ed8e2fcc85be79f1abcf5692486b76L1): Removed the default configuration file as it is now handled directly in the custom setup. ### Test improvements: * [`tests/ui/login.test.ts`](diffhunk://#diff-f101b548e5a6cb234063c853ea8a4916fbca2fa7e6bc41d322536906e7f22dceR46-R48): Updated the login test to explicitly navigate to the login page before performing actions, ensuring a clean and predictable test flow.
This pull request removes the `ts-node-dev` dependency from the `package.json` file. This change likely reflects a decision to simplify the development environment or replace `ts-node-dev` with an alternative.
This pull request includes updates to dependencies and logging configuration, focusing on simplifying the codebase and improving readability. The most important changes involve the removal of unused dependencies and the modification of the logger configuration to ensure consistent pretty-printing. ### Dependency Updates: * [`package.json`](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L28-L44): Removed unused dependencies such as `@types/express`, `express`, `nodemon`, `ts-node`, and `npm-run-all` to streamline the project. [[1]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L28-L44) [[2]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L65) ### Logging Configuration: * [`src/utils/logger.ts`](diffhunk://#diff-0b242f99cdb5b36e8a0aa886862c30c2f480aca7512bcfc3e2fa4889055d4544L11-R21): Updated the logger configuration to always use pretty-printing for consistent, readable output, regardless of the environment. Simplified the `transport` property by removing conditional logic.
#14) This pull request introduces several changes across the codebase, focusing on improving type safety, removing outdated functionality, and enhancing test coverage. Key updates include replacing string-based types with TypeScript enums, removing the `ZoomableSunburst` component, and updating validation schemas and tests to align with the new type definitions. ### Type Safety Improvements: * Replaced string-based types (`TestExecutionStatus`, `TestCaseStatus`, `TestResultStatus`, and `TestResultPriority`) with TypeScript enums in `src/models/testResults.ts`. Additionally, added a new `HttpMethod` enum for HTTP methods. [[1]](diffhunk://#diff-242426645cd522de581b39a232b3da114de745f1efaf9ed2e58040a88bf4c2ceL75-R81) [[2]](diffhunk://#diff-242426645cd522de581b39a232b3da114de745f1efaf9ed2e58040a88bf4c2ceL104-R116) [[3]](diffhunk://#diff-242426645cd522de581b39a232b3da114de745f1efaf9ed2e58040a88bf4c2ceL131-R174) * Updated the `NetworkRequest` interface to use the `HttpMethod` enum instead of a generic string for the `method` property. ### Validation Schema Updates: * Updated Zod validation schemas in `src/models/validationSchemas.ts` to use `nativeEnum` for enums, ensuring consistency with the new TypeScript enum definitions. [[1]](diffhunk://#diff-06dfead0d5aad2fee9c0a0e60319e766fa1c1ae0bb6ae1c458abf373ad672400L12-R41) [[2]](diffhunk://#diff-06dfead0d5aad2fee9c0a0e60319e766fa1c1ae0bb6ae1c458abf373ad672400L39-R61) [[3]](diffhunk://#diff-06dfead0d5aad2fee9c0a0e60319e766fa1c1ae0bb6ae1c458abf373ad672400L58-R80) * Added a new validation schema for `HttpMethod` and updated the `NetworkRequestSchema` to use the `HttpMethodSchema`. ### Component and Style Removal: * Removed the `ZoomableSunburst` component from `src/components/ZoomableSunburst.tsx`, including all associated logic and styles. This component is no longer required. [[1]](diffhunk://#diff-97ebe90828cf6077f1d294db7fb923f87aec1480aa2832a3cddd5d74f43cc916L1-L304) [[2]](diffhunk://#diff-dd438e7ca4da8a47a35709920a07b6fef918609c1daa40f6e9b794ddfd3e4996L125-L138) ### Test Updates: * Updated integration and system tests to use the new enums (`TestCaseStatus`, `TestResultStatus`, and `TestResultPriority`) instead of string literals. This ensures type safety in tests. [[1]](diffhunk://#diff-831aafd9ac2a5c5376be4f62ea2aea0511bfdc7a0c37efddc7da2ce6f00ba640L31-R35) [[2]](diffhunk://#diff-831aafd9ac2a5c5376be4f62ea2aea0511bfdc7a0c37efddc7da2ce6f00ba640L42-R61) [[3]](diffhunk://#diff-3002966cca54b526c5f36c60177d2e3465f5f2709f5f1d0118bb5ffbcc802093R6) [[4]](diffhunk://#diff-3002966cca54b526c5f36c60177d2e3465f5f2709f5f1d0118bb5ffbcc802093L57-R58) [[5]](diffhunk://#diff-3002966cca54b526c5f36c60177d2e3465f5f2709f5f1d0118bb5ffbcc802093L66-R68) ### Build Process Update: * Modified the `build` script in `package.json` to include TypeScript compilation (`tsc --project tsconfig.tests.json`) before building the Next.js application. Removed unused `d3` and `@types/d3` dependencies. [[1]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L7-R7) [[2]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L27-L31) --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This pull request introduces support for the CTRF (Common Test Report Format) schema, including its JSON schema definition, TypeScript types generation, and utilities for testing. It also updates the testing setup to include new mocks for external libraries and improves integration testing by mocking dependencies. Below is a summary of the most important changes grouped by theme: ### CTRF Schema Implementation: * Added `ctrf-schema.json` to define the JSON schema for the CTRF format, including detailed properties for test results, environment, and metadata. * Added `ctrf.ts`, a TypeScript file automatically generated from the CTRF JSON schema, providing type definitions for the schema. * Added `generateCtrfReport` utilities in `ctrfTestDataGenerator.ts` to create valid, minimal, invalid, and large CTRF reports for testing purposes. ### Package Updates: * Added a new script in `package.json` to generate TypeScript types from JSON schemas using `json-schema-to-typescript`. * Installed `json-schema-to-typescript` as a dependency to facilitate type generation. ### Testing Enhancements: * Updated `setup.ts` to mock `keycloak-js` and `jose` libraries for unit testing, addressing ES module issues and simplifying JWT verification. * Enhanced integration tests in `api.test.ts` by mocking `opensearchClient` and `logger` dependencies to isolate test cases.
This pull request removes outdated and unnecessary test result files from the `test-results` directory. These files were likely no longer in use and were cluttering the repository. ### Removal of outdated test result files: * Deleted `test-results/b9c90c94-cf82-4973-9071-c31136ca8bef.json` containing detailed test results for an authentication test suite and related cases. * Deleted `test-results/complex-4517473b-5fc1-4ec9-bf30-39d65fe6b5d5.json` with results for both authentication and search functionality test suites. * Deleted `test-results/invalid-338c941a-9e9b-4ed3-a101-a5ba4792038f.json` containing test results for an authentication test suite. ### Cleanup of Playwright test metadata: * Removed `test-results/playwright/.last-run.json`, which contained metadata about the last Playwright test run with a "failed" status but no failed tests listed.
This pull request updates the `README.md` file to reflect a rebranding and modernization of the project, along with improvements to its structure and content. Key changes include renaming the project, updating feature descriptions, reorganizing sections, and adding new details about the development workflow, user roles, and system architecture. ### Project Rebranding and Feature Updates: * Renamed the project from "Next.js Keycloak Authentication Demo" to "ScaledTest: Next.js Test Management Platform" and updated the description to highlight its focus on test result management and reporting. * Enhanced the "Core Features" section to include new capabilities such as a test results dashboard, CTRF-compliant test report generation, and a comprehensive testing suite. ### Development Workflow and Testing: * Replaced the "Keycloak Configuration" section with a "Development Workflow" section, detailing steps to start the application, run tests, and format code. * Added specific commands for running unit, integration, and system tests using Jest and Playwright. ### User Roles and Authentication: * Expanded the "User Roles" section to provide detailed descriptions of the three access levels: Read-only, Maintainer, and Owner. * Updated the "Authentication System" section to describe custom login flows, role-based access, and token management features. ### System Architecture: * Introduced a new "Component Architecture" section summarizing the three main components: Next.js application, Keycloak server, and OpenSearch. ### Additional Updates: * Added new environment variables for OpenSearch configuration and clarified production settings. * Updated the "Technologies" section to reflect the modernized tech stack and tools used in the project.
This pull request simplifies the codebase by removing outdated test result handling, introduces a new schema for CTRF reports, and consolidates OpenSearch index management. The most significant changes involve the removal of legacy test result models and validation schemas, the addition of a new CTRF schema, and updates to OpenSearch index management functions. ### Removal of legacy test result handling: * Removed the entire `testResults` model, which included interfaces and enums for managing test results, test cases, test executions, and related metadata (`src/models/testResults.ts`). * Removed validation schemas for test results, test cases, and test executions, along with their associated enums, from `validationSchemas.ts`. Simplified the file to only include schemas relevant to the new CTRF format (`src/models/validationSchemas.ts`). [[1]](diffhunk://#diff-06dfead0d5aad2fee9c0a0e60319e766fa1c1ae0bb6ae1c458abf373ad672400L2-R12) [[2]](diffhunk://#diff-06dfead0d5aad2fee9c0a0e60319e766fa1c1ae0bb6ae1c458abf373ad672400L27-L102) ### Introduction of CTRF schema and updates to OpenSearch: * Added a new schema for CTRF reports, including fields for tool metadata, test summaries, and nested test results, in `test-reports.ts`. This schema replaces the legacy test result structure (`src/pages/api/test-reports.ts`). * Replaced the old `checkAndCreateTestResultsIndex` function with `ensureCtrfReportsIndexExists`, which manages the OpenSearch index for CTRF reports with updated mappings (`src/lib/opensearch.ts`). ### Code cleanup and role-based UI adjustments: * Removed the "Test Results" link from the `Header` component, simplifying the navigation bar (`src/components/Header.tsx`). * Removed unused imports and variables related to the legacy test results system from various files, including `opensearch.ts` and `test-reports.ts` (`src/lib/opensearch.ts`, `src/pages/api/test-reports.ts`). [[1]](diffhunk://#diff-beb5df27ffae23650d592e98ff7657bdb832d45e53fb4eddc9149b7bc5ec456dL3-R3) [[2]](diffhunk://#diff-4c328941739dcd20b0297faec42763253c392059165856a5fd0ce22997465909R1-L11)
This pull request introduces a comprehensive set of changes to integrate CTRF (Common Test Report Format) reporting into the project, including new configurations, scripts, and styles. The changes focus on enabling automated test result reporting, enhancing the user interface for test dashboards, and updating documentation and dependencies. ### CTRF Reporting Integration * **Environment Configuration Updates**: Added new environment variables in `.env` and `.env.example` for API authentication and CTRF reporting, including `API_BASE_URL`, `NEXT_PUBLIC_API_URL`, `TEST_API_USERNAME`, and `TEST_API_PASSWORD`. These variables support the new test results reporting functionality. [[1]](diffhunk://#diff-e9cbb0224c4a3d23a6019ba557e0cd568c1ad5e1582ff1e335fb7d99b7a1055dR76-R89) [[2]](diffhunk://#diff-a3046da0d15a27e89f2afe639b25748a7ad4d9290af3e7b1b6c1a5533c8f0a8cR76-R89) * **New CTRF Configuration File**: Introduced `ctrf.config.json` to define metadata and environment details for CTRF reports, such as `appName`, `appVersion`, and `testEnvironment`. * **Test Results Submission Script**: Added `scripts/send-test-results.js` to handle sending test results to an API endpoint. The script includes authentication support via Keycloak, report enhancement with additional metadata, and error handling. ### Documentation and Dependencies * **Documentation Updates**: Updated `README.md` to include a new section on CTRF reporting, detailing the benefits, usage, and configuration. Removed outdated environment configuration details from `docs/ENVIRONMENT.md`. [[1]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R211-R231) [[2]](diffhunk://#diff-acaafd1c78bda5df9799ea365f8240f5942c11bdfc484229cfeca80ae213ca7bL1-L140) * **Dependency Additions**: Added `jest-ctrf-json-reporter` to `package.json` for generating CTRF reports and introduced a new `send-test-results` script command. [[1]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R19) [[2]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R58) ### UI Enhancements * **Test Dashboard Styles**: Added extensive CSS styles in `src/styles/globals.css` to enhance the visual design of the test results dashboard, including cards, tables, and status badges. ### Testing Adjustments * **Integration Test Update**: Updated `tests/integration/auth.test.ts` to reflect changes in test user credentials, aligning with the new environment variable values.
This pull request introduces several changes aimed at improving code maintainability, enhancing CSS styling practices, refining authentication middleware, and adding new features. The most significant updates include adopting CSS Modules for better styling practices, extending the authentication middleware with role-based access control, and cleaning up unused comments in the `KeycloakProvider` component. ### Styling Improvements: * Introduced a new CSS architecture using CSS Modules and outlined best practices in `docs/CSS_BEST_PRACTICES.md`. This includes component-scoped styles, responsive design, and replacing inline styles with semantic CSS classes. (`[docs/CSS_BEST_PRACTICES.mdR1-R197](diffhunk://#diff-341ce19b2ba718437beb0960a7a809eedd51c2e1ec92c5be01b2266f287bcc38R1-R197)`) * Added new CSS files: `src/styles/Dashboard.module.css` and `src/styles/Charts.module.css` for component-specific styling. (`[docs/CSS_BEST_PRACTICES.mdR1-R197](diffhunk://#diff-341ce19b2ba718437beb0960a7a809eedd51c2e1ec92c5be01b2266f287bcc38R1-R197)`) ### Authentication Enhancements: * Refactored `src/auth/apiAuth.ts` to include new middleware functions (`withMethodAuth`, `createCompleteApiHandler`) for role-based access control and method-specific permissions. This improves flexibility and reduces boilerplate code. (`[[1]](diffhunk://#diff-1e7745310a4617476118aff0ce8a62f7b076c8eb17d9c1f4da65b84c30ab99a3L3-L37)`, `[[2]](diffhunk://#diff-1e7745310a4617476118aff0ce8a62f7b076c8eb17d9c1f4da65b84c30ab99a3R173-R384)`) * Added detailed logging for authentication processes, including token verification and role checks, to aid debugging. (`[src/auth/apiAuth.tsR101-R145](diffhunk://#diff-1e7745310a4617476118aff0ce8a62f7b076c8eb17d9c1f4da65b84c30ab99a3R101-R145)`) ### Code Cleanup: * Removed redundant comments in `src/auth/KeycloakProvider.tsx` to improve code readability. Examples include comments on token storage, logout handling, and error handling. (`[[1]](diffhunk://#diff-feea8c9247ae9ba4657fdd270afedd78cce48995dd525fcd12426c8bb4b38456L68)`, `[[2]](diffhunk://#diff-feea8c9247ae9ba4657fdd270afedd78cce48995dd525fcd12426c8bb4b38456L147)`, `[[3]](diffhunk://#diff-feea8c9247ae9ba4657fdd270afedd78cce48995dd525fcd12426c8bb4b38456L168-L176)`, `[[4]](diffhunk://#diff-feea8c9247ae9ba4657fdd270afedd78cce48995dd525fcd12426c8bb4b38456L185)`, `[[5]](diffhunk://#diff-feea8c9247ae9ba4657fdd270afedd78cce48995dd525fcd12426c8bb4b38456L196)`, `[[6]](diffhunk://#diff-feea8c9247ae9ba4657fdd270afedd78cce48995dd525fcd12426c8bb4b38456L238)`) ### Feature Additions: * Added a "Profile" link to the `Header` component for easier navigation to the user profile page. (`[src/components/Header.tsxR30-R33](diffhunk://#diff-940a5ae8f5fb47c5c177e82e62f63d31a84d367613d20e22294c818fd4bc562fR30-R33)`) * Added the `recharts` library as a new dependency in `package.json` to support advanced charting features. (`[package.jsonR40](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R40)`) ### Configuration Updates: * Updated `.eslintrc.json` to include `ignorePatterns` for commonly excluded directories such as `node_modules/` and `build/`. (`[.eslintrc.jsonL21-R22](diffhunk://#diff-6884918dc8291219be508e05e28965b958c734def85324f3b53858ea4702090fL21-R22)`)
This pull request introduces a variety of changes across the codebase, focusing on accessibility enhancements, code cleanup, and styling improvements. Additionally, it includes updates to ESLint configuration and dependencies, as well as the addition of new types for API responses. Below is a summary of the most important changes grouped by theme: ### Accessibility Enhancements: * [`src/components/Header.tsx`](diffhunk://#diff-940a5ae8f5fb47c5c177e82e62f63d31a84d367613d20e22294c818fd4bc562fR3-R106): Added a "Skip to main content" link for keyboard navigation and updated navigation links with `aria-label` and `aria-current` attributes for improved accessibility. * [`src/pages/admin/users.tsx`](diffhunk://#diff-f72db063050efe4fda551b0d266bf53d5ee3a883a828a1203e8b5b0f1e4fe78eL123-R123): Added accessibility features such as `aria-live` for loading states, `scope="col"` for table headers, and `aria-label` and `aria-describedby` for user role buttons in the User Management page. [[1]](diffhunk://#diff-f72db063050efe4fda551b0d266bf53d5ee3a883a828a1203e8b5b0f1e4fe78eL123-R123) [[2]](diffhunk://#diff-f72db063050efe4fda551b0d266bf53d5ee3a883a828a1203e8b5b0f1e4fe78eL158-R186) [[3]](diffhunk://#diff-f72db063050efe4fda551b0d266bf53d5ee3a883a828a1203e8b5b0f1e4fe78eR236-R297) ### Code Cleanup: * [`src/auth/KeycloakProvider.tsx`](diffhunk://#diff-feea8c9247ae9ba4657fdd270afedd78cce48995dd525fcd12426c8bb4b38456L97): Removed outdated comments related to Keycloak initialization. * [`src/auth/apiAuth.ts`](diffhunk://#diff-1e7745310a4617476118aff0ce8a62f7b076c8eb17d9c1f4da65b84c30ab99a3L101-L109): Removed excessive debug logging in the `withApiAuth` middleware function. [[1]](diffhunk://#diff-1e7745310a4617476118aff0ce8a62f7b076c8eb17d9c1f4da65b84c30ab99a3L101-L109) [[2]](diffhunk://#diff-1e7745310a4617476118aff0ce8a62f7b076c8eb17d9c1f4da65b84c30ab99a3L120-L126) ### Styling Improvements: * [`src/components/charts/TestTrendsChart.tsx`](diffhunk://#diff-d587d7b548b9b4cd55e3bb1f7ce2df7669b9eec6f442c8f6d02ccf9696d009d3L102-R175): Refactored chart component styles to use CSS modules (`Charts.module.css`) for better maintainability and consistency. [[1]](diffhunk://#diff-d587d7b548b9b4cd55e3bb1f7ce2df7669b9eec6f442c8f6d02ccf9696d009d3L102-R175) [[2]](diffhunk://#diff-d587d7b548b9b4cd55e3bb1f7ce2df7669b9eec6f442c8f6d02ccf9696d009d3L273-R260) [[3]](diffhunk://#diff-d587d7b548b9b4cd55e3bb1f7ce2df7669b9eec6f442c8f6d02ccf9696d009d3L309-R293) ### ESLint and Dependency Updates: * [`.eslintrc.json`](diffhunk://#diff-6884918dc8291219be508e05e28965b958c734def85324f3b53858ea4702090fR22-R36): Added overrides to disable specific ESLint rules for test files. * [`package.json`](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R52): Added `axe-playwright` dependency for automated accessibility testing. ### API Response Types: * [`src/pages/api/analytics/error-analysis.ts`](diffhunk://#diff-6a345755eae4e36f4f389c69d4a056ef59e2b47d26015e30683a5797adc7d957R9-R35): Introduced `SuccessResponse` and `ErrorResponse` types to standardize API responses for error analysis data.
This pull request introduces significant improvements to the ScaledTest application's design system, CSS architecture, and OpenSearch analytics. Key changes include the adoption of design tokens for consistency, the implementation of DRY principles in shared CSS modules, and the centralization of OpenSearch index creation logic. Additionally, inline styles were replaced with CSS modules for better maintainability and scalability. ### Design System and CSS Architecture Enhancements: * Added a comprehensive design system (`docs/DESIGN_SYSTEM.md`) with centralized design tokens for color palette, spacing, typography, border radius, shadows, transitions, and z-index. This ensures consistency across components. * Implemented DRY principles in shared CSS modules (`docs/DRY_PRINCIPLES_IMPLEMENTATION.md`), reducing code duplication by over 100 lines and standardizing button, alert, and card styles. ### OpenSearch Analytics Improvements: * Centralized index creation logic with a new `withIndexEnsured` utility function in `src/lib/opensearchAnalytics.ts`, ensuring automatic index creation for all analytics queries. * Updated all analytics functions (`getTestSuiteOverviewFromOpenSearch`, `getTestTrendsFromOpenSearch`, etc.) to use the `withIndexEnsured` utility, improving maintainability and reducing duplication. [[1]](diffhunk://#diff-fbf07eb94c8dfbfc842c80daa5b1cf2be2774e1e6205e83a46b06521127f57b0R120) [[2]](diffhunk://#diff-fbf07eb94c8dfbfc842c80daa5b1cf2be2774e1e6205e83a46b06521127f57b0R196-R204) [[3]](diffhunk://#diff-fbf07eb94c8dfbfc842c80daa5b1cf2be2774e1e6205e83a46b06521127f57b0L265-R285) [[4]](diffhunk://#diff-fbf07eb94c8dfbfc842c80daa5b1cf2be2774e1e6205e83a46b06521127f57b0R362-R370) [[5]](diffhunk://#diff-fbf07eb94c8dfbfc842c80daa5b1cf2be2774e1e6205e83a46b06521127f57b0R433-R441) [[6]](diffhunk://#diff-fbf07eb94c8dfbfc842c80daa5b1cf2be2774e1e6205e83a46b06521127f57b0L476-L485) ### Component and Style Updates: * Replaced inline styles in `src/components/Header.tsx` and `src/pages/admin/users.tsx` with CSS modules (`Header.module.css`, `AdminUsers.module.css`) for better scalability and adherence to the design system. [[1]](diffhunk://#diff-940a5ae8f5fb47c5c177e82e62f63d31a84d367613d20e22294c818fd4bc562fL14-R22) [[2]](diffhunk://#diff-f72db063050efe4fda551b0d266bf53d5ee3a883a828a1203e8b5b0f1e4fe78eL123-R135) * Removed redundant aliases in `src/components/charts/FlakyTestDetector.tsx` and updated references to ensure consistent naming (`failures` replaced with `failed`). [[1]](diffhunk://#diff-5456ec1e95871243e6e041754c36f93d3726d51e8294944b4976729ed4312543L59) [[2]](diffhunk://#diff-5456ec1e95871243e6e041754c36f93d3726d51e8294944b4976729ed4312543L94-R93) These changes collectively enhance the application's maintainability, scalability, and consistency while adhering to modern best practices.
This pull request introduces enhancements to testing capabilities, chart rendering, and design consistency. Key changes include the addition of component-specific Jest setup, improved chart behavior for single data points, and updated design tokens for refined color schemes. ### Testing Enhancements: * Added `tests/components/jest-setup.js` to include polyfills and mock implementations for `IntersectionObserver`, `ResizeObserver`, and other globals required for component testing. * Created `tests/components/mockData.ts` to generate mock data for test trends, including scenarios like single data points, zero values, and varied patterns. * Added `tests/components/setup.ts` for comprehensive mocking of Next.js components, authentication contexts, and CSS modules, ensuring smooth testing of dashboard components. * Updated `package.json` with new testing dependencies (`@testing-library/react`, `@testing-library/jest-dom`, etc.) and a `test:components` script for component-specific tests. [[1]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R17) [[2]](diffhunk://#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519R46-R48) ### Chart Rendering Improvements: * Enhanced `TestTrendsChart` in `src/components/charts/TestTrendsChart.tsx` to display informative messages for single data points and added dots for better visualization of individual data points. [[1]](diffhunk://#diff-d587d7b548b9b4cd55e3bb1f7ce2df7669b9eec6f442c8f6d02ccf9696d009d3R176-R183) [[2]](diffhunk://#diff-d587d7b548b9b4cd55e3bb1f7ce2df7669b9eec6f442c8f6d02ccf9696d009d3R259-R275) * Simplified tooltip formatting logic to improve readability and maintainability. ### Design Updates: * Updated primary and secondary color variables in `src/styles/design-tokens.css` for a more cohesive and modern appearance. [[1]](diffhunk://#diff-21ace61b68e60533fc33086a2f64fd34482f1ff5caa7bec4ae3bcfb70521c7acL5-R9) [[2]](diffhunk://#diff-21ace61b68e60533fc33086a2f64fd34482f1ff5caa7bec4ae3bcfb70521c7acL40-R41) * Refined inactive toggle button color in `src/styles/Dashboard.module.css` for better contrast and accessibility.
This pull request introduces a new demo data generation feature for CTRF test reports and enhances the test trends visualization with hourly granularity. It also includes updates to the `README.md`, `package.json`, and various scripts and components to support these changes. ### Demo Data Generation Feature: * **README.md**: Added documentation for demo data generation, including commands to create realistic test reports for dashboard visualization. [[1]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R12) [[2]](diffhunk://#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R130-R170) * **`docs/DEMO_DATA_GUIDE.md`**: Created a detailed guide for using the demo data generator, including available scenarios, features, and best practices. * **`package.json`**: Added a new script `demo-data` to generate demo data using `scripts/generate-demo-data.js`. ### Test Trends Visualization Enhancements: * **`src/components/charts/TestTrendsChart.tsx`**: Updated the `LineChart` and `AreaChart` components to display hourly data with formatted date-time labels. Improved tooltip formatting for better readability. [[1]](diffhunk://#diff-d587d7b548b9b4cd55e3bb1f7ce2df7669b9eec6f442c8f6d02ccf9696d009d3L185-R201) [[2]](diffhunk://#diff-d587d7b548b9b4cd55e3bb1f7ce2df7669b9eec6f442c8f6d02ccf9696d009d3L207-R219) [[3]](diffhunk://#diff-d587d7b548b9b4cd55e3bb1f7ce2df7669b9eec6f442c8f6d02ccf9696d009d3L277-R316) * **`src/lib/opensearchAnalytics.ts`**: Modified the OpenSearch query to use `results.summary.start` for hourly aggregations instead of `storedAt`. Added logic to filter out empty data points. [[1]](diffhunk://#diff-fbf07eb94c8dfbfc842c80daa5b1cf2be2774e1e6205e83a46b06521127f57b0L201-R202) [[2]](diffhunk://#diff-fbf07eb94c8dfbfc842c80daa5b1cf2be2774e1e6205e83a46b06521127f57b0L214-R225) [[3]](diffhunk://#diff-fbf07eb94c8dfbfc842c80daa5b1cf2be2774e1e6205e83a46b06521127f57b0L256-R260) ### Mock Data Updates: * **`tests/components/mockData.ts`**: Updated mock data generation to include hourly timestamps for improved testing of the new visualization granularity. [[1]](diffhunk://#diff-be2dbcbfd88f933de78d3eec7f134a5973e8b062c885e1d552fac9f656783779L22-R26) [[2]](diffhunk://#diff-be2dbcbfd88f933de78d3eec7f134a5973e8b062c885e1d552fac9f656783779L49-R53) [[3]](diffhunk://#diff-be2dbcbfd88f933de78d3eec7f134a5973e8b062c885e1d552fac9f656783779L67-R71) [[4]](diffhunk://#diff-be2dbcbfd88f933de78d3eec7f134a5973e8b062c885e1d552fac9f656783779L77-R81) [[5]](diffhunk://#diff-be2dbcbfd88f933de78d3eec7f134a5973e8b062c885e1d552fac9f656783779L95-R99) [[6]](diffhunk://#diff-be2dbcbfd88f933de78d3eec7f134a5973e8b062c885e1d552fac9f656783779L105-R109) ### Script Enhancements: * **`scripts/send-test-results.js`**: Enhanced the `sendTestResults` function to accept custom demo data for API submission, enabling integration with the demo data generator. [[1]](diffhunk://#diff-2185eecc7c2e39d7df8b15a5e783a2c1c75992b22a1c370238b982788b945e41R106-R116) [[2]](diffhunk://#diff-2185eecc7c2e39d7df8b15a5e783a2c1c75992b22a1c370238b982788b945e41L119-R132) [[3]](diffhunk://#diff-2185eecc7c2e39d7df8b15a5e783a2c1c75992b22a1c370238b982788b945e41L234-R245) ### API and Type Updates: * **`src/pages/api/analytics/test-trends.ts`**: Updated the API endpoint to reflect the switch to hourly aggregations based on `results.summary.start`. * **`src/types/dashboard.ts`**: Adjusted the `TestTrendsData` type to accommodate hourly date-time strings.
This pull request refactors the `TestTrendsChart` component in `src/components/charts/TestTrendsChart.tsx` to improve code readability and reusability by introducing a helper function for date-time formatting and replacing inline formatting logic with this new function. Refactoring for code reuse: * Added a helper function `formatDateTime` to handle date-time formatting consistently across the chart. * Updated the `tickFormatter` property in the `XAxis` to use the `formatDateTime` function instead of inline formatting logic. [[1]](diffhunk://#diff-d587d7b548b9b4cd55e3bb1f7ce2df7669b9eec6f442c8f6d02ccf9696d009d3L193-R203) [[2]](diffhunk://#diff-d587d7b548b9b4cd55e3bb1f7ce2df7669b9eec6f442c8f6d02ccf9696d009d3L297-R304) * Updated the `labelFormatter` property in the `Tooltip` to use the `formatDateTime` function for consistent formatting.
This pull request introduces significant updates to the test analysis charts, focusing on improving flaky test detection and error analysis. The changes include replacing the `FlakyTestDetector` component with a more robust `FlakyTestDetectionChart`, removing outdated tooltip implementations, and adding a new `TestRunGrid` component for visualizing test execution patterns. Additionally, minor updates were made to error analysis tooltips and coding standards documentation. ### Updates to Flaky Test Detection: * **Replaced `FlakyTestDetector` with `FlakyTestDetectionChart`:** The new component uses OpenSearch data and provides enhanced flaky test analysis, including failure rates, average durations, and investigation tips. It also introduces a grid visualization for test execution patterns. (`src/components/charts/FlakyTestDetectionChart.tsx` - [[1]](diffhunk://#diff-31554466e4330a2b3247a1b26d8a4629d9bd28a484ada9d144697d0f850875f6R1-R267) `src/components/charts/index.ts` - [[2]](diffhunk://#diff-ec5f4cc89181ef443f3e1d60c5061f06fbde0afb8ca89da98541ff69b5c122d9L2-R2) * **Removed `FlakyTestDetector`:** The old component was deprecated and removed entirely. (`src/components/charts/FlakyTestDetector.tsx` - [src/components/charts/FlakyTestDetector.tsxL1-L188](diffhunk://#diff-5456ec1e95871243e6e041754c36f93d3726d51e8294944b4976729ed4312543L1-L188)) ### New Test Run Visualization: * **Added `TestRunGrid` component:** Provides a detailed grid view of test execution history, including status icons, timestamps, and durations. It highlights recent failures with error messages for easier debugging. (`src/components/charts/TestRunGrid.tsx` - [src/components/charts/TestRunGrid.tsxR1-R127](diffhunk://#diff-13f7893e696d3e1499ae020db465ab4e9f4d093dfcb23232781b5639c52fe6c9R1-R127)) ### Updates to Error Analysis: * **Simplified tooltip implementation:** Removed the custom tooltip in `ErrorAnalysis` and replaced it with a streamlined version that focuses on error counts and labels. (`src/components/charts/ErrorAnalysis.tsx` - [[1]](diffhunk://#diff-d22554a6b55cd9a3e34a709f74a8df3264531df04c321838fedf657027a9e9b6L145-L190) [[2]](diffhunk://#diff-d22554a6b55cd9a3e34a709f74a8df3264531df04c321838fedf657027a9e9b6L261-R218) ### Documentation Updates: * **Added coding standards documentation:** Introduced basic guidelines for AI coding standards and domain preferences. (`.github/instructions/copilot.instructions.md` - [.github/instructions/copilot.instructions.mdR1-R5](diffhunk://#diff-73a4f7e0000f83075fbc7fa6c83a2a9a8d0e7759ffed11d1662aafb317d16411R1-R5))
This pull request introduces significant updates to documentation files, consolidating and standardizing coding practices, design system guidelines, and project architecture. The most important changes include the addition of a comprehensive GitHub Copilot instructions file, the removal of outdated CSS best practices and design system documentation, and the elimination of demo data generation guidelines. These changes aim to streamline project standards and improve maintainability. ### Documentation Updates * [`.github/copilot-instructions.md`](diffhunk://#diff-227c2c26cb2ee0ce0f46a320fc48fbcbdf21801a57f59161b1d0861e8aad55f5R1-R198): Added a detailed guide outlining coding standards, CSS and styling principles, project architecture, accessibility requirements, and testing practices for the ScaledTest project. This document emphasizes consistency, DRY principles, and accessibility while discouraging anti-patterns like inline styles and commented-out code. ### Removal of Outdated Documentation * [`docs/CSS_BEST_PRACTICES.md`](diffhunk://#diff-341ce19b2ba718437beb0960a7a809eedd51c2e1ec92c5be01b2266f287bcc38L1-L197): Removed a document detailing outdated CSS practices, such as the use of inline styles and anti-patterns, in favor of the updated guidelines in `.github/copilot-instructions.md`. * [`docs/DESIGN_SYSTEM.md`](diffhunk://#diff-b9356668f945997c5df09446e4e30f2cfaafc203a8c0f7c9ea9b2517ba182350L1-L143): Removed a document describing the design system and CSS architecture, including design tokens and shared styles, as its contents are now integrated into the new instructions file. ### Elimination of Demo Data Guidelines * [`docs/DEMO_DATA_GUIDE.md`](diffhunk://#diff-62ecbd6a27c72003dd66f0991c61d12719b0efc2f0840a6ac1e9e715cccee0efL1-L223): Removed a document providing instructions for generating demo data for CTRF reports, including scenarios and visualization benefits, as it is no longer relevant to the updated project scope. ### Cleanup of Redundant Files * [`.github/instructions/copilot.instructions.md`](diffhunk://#diff-73a4f7e0000f83075fbc7fa6c83a2a9a8d0e7759ffed11d1662aafb317d16411L1-L5): Deleted a minimal placeholder file that briefly described coding standards and preferences for AI, as its content is now fully covered in the new instructions file.
This pull request updates `.github/copilot-instructions.md` to refine coding standards, improve documentation, and establish new guidelines across multiple themes, including TypeScript conventions, authentication, error handling, performance optimization, testing, and API integration. It also introduces mechanisms for self-updating instructions and emphasizes consistency in package management. Below are the most important changes grouped by theme: ### TypeScript and Component Standards: * Updated TypeScript file extension guidelines, emphasizing `.ts` for non-React code and `.tsx` for React components, while discouraging `.js` and `.jsx` files. * Introduced a standardized React component definition pattern, including accessibility attributes and semantic HTML elements. ### Authentication and Error Handling: * Added authentication implementation standards using `useAuth()` and `withAuth` for state management and page protection, along with role-based rendering patterns. * Established error handling standards, including React error boundaries, try/catch blocks for async operations, and consistent validation schemas. ### Performance Optimization: * Defined React and Next.js performance optimization practices, such as using React.memo, virtualized lists, and Incremental Static Regeneration. ### Testing and Documentation: * Introduced accessibility testing with axe-playwright and enforced separation of test types (unit, component, integration, UI, and system tests). * Prohibited the creation of a separate `docs` folder, mandating documentation updates in the README instead. ### API Integration and Package Management: * Established standards for API client creation, response handling, and authentication, including retry logic and caching strategies. * Added dependency management rules, such as using exact versions, documenting purposes, and addressing security vulnerabilities promptly.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Closes droplet sc-yqnno. --------- Co-authored-by: Cistern Agent <agent@cistern.local>
…loyment.yaml (#209) Closes droplet sc-5wjqx. Co-authored-by: Cistern Agent <agent@cistern.local>
Closes droplet sc-2g9qe. --------- Co-authored-by: Cistern Agent <agent@cistern.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Closes droplet sc-m9txz. --------- Co-authored-by: Cistern Agent <agent@cistern.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Closes droplet sc-o4uyx. --------- Co-authored-by: Cistern Agent <agent@cistern.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Closes droplet sc-flli2. --------- Co-authored-by: Cistern Agent <agent@cistern.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Closes droplet sc-hl1ng. Co-authored-by: Cistern Agent <agent@cistern.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Closes droplet sc-1wpl0. ## Summary Add a Triage Summary panel to the run detail page showing: overall summary paragraph, collapsible failure clusters labeled with root cause and listing affected tests, and per-failure new/flaky/regression badges. Show a loading skeleton while triage is pending; show a graceful fallback message when triage failed. ## Details - Panel present on all completed runs with failures - Correctly reflects cluster structure from the triage API - Mobile-responsive with no layout regression - Includes polling for pending triage status - Robust 404 detection with ApiError class - Comprehensive test coverage All 278 tests passing. Ready to merge. --------- Co-authored-by: Cistern Agent <agent@cistern.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Closes droplet sc-qzlme. --------- Co-authored-by: Cistern Agent <agent@cistern.local>
… status (#218) Closes droplet sc-ixl4c. --------- Co-authored-by: Cistern Agent <agent@cistern.local>
Adds openclaw/scaledtest/SKILL.md — describes the ScaledTest platform for the OpenClaw assistant (dev workflow, seed users, Cistern integration). Co-authored-by: Lobsterdog <lobsterdog@openclaw.ai>
Closes droplet sc-8jm3x. --------- Co-authored-by: Cistern Agent <agent@cistern.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Closes droplet sc-8q5yl. --------- Co-authored-by: Cistern Agent <agent@cistern.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Closes droplet sc-96dhe. Co-authored-by: Cistern Agent <agent@cistern.local>
…update (#217) Bumps the npm_and_yarn group with 1 update in the /sdk directory: [picomatch](https://github.com/micromatch/picomatch). Bumps the npm_and_yarn group with 1 update in the /frontend directory: [picomatch](https://github.com/micromatch/picomatch). Updates `picomatch` from 4.0.3 to 4.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>4.0.4</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334"><code>e5474fc</code></a> Publish 4.0.4</li> <li><a href="https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903"><code>4516eb5</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d"><code>5eceecd</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238"><code>0db7dd7</code></a> Run benchmark again against latest minimatch version (<a href="https://redirect.github.com/micromatch/picomatch/issues/161">#161</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a"><code>9500377</code></a> docs: clarify what brace expansion syntax is and isn't supported (<a href="https://redirect.github.com/micromatch/picomatch/issues/134">#134</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171"><code>2661f23</code></a> fix typo in globstars.js test name (<a href="https://redirect.github.com/micromatch/picomatch/issues/138">#138</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7"><code>1798b07</code></a> docs: fix <code>makeRe</code> example (<a href="https://redirect.github.com/micromatch/picomatch/issues/143">#143</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8"><code>9d76bc5</code></a> chore: undocument removed options (<a href="https://redirect.github.com/micromatch/picomatch/issues/146">#146</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d"><code>e4d718b</code></a> Remove unused time-require (<a href="https://redirect.github.com/micromatch/picomatch/issues/160">#160</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76"><code>38dffeb</code></a> chore(deps): pin dependencies (<a href="https://redirect.github.com/micromatch/picomatch/issues/158">#158</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">compare view</a></li> </ul> </details> <br /> Updates `picomatch` from 4.0.3 to 4.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/micromatch/picomatch/releases">picomatch's releases</a>.</em></p> <blockquote> <h2>4.0.4</h2> <p>This is a security release fixing several security relevant issues.</p> <h2>What's Changed</h2> <ul> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj">CVE-2026-33671</a></li> <li>Fix for <a href="https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p">CVE-2026-33672</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/micromatch/picomatch/commit/e5474fc1a4d7991870058170407dda8a42be5334"><code>e5474fc</code></a> Publish 4.0.4</li> <li><a href="https://github.com/micromatch/picomatch/commit/4516eb521f13a46b2fe1a1d2c9ef6b20ddc0e903"><code>4516eb5</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/5eceecd27543b8e056b9307d69e105ea03618a7d"><code>5eceecd</code></a> Merge commit from fork</li> <li><a href="https://github.com/micromatch/picomatch/commit/0db7dd70651ca7c8265601c0442a996ed32e3238"><code>0db7dd7</code></a> Run benchmark again against latest minimatch version (<a href="https://redirect.github.com/micromatch/picomatch/issues/161">#161</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/95003777eb1c60dec09495a8231fa2ba4054d76a"><code>9500377</code></a> docs: clarify what brace expansion syntax is and isn't supported (<a href="https://redirect.github.com/micromatch/picomatch/issues/134">#134</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/2661f23eca86c8b4a2b14815b9b2b3b74bd5a171"><code>2661f23</code></a> fix typo in globstars.js test name (<a href="https://redirect.github.com/micromatch/picomatch/issues/138">#138</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/1798b07e9df59500b9cf567294d44d559032f4c7"><code>1798b07</code></a> docs: fix <code>makeRe</code> example (<a href="https://redirect.github.com/micromatch/picomatch/issues/143">#143</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/9d76bc57a03b7f57cc4ca516c8071daf632bafd8"><code>9d76bc5</code></a> chore: undocument removed options (<a href="https://redirect.github.com/micromatch/picomatch/issues/146">#146</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/e4d718bbfb47e4f030ab2612b5b04a9297fe272d"><code>e4d718b</code></a> Remove unused time-require (<a href="https://redirect.github.com/micromatch/picomatch/issues/160">#160</a>)</li> <li><a href="https://github.com/micromatch/picomatch/commit/38dffeb16221cc8eb8981524fb6895dd2aaaba76"><code>38dffeb</code></a> chore(deps): pin dependencies (<a href="https://redirect.github.com/micromatch/picomatch/issues/158">#158</a>)</li> <li>Additional commits viewable in <a href="https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/MichielDean/ScaledTest/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/build-push-action/releases">docker/build-push-action's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1470">docker/build-push-action#1470</a></li> <li>Remove deprecated <code>DOCKER_BUILD_NO_SUMMARY</code> and <code>DOCKER_BUILD_EXPORT_RETENTION_DAYS</code> envs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1473">docker/build-push-action#1473</a></li> <li>Remove legacy export-build tool support for build summary by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1474">docker/build-push-action#1474</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1466">docker/build-push-action#1466</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1454">docker/build-push-action#1454</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.79.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1453">docker/build-push-action#1453</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1472">docker/build-push-action#1472</a> <a href="https://redirect.github.com/docker/build-push-action/pull/1479">docker/build-push-action#1479</a></li> <li>Bump minimatch from 3.1.2 to 3.1.5 in <a href="https://redirect.github.com/docker/build-push-action/pull/1463">docker/build-push-action#1463</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0">https://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0</a></p> <h2>v6.19.2</h2> <ul> <li>Preserve port in <code>GIT_AUTH_TOKEN</code> host by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1458">docker/build-push-action#1458</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.19.1...v6.19.2">https://github.com/docker/build-push-action/compare/v6.19.1...v6.19.2</a></p> <h2>v6.19.1</h2> <ul> <li>Derive <code>GIT_AUTH_TOKEN</code> host from GitHub server URL by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1456">docker/build-push-action#1456</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.19.0...v6.19.1">https://github.com/docker/build-push-action/compare/v6.19.0...v6.19.1</a></p> <h2>v6.19.0</h2> <ul> <li>Scope default git auth token to <code>github.com</code> by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1451">docker/build-push-action#1451</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/build-push-action/pull/1396">docker/build-push-action#1396</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/build-push-action/pull/1391">docker/build-push-action#1391</a></li> <li>Bump js-yaml from 3.14.1 to 3.14.2 in <a href="https://redirect.github.com/docker/build-push-action/pull/1429">docker/build-push-action#1429</a></li> <li>Bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/build-push-action/pull/1446">docker/build-push-action#1446</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/build-push-action/pull/1398">docker/build-push-action#1398</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/build-push-action/pull/1397">docker/build-push-action#1397</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.18.0...v6.19.0">https://github.com/docker/build-push-action/compare/v6.18.0...v6.19.0</a></p> <h2>v6.18.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.61.0 to 0.62.1 in <a href="https://redirect.github.com/docker/build-push-action/pull/1381">docker/build-push-action#1381</a></li> </ul> <blockquote> <p>[!NOTE] <a href="https://docs.docker.com/build/ci/github-actions/build-summary/">Build summary</a> is now supported with <a href="https://docs.docker.com/build-cloud/">Docker Build Cloud</a>.</p> </blockquote> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.17.0...v6.18.0">https://github.com/docker/build-push-action/compare/v6.17.0...v6.18.0</a></p> <h2>v6.17.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.59.0 to 0.61.0 by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1364">docker/build-push-action#1364</a></li> </ul> <blockquote> <p>[!NOTE] Build record is now exported using the <a href="https://docs.docker.com/reference/cli/docker/buildx/history/export/"><code>buildx history export</code></a> command instead of the legacy export-build tool.</p> </blockquote> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/build-push-action/compare/v6.16.0...v6.17.0">https://github.com/docker/build-push-action/compare/v6.16.0...v6.17.0</a></p> <h2>v6.16.0</h2> <ul> <li>Handle no default attestations env var by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/build-push-action/pull/1343">docker/build-push-action#1343</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/build-push-action/commit/d08e5c354a6adb9ed34480a06d141179aa583294"><code>d08e5c3</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1479">#1479</a> from docker/dependabot/npm_and_yarn/docker/actions-t...</li> <li><a href="https://github.com/docker/build-push-action/commit/cbd2dff9a0f0ef650dcce9c635bb2f877ab37be5"><code>cbd2dff</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/f76f51f12900bb84aa9d1a498f35870ef1f76675"><code>f76f51f</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.78.0 to 0.79.0</li> <li><a href="https://github.com/docker/build-push-action/commit/7d03e66b5f24d6b390ab64b132795fd3ef4152c8"><code>7d03e66</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1473">#1473</a> from crazy-max/rm-deprecated-envs</li> <li><a href="https://github.com/docker/build-push-action/commit/98f853d923dd281a3bcbbb98a0712a91aa913322"><code>98f853d</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/build-push-action/commit/cadccf6e8c7385c86d9cb0800cf07672645cc238"><code>cadccf6</code></a> remove deprecated envs</li> <li><a href="https://github.com/docker/build-push-action/commit/03fe8775e325e34fffbda44c73316f8287aea372"><code>03fe877</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1478">#1478</a> from docker/dependabot/github_actions/docker/setup-b...</li> <li><a href="https://github.com/docker/build-push-action/commit/827e36650e1fa7386d09422b5ba3c068fdbe0a1d"><code>827e366</code></a> chore(deps): Bump docker/setup-buildx-action from 3 to 4</li> <li><a href="https://github.com/docker/build-push-action/commit/e25db879d025485a4eebd64fea9bb88a43632da6"><code>e25db87</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1474">#1474</a> from crazy-max/rm-export-build-tool</li> <li><a href="https://github.com/docker/build-push-action/commit/1ac2573b5c8b4e4621d5453ab2a99e83725242bd"><code>1ac2573</code></a> Merge pull request <a href="https://redirect.github.com/docker/build-push-action/issues/1470">#1470</a> from crazy-max/node24</li> <li>Additional commits viewable in <a href="https://github.com/docker/build-push-action/compare/v6...v7">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/929">docker/login-action#929</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/927">docker/login-action#927</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/login-action/pull/919">docker/login-action#919</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> from 3.890.0 to 3.1000.0 in <a href="https://redirect.github.com/docker/login-action/pull/909">docker/login-action#909</a> <a href="https://redirect.github.com/docker/login-action/pull/920">docker/login-action#920</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> from 3.890.0 to 3.1000.0 in <a href="https://redirect.github.com/docker/login-action/pull/909">docker/login-action#909</a> <a href="https://redirect.github.com/docker/login-action/pull/920">docker/login-action#920</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.63.0 to 0.77.0 in <a href="https://redirect.github.com/docker/login-action/pull/910">docker/login-action#910</a> <a href="https://redirect.github.com/docker/login-action/pull/928">docker/login-action#928</a></li> <li>Bump <code>@isaacs/brace-expansion</code> from 5.0.0 to 5.0.1 in <a href="https://redirect.github.com/docker/login-action/pull/921">docker/login-action#921</a></li> <li>Bump js-yaml from 4.1.0 to 4.1.1 in <a href="https://redirect.github.com/docker/login-action/pull/901">docker/login-action#901</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.7.0...v4.0.0">https://github.com/docker/login-action/compare/v3.7.0...v4.0.0</a></p> <h2>v3.7.0</h2> <ul> <li>Add <code>scope</code> input to set scopes for the authentication token by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/912">docker/login-action#912</a></li> <li>Add support for AWS European Sovereign Cloud ECR by <a href="https://github.com/dphi"><code>@dphi</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/914">docker/login-action#914</a></li> <li>Ensure passwords are redacted with <code>registry-auth</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/911">docker/login-action#911</a></li> <li>build(deps): bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/login-action/pull/915">docker/login-action#915</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.6.0...v3.7.0">https://github.com/docker/login-action/compare/v3.6.0...v3.7.0</a></p> <h2>v3.6.0</h2> <ul> <li>Add <code>registry-auth</code> input for raw authentication to registries by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/887">docker/login-action#887</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/login-action/pull/883">docker/login-action#883</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/login-action/pull/880">docker/login-action#880</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/login-action/pull/879">docker/login-action#879</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/login-action/pull/881">docker/login-action#881</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.5.0...v3.6.0">https://github.com/docker/login-action/compare/v3.5.0...v3.6.0</a></p> <h2>v3.5.0</h2> <ul> <li>Support dual-stack endpoints for AWS ECR by <a href="https://github.com/Spacefish"><code>@Spacefish</code></a> <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/874">docker/login-action#874</a> <a href="https://redirect.github.com/docker/login-action/pull/876">docker/login-action#876</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.57.0 to 0.62.1 in <a href="https://redirect.github.com/docker/login-action/pull/870">docker/login-action#870</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/login-action/pull/875">docker/login-action#875</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.4.0...v3.5.0">https://github.com/docker/login-action/compare/v3.4.0...v3.5.0</a></p> <h2>v3.4.0</h2> <ul> <li>Bump <code>@actions/core</code> from 1.10.1 to 1.11.1 in <a href="https://redirect.github.com/docker/login-action/pull/791">docker/login-action#791</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.766.0 in <a href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a> <a href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.758.0 in <a href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a> <a href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.35.0 to 0.57.0 in <a href="https://redirect.github.com/docker/login-action/pull/801">docker/login-action#801</a> <a href="https://redirect.github.com/docker/login-action/pull/806">docker/login-action#806</a> <a href="https://redirect.github.com/docker/login-action/pull/858">docker/login-action#858</a></li> <li>Bump cross-spawn from 7.0.3 to 7.0.6 in <a href="https://redirect.github.com/docker/login-action/pull/814">docker/login-action#814</a></li> <li>Bump https-proxy-agent from 7.0.5 to 7.0.6 in <a href="https://redirect.github.com/docker/login-action/pull/823">docker/login-action#823</a></li> <li>Bump path-to-regexp from 6.2.2 to 6.3.0 in <a href="https://redirect.github.com/docker/login-action/pull/777">docker/login-action#777</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.3.0...v3.4.0">https://github.com/docker/login-action/compare/v3.3.0...v3.4.0</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/b45d80f862d83dbcd57f89517bcf500b2ab88fb2"><code>b45d80f</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/929">#929</a> from crazy-max/node24</li> <li><a href="https://github.com/docker/login-action/commit/176cb9c12abea98dfe844071c0999ff6ee9688a7"><code>176cb9c</code></a> node 24 as default runtime</li> <li><a href="https://github.com/docker/login-action/commit/cad89843109a11cb6f69f52fe695c42cf69d57d3"><code>cad8984</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/920">#920</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/92cbcb231ed341e7dc71693351b21f5ba65f8349"><code>92cbcb2</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/5a2d6a71bd3e0cb4abb6faae33f3dde61ece8e5b"><code>5a2d6a7</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/44512b6b2e08b878e82b107b394fcd1af5748e63"><code>44512b6</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/928">#928</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/login-action/commit/28737a5e46bc0c62910ef429b2e55f9cabbbd5df"><code>28737a5</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/dac079354afbd8db4c3b58b8cc6946573479b2a6"><code>dac0793</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.76.0 to 0.77.0</li> <li><a href="https://github.com/docker/login-action/commit/62029f315d6d05c8646343320e4a1552e5f1c77a"><code>62029f3</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/919">#919</a> from docker/dependabot/npm_and_yarn/actions/core-3.0.0</li> <li><a href="https://github.com/docker/login-action/commit/08c8f064bf22a1c55918ee608a81d87b13cc4461"><code>08c8f06</code></a> chore: update generated content</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/v3...v4">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-buildx-action/releases">docker/setup-buildx-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/483">docker/setup-buildx-action#483</a></li> <li>Remove deprecated inputs/outputs by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/464">docker/setup-buildx-action#464</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/481">docker/setup-buildx-action#481</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/475">docker/setup-buildx-action#475</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.63.0 to 0.79.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/482">docker/setup-buildx-action#482</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/485">docker/setup-buildx-action#485</a></li> <li>Bump js-yaml from 4.1.0 to 4.1.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/452">docker/setup-buildx-action#452</a></li> <li>Bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/472">docker/setup-buildx-action#472</a></li> <li>Bump minimatch from 3.1.2 to 3.1.5 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/480">docker/setup-buildx-action#480</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0">https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0</a></p> <h2>v3.12.0</h2> <ul> <li>Deprecate <code>install</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/455">docker/setup-buildx-action#455</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/434">docker/setup-buildx-action#434</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/436">docker/setup-buildx-action#436</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/432">docker/setup-buildx-action#432</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/435">docker/setup-buildx-action#435</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0">https://github.com/docker/setup-buildx-action/compare/v3.11.1...v3.12.0</a></p> <h2>v3.11.1</h2> <ul> <li>Fix <code>keep-state</code> not being respected by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/429">docker/setup-buildx-action#429</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.11.0...v3.11.1">https://github.com/docker/setup-buildx-action/compare/v3.11.0...v3.11.1</a></p> <h2>v3.11.0</h2> <ul> <li>Keep BuildKit state support by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/427">docker/setup-buildx-action#427</a></li> <li>Remove aliases created when installing by default by <a href="https://github.com/hashhar"><code>@hashhar</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/139">docker/setup-buildx-action#139</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.62.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/422">docker/setup-buildx-action#422</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/425">docker/setup-buildx-action#425</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.10.0...v3.11.0">https://github.com/docker/setup-buildx-action/compare/v3.10.0...v3.11.0</a></p> <h2>v3.10.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.54.0 to 0.56.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/408">docker/setup-buildx-action#408</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0">https://github.com/docker/setup-buildx-action/compare/v3.9.0...v3.10.0</a></p> <h2>v3.9.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.48.0 to 0.54.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/402">docker/setup-buildx-action#402</a> <a href="https://redirect.github.com/docker/setup-buildx-action/pull/404">docker/setup-buildx-action#404</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.8.0...v3.9.0">https://github.com/docker/setup-buildx-action/compare/v3.8.0...v3.9.0</a></p> <h2>v3.8.0</h2> <ul> <li>Make cloud prefix optional to download buildx if driver is cloud by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/390">docker/setup-buildx-action#390</a></li> <li>Bump <code>@actions/core</code> from 1.10.1 to 1.11.1 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/370">docker/setup-buildx-action#370</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.39.0 to 0.48.0 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/389">docker/setup-buildx-action#389</a></li> <li>Bump cross-spawn from 7.0.3 to 7.0.6 in <a href="https://redirect.github.com/docker/setup-buildx-action/pull/382">docker/setup-buildx-action#382</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-buildx-action/compare/v3.7.1...v3.8.0">https://github.com/docker/setup-buildx-action/compare/v3.7.1...v3.8.0</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/setup-buildx-action/commit/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd"><code>4d04d5d</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/485">#485</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/cd74e05d9bae4eeec789f90ba15dc6fb4b60ae5d"><code>cd74e05</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/eee38ec7b3ed034ee896d3e212e5d11c04562b84"><code>eee38ec</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.77.0 to 0.79.0</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/7a83f65b5a215b3c81b210dafdc20362bd2b4e24"><code>7a83f65</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/484">#484</a> from docker/dependabot/github_actions/docker/setup-qe...</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/a5aa96747d67f62520b42af91aeb306e7374b327"><code>a5aa967</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/464">#464</a> from crazy-max/rm-deprecated</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/e73d53fa4ed86ff46faaf2b13a228d6e93c51af3"><code>e73d53f</code></a> build(deps): bump docker/setup-qemu-action from 3 to 4</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/28a438e9ed9ef7ae2ebd0bf839039005c9501312"><code>28a438e</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-buildx-action/issues/483">#483</a> from crazy-max/node24</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/034e9d37dd436b56b0167bea5a11ab731413e8cf"><code>034e9d3</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/b4664d8fd0ba15ff14560ab001737c666076d5be"><code>b4664d8</code></a> remove deprecated inputs/outputs</li> <li><a href="https://github.com/docker/setup-buildx-action/commit/a8257dec35f244ad06b4ff6c90fdd2ba97f262ba"><code>a8257de</code></a> node 24 as default runtime</li> <li>Additional commits viewable in <a href="https://github.com/docker/setup-buildx-action/compare/v3...v4">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…UI (#204) Closes droplet sc-a0jg1. Co-authored-by: Lobsterdog <lobsterdog@openclaw.ai>
…o to running instance) (#205) Closes droplet sc-1ueqa. Adds docs/deployment/getting-started.md with comprehensive self-hosting guide covering: - Deployment method selection (docker-compose vs k8s) - Required environment variables - First-run steps (first user registration, team creation, API token generation) - Instance verification - CI pipeline integration All prior reviewer findings resolved: - Auth endpoint paths corrected (/auth/register, /auth/login) - First-user-becomes-owner logic implemented with unique partial index race fix - Duplicate test field removed in QA review --------- Co-authored-by: Cistern Agent <agent@cistern.local> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Lobsterdog <lobsterdog@openclaw.ai>
…pm_and_yarn group across 1 directory (#226) Bumps the npm_and_yarn group with 1 update in the /frontend directory: [lodash](https://github.com/lodash/lodash). Updates `lodash` from 4.17.23 to 4.18.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases">lodash's releases</a>.</em></p> <blockquote> <h2>4.18.1</h2> <h2>Bugs</h2> <p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code> <code>lodash-es</code> <code>lodash-amd</code> and <code>lodash.template</code> when using the <code>template</code> and <code>fromPairs</code> functions from the modular builds. See <a href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769">lodash/lodash#6167</a></p> <p>These defects were related to how lodash distributions are built from the main branch using <a href="https://github.com/lodash-archive/lodash-cli">https://github.com/lodash-archive/lodash-cli</a>. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.</p> <p>There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:</p> <ul> <li><code>lodash</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm">https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li> <li><code>lodash-es</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es">https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li> <li><code>lodash-amd</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd">https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li> <li><code>lodash.template</code><a href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages">https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li> </ul> <h2>4.18.0</h2> <h2>v4.18.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0">https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p> <h3>Security</h3> <p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed prototype pollution via <code>constructor</code>/<code>prototype</code> path traversal (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh">GHSA-f23m-r3pf-42rh</a>, <a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b">fe8d32e</a>). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now <code>constructor</code> and <code>prototype</code> are blocked unconditionally as non-terminal path keys, matching <code>baseSet</code>. Calls that previously returned <code>true</code> and deleted the property now return <code>false</code> and leave the target untouched.</p> <p><strong><code>_.template</code></strong>: Fixed code injection via <code>imports</code> keys (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc">GHSA-r5fr-rjxr-66jc</a>, CVE-2026-4800, <a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6">879aaa9</a>). Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code> option was validated against <code>reForbiddenIdentifierChars</code> but <code>importsKeys</code> was left unguarded, allowing code injection via the same <code>Function()</code> constructor sink. <code>imports</code> keys containing forbidden identifier characters now throw <code>"Invalid imports option passed into _.template"</code>.</p> <h3>Docs</h3> <ul> <li>Add security notice for <code>_.template</code> in threat model and API docs (<a href="https://redirect.github.com/lodash/lodash/pull/6099">#6099</a>)</li> <li>Document <code>lower > upper</code> behavior in <code>_.random</code> (<a href="https://redirect.github.com/lodash/lodash/pull/6115">#6115</a>)</li> <li>Fix quotes in <code>_.compact</code> jsdoc (<a href="https://redirect.github.com/lodash/lodash/pull/6090">#6090</a>)</li> </ul> <h3><code>lodash.*</code> modular packages</h3> <p><a href="https://redirect.github.com/lodash/lodash/pull/6157">Diff</a></p> <p>We have also regenerated and published a select number of the <code>lodash.*</code> modular packages.</p> <p>These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:</p> <ul> <li><a href="https://www.npmjs.com/package/lodash.orderby">lodash.orderby</a></li> <li><a href="https://www.npmjs.com/package/lodash.tonumber">lodash.tonumber</a></li> <li><a href="https://www.npmjs.com/package/lodash.trim">lodash.trim</a></li> <li><a href="https://www.npmjs.com/package/lodash.trimend">lodash.trimend</a></li> <li><a href="https://www.npmjs.com/package/lodash.sortedindexby">lodash.sortedindexby</a></li> <li><a href="https://www.npmjs.com/package/lodash.zipobjectdeep">lodash.zipobjectdeep</a></li> <li><a href="https://www.npmjs.com/package/lodash.unset">lodash.unset</a></li> <li><a href="https://www.npmjs.com/package/lodash.omit">lodash.omit</a></li> <li><a href="https://www.npmjs.com/package/lodash.template">lodash.template</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e"><code>cb0b9b9</code></a> release(patch): bump main to 4.18.1 (<a href="https://redirect.github.com/lodash/lodash/issues/6177">#6177</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51"><code>75535f5</code></a> chore: prune stale advisory refs (<a href="https://redirect.github.com/lodash/lodash/issues/6170">#6170</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4"><code>62e91bc</code></a> docs: remove n_ Node.js < 6 REPL note from README (<a href="https://redirect.github.com/lodash/lodash/issues/6165">#6165</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4"><code>59be2de</code></a> release(minor): bump to 4.18.0 (<a href="https://redirect.github.com/lodash/lodash/issues/6161">#6161</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d"><code>af63457</code></a> fix: broken tests for _.template 879aaa9</li> <li><a href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0"><code>1073a76</code></a> fix: linting issues</li> <li><a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6"><code>879aaa9</code></a> fix: validate imports keys in _.template</li> <li><a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b"><code>fe8d32e</code></a> fix: block prototype pollution in baseUnset via constructor/prototype traversal</li> <li><a href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d"><code>18ba0a3</code></a> refactor(fromPairs): use baseAssignValue for consistent assignment (<a href="https://redirect.github.com/lodash/lodash/issues/6153">#6153</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2"><code>b819080</code></a> ci: add dist sync validation workflow (<a href="https://redirect.github.com/lodash/lodash/issues/6137">#6137</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/MichielDean/ScaledTest/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…h 1 update Bumps the npm_and_yarn group with 1 update in the /frontend directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /sdk directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `vite` from 6.4.1 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) Updates `vite` from 7.3.1 to 7.3.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.4.2/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 7.3.2 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Contributor
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/frontend/npm_and_yarn-99564ddc68
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 1 update in the /frontend directory: vite.
Bumps the npm_and_yarn group with 1 update in the /sdk directory: vite.
Updates
vitefrom 6.4.1 to 6.4.2Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
Commits
6b3fad0release: v6.4.2ca4da5dfix: avoid path traversal with optimize deps sourcemap handler (#22161)fe28e47fix: apply server.fs check to env transport (#22159) (#22163)5487f4frelease: v6.4.11114b5dfix(dev): trim trailing slash beforeserver.fs.denycheck (#20968) (#20969)f12697crelease: v6.4.0ca6455efeat: allow passing down resolved config to vite's createServer (#20932)0e173d8release: v6.3.7c59a222fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)3f337c5release: v6.3.6Updates
vitefrom 7.3.1 to 7.3.2Release notes
Sourced from vite's releases.
Changelog
Sourced from vite's changelog.
Commits
6b3fad0release: v6.4.2ca4da5dfix: avoid path traversal with optimize deps sourcemap handler (#22161)fe28e47fix: apply server.fs check to env transport (#22159) (#22163)5487f4frelease: v6.4.11114b5dfix(dev): trim trailing slash beforeserver.fs.denycheck (#20968) (#20969)f12697crelease: v6.4.0ca6455efeat: allow passing down resolved config to vite's createServer (#20932)0e173d8release: v6.3.7c59a222fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (#20940)3f337c5release: v6.3.6Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.