Thomas Heartman
07d11c7a87
Refactor: cleaner project status modal link handling ( #9694 )
...
Removes random booleans, uses more explicit functions.
2025-04-03 12:29:03 +00:00
Jaanus Sellin
9a4eb059e6
feat: strategy selector screen updates ( #9692 )
2025-04-03 14:51:00 +03:00
Thomas Heartman
a02fe7a245
fix: project status modal links don't work ( #9693 )
...
Fixes a bug where project status modal links wouldn't work.
The reason they didn't work is because we modified the query params on
modal close, and because we manually close the modal when you click a
link (because otherwise it'd stay open when you navigated to other
project pages), we inadverdently reset the URL.
I'm not entirely sure why setting the search params would modify the URL
itself, but I'm guessing that's related to the implementation.
One way to solve this is to indicate whether we're closing the modal
because a link was clicked or not, and only modify the query params if
that is not the case.
2025-04-03 13:13:18 +02:00
Mateusz Kwasniewski
605ab54ae2
docs: environment change requests ( #9648 )
2025-04-03 12:25:23 +02:00
Thomas Heartman
3447b03e1c
Fix(1-3564)/hide project owner if system ( #9686 )
...
Hides owner avatars in cases where the owner type is "system". Touches
dashboard and project card owners.
Back when all projects required owners, we introduced the new project
cards that have the owner listed in the footer. Because, theoretically,
you weren’t allowed to create projects without owners, the only project
that should ever be without an owner was the default project. So we
thought it made sense to say that it was owned by the system.
But now that owners are optional, that doesn't necessarily make sense
anymore. As such, we'll just hide their avatars to begin with.
<img width="726" alt="image"
src="https://github.com/user-attachments/assets/950cd909-c891-48f1-9ef7-fd74922a5990 "
/>
<img width="1497" alt="image"
src="https://github.com/user-attachments/assets/f4d213f5-febb-46f8-89f0-899e77652e07 "
/>
Because the components expected the avatars to be there, we now need to
set an explicit min-height on them, so that they don't collapse.
Luckily, we can use the default avatar height (and also force that so
that they change in tandem) and use that in both places.
2025-04-03 10:43:58 +02:00
David Leek
4344c94a90
chore: remove z-index from sticky admin menu as its probably not needed ( #9690 )
2025-04-03 10:24:26 +02:00
David Leek
b9a7c0cda6
feat: command bar admin menu improvements ( #9689 )
2025-04-03 10:23:45 +02:00
Gastón Fournier
6432262be5
chore: change default for release ( #9681 )
...
Co-authored-by: Thomas Heartman <thomas@getunleash.io>
2025-04-02 14:12:09 +00:00
Thomas Heartman
72e71b714d
fix: link to "view more insights" from dashboard goes to status modal ( #9684 )
...
Updates the link from the project dashboard page to take you to the
project status modal instead of the old insights page.
We didn't have a way to auto-open the modal before, so I added a query
param to control it.
2025-04-02 13:57:37 +00:00
Thomas Heartman
130b3869cc
Fix: lifetime API command doesn't update. ( #9685 )
...
Seems the previous value was hardcoded. Now we check the values you set
instead.
2025-04-02 15:35:29 +02:00
Tymoteusz Czech
e436ef29f1
fix: add Project and Playground icons for command bar ( #9677 )
...
Updating `IconRenderer` component in the `NavigationSidebar`. It will fix icons not showing up for command bar search results.
2025-04-02 15:31:55 +02:00
Melinda Fekete
99d1c7f6c3
docs: 6.9 updates ( #9680 )
2025-04-02 15:02:22 +02:00
Jaanus Sellin
89724209cd
feat: new styling for strategy selector ( #9683 )
2025-04-02 14:55:36 +03:00
Thomas Heartman
645b005f29
Fix(1-3553): fix focus styles and tab navigation for segments + constraints ( #9655 )
...
Fixes a few small focus styling and tab navigation issues for the new
segments + constraints.
Before:
The segment acc header was tabbable even though you can't do anything
with it (by mouse or by keyboard)
The focus color would stay even when you're focusing stuff inside the
accordion
Constraint items have focus styles that exceed the accordion borders,
causing a weird squaring effect:
After:
The segment acc header isn't reachable by tab anymore.
The segment acc header doesn't change its background color on elements
inside getting focus:
The constraint item has rounded corners for focus styles too:
2025-04-02 13:37:16 +02:00
Gastón Fournier
bba85dc9b0
chore: fix coverage tests ( #9674 )
...
Coverage has been failing for a while:
https://github.com/Unleash/unleash/actions/workflows/build_coverage.yaml
It looks related to minimatch version:
```
TypeError: /home/runner/work/unleash/unleash/src/lib/util/isDefined.ts: minimatch is not a function
```
Removing `"minimatch": "^10.0.0",` resolution seems to fix it, but it
will likely introduce a security vulnerability error
Works on my machine results:
```shell
Test Suites: 345 passed, 345 total
Tests: 3 skipped, 3119 passed, 3122 total
Snapshots: 110 passed, 110 total
Time: 218.532 s
```
2025-04-02 11:59:47 +02:00
Github Actions Bot
6646ca689f
6.9.0
2025-04-02 09:39:10 +00:00
Github Actions Bot
a112a416e5
docs: Update CHANGELOG.md
2025-04-02 09:38:59 +00:00
Jaanus Sellin
b44ac069ae
feat: new feature strategy menu ( #9678 )
2025-04-02 09:00:34 +00:00
David Leek
18346d1107
feat: admin menu: unleash logo in header - links to dashboard ( #9676 )
2025-04-02 08:34:43 +02:00
Thomas Heartman
f6e786a6c0
Remove caseInsensitiveInOperators flag ( #9670 )
...
The flag has never made it out of dev, and has not been turned on
consistently since 2023. There was a project for it, but we have since
abandoned it.
2025-04-01 14:57:32 +02:00
Tymoteusz Czech
6e947a8ba6
fix: linter rule for hooks ( #9660 )
2025-04-01 14:33:17 +02:00
David Leek
a9490e6fe4
chore: admin menu main layout tweaks ( #9671 )
2025-04-01 14:16:26 +02:00
Gastón Fournier
1bef63ff10
chore: upgrade date-fns in package.json ( #9673 )
...
This is the latest minor release available
2025-04-01 14:13:53 +02:00
Fredrik Strand Oseberg
7545f5af60
refactor: change colors ( #9672 )
...
This PR fixes incorrect colors chosen from the theme. It now matches the
figma files.
2025-04-01 13:24:40 +02:00
Fredrik Strand Oseberg
c75779e677
refactor: colorpicker ( #9668 )
...
This PR refactors the color picker so we stick to one set of colors
instead of changing available colors when theme changes. Colors picked
also work in dark theme and is aligned with UX.
2025-04-01 12:32:13 +02:00
David Leek
c21ed3ed5e
chore: add flags to control network route links from menu ( #9667 )
2025-04-01 11:18:32 +02:00
renovate[bot]
097c83edfb
chore(deps): update dependency vite to v5.4.16 [security] ( #9666 )
...
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vite.dev )
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite ))
| [`5.4.15` ->
`5.4.16`](https://renovatebot.com/diffs/npm/vite/5.4.15/5.4.16 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
### GitHub Vulnerability Alerts
####
[CVE-2025-31125](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8 )
### Summary
The contents of arbitrary files can be returned to the browser.
### Impact
Only apps explicitly exposing the Vite dev server to the network (using
`--host` or [`server.host` config
option](https://vitejs.dev/config/server-options.html#server-host )) are
affected.
### Details
- base64 encoded content of non-allowed files is exposed using
`?inline&import` (originally reported as `?import&?inline=1.wasm?init`)
- content of non-allowed files is exposed using `?raw?import`
`/@​fs/` isn't needed to reproduce the issue for files inside the
project root.
### PoC
Original report (check details above for simplified cases):
The ?import&?inline=1.wasm?init ending allows attackers to read
arbitrary files and returns the file content if it exists. Base64
decoding needs to be performed twice
```
$ npm create vite@latest
$ cd vite-project/
$ npm install
$ npm run dev
```
Example full URL
`http://localhost:5173/@​fs/C:/windows/win.ini?import&?inline=1.wasm?init `
---
### Release Notes
<details>
<summary>vitejs/vite (vite)</summary>
###
[`v5.4.16`](https://redirect.github.com/vitejs/vite/compare/v5.4.15...v5.4.16 )
[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v5.4.15...v5.4.16 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/Unleash/unleash ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-04-01 09:01:45 +00:00
Gastón Fournier
096e466148
chore: bump slack dependency ( #9664 )
2025-04-01 08:56:02 +00:00
David Leek
f7dbfe1162
chore: admin menu enterprise badge ( #9656 )
2025-04-01 09:13:40 +02:00
renovate[bot]
98a0fba1cb
chore(deps): update dependency vite to v5.4.15 [security] ( #9663 )
...
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vite.dev )
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite ))
| [`5.4.14` ->
`5.4.15`](https://renovatebot.com/diffs/npm/vite/5.4.14/5.4.15 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
### GitHub Vulnerability Alerts
####
[CVE-2025-30208](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w )
### Summary
The contents of arbitrary files can be returned to the browser.
### Impact
Only apps explicitly exposing the Vite dev server to the network (using
`--host` or [`server.host` config
option](https://vitejs.dev/config/server-options.html#server-host )) are
affected.
### Details
`@fs` denies access to files outside of Vite serving allow list. Adding
`?raw??` or `?import&raw??` to the URL bypasses this limitation and
returns the file content if it exists. This bypass exists because
trailing separators such as `?` are removed in several places, but are
not accounted for in query string regexes.
### PoC
```bash
$ npm create vite@latest
$ cd vite-project/
$ npm install
$ npm run dev
$ echo "top secret content" > /tmp/secret.txt
# expected behaviour
$ curl "http://localhost:5173/@​fs/tmp/secret.txt "
<body>
<h1>403 Restricted</h1>
<p>The request url "/tmp/secret.txt" is outside of Vite serving allow list.
# security bypassed
$ curl "http://localhost:5173/@​fs/tmp/secret.txt?import&raw ??"
export default "top secret content\n"
//# sourceMappingURL=data:application/json;base64,eyJ2...
```
---
### Release Notes
<details>
<summary>vitejs/vite (vite)</summary>
###
[`v5.4.15`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.15 )
[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v5.4.14...v5.4.15 )
Please refer to
[CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.15/packages/vite/CHANGELOG.md )
for details.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/Unleash/unleash ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-31 16:20:38 +00:00
renovate[bot]
be41869568
fix(deps): update dependency @slack/web-api to v7.9.1 ( #9661 )
...
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@slack/web-api](https://tools.slack.dev/node-slack-sdk/web-api )
([source](https://redirect.github.com/slackapi/node-slack-sdk )) |
[`7.9.0` ->
`7.9.1`](https://renovatebot.com/diffs/npm/@slack%2fweb-api/7.9.0/7.9.1 )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
---
### Release Notes
<details>
<summary>slackapi/node-slack-sdk (@​slack/web-api)</summary>
###
[`v7.9.1`](https://redirect.github.com/slackapi/node-slack-sdk/releases/tag/%40slack/web-api%407.9.1 )
[Compare
Source](https://redirect.github.com/slackapi/node-slack-sdk/compare/@slack/web-api@7.9.0...@slack/web-api@7.9.1 )
#### What's Changed
This release fixes a bug where setting
[`allowAbsoluteUrls`](https://tools.slack.dev/node-slack-sdk/reference/web-api/interfaces/WebClientOptions/#allowabsoluteurls )
to **false** caused the
[`filesUploadV2`](https://tools.slack.dev/node-slack-sdk/web-api/#upload-a-file )
method to error when uploading files. Files can now be uploaded with
`allowAbsoluteUrls` set to **false**.
##### Bug fixes 🐛
- fix(web-api): complete file upload v2 calls if absolute urls are not
allowed in
[https://github.com/slackapi/node-slack-sdk/pull/2196 ](https://redirect.github.com/slackapi/node-slack-sdk/pull/2196 )
- Thanks [@​zimeg](https://redirect.github.com/zimeg )!
##### Maintenance 🧰
- test(web-api): use channel_id instead of channels with files upload v2
in
[https://github.com/slackapi/node-slack-sdk/pull/2197 ](https://redirect.github.com/slackapi/node-slack-sdk/pull/2197 )
- Thanks [@​zimeg](https://redirect.github.com/zimeg )!
**Full Changelog**:
https://github.com/slackapi/node-slack-sdk/compare/[@​slack/web-api](https://redirect.github.com/slack/web-api)[@​7](https://redirect.github.com/7).9.0...[@​slack/web-api](https://redirect.github.com/slack/web-api)[@​7](https://redirect.github.com/7).9.1
**Milestone**: https://github.com/slackapi/node-slack-sdk/milestone/142
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am
every weekday" in timezone Europe/Madrid, Automerge - At any time (no
schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/Unleash/unleash ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-31 16:09:46 +00:00
Gastón Fournier
d11f39e401
chore: expose custom strategy metrics in prometheus ( #9657 )
...
## About the changes
These metrics are sent to version info but not exposed in prometheus and
they can provide valuable data about their usage
2025-03-31 16:02:50 +02:00
Gastón Fournier
ef1b6ec227
chore: decrease ui observability to warn ( #9658 )
...
These errors are not acted upon and is not something we can act on.
Reducing it's level to WARN following
https://github.com/Unleash/unleash/blob/main/website/docs/contributing/ADRs/overarching/logging-levels.md
2025-03-31 16:02:28 +02:00
Thomas Heartman
89f63285a0
Fix: Move hooks to before we bail if the flag is off. ( #9659 )
...
This fixes the a react crash when we render more/fewer hooks than on the
previous render if the flag state changes.
2025-03-31 13:59:09 +00:00
Gastón Fournier
eae7535bfc
feat: remove access overview flag making it GA ready ( #9654 )
...
This is exposing information we already have about permissions in a UI
that should help users have an overview of the permissions of a user
with regards to projects and environments
2025-03-31 14:33:38 +02:00
Tymoteusz Czech
ce230ba96b
Fix: separate segment and constraint accordions ( #9652 )
...
Segment accordion should not share state with constraint accordions inside
2025-03-31 12:11:34 +00:00
Mateusz Kwasniewski
3ced6a3780
refactor: environments in feature directory ( #9650 )
2025-03-31 13:58:37 +02:00
Mateusz Kwasniewski
1f1b00c38f
chore: fixing typo pre-defined ( #9651 )
2025-03-31 13:58:22 +02:00
Fredrik Strand Oseberg
aa6c422165
Feat/tag type frontend display ( #9630 )
...
Add frontend for displaying tag colors
2025-03-31 11:55:49 +02:00
Mateusz Kwasniewski
9de0e7435b
feat: enforce env change request on project create ( #9646 )
2025-03-31 09:29:20 +02:00
David Leek
5a55181561
feat: show only link to /admin in mobile menu ( #9647 )
2025-03-31 08:37:15 +02:00
Jaanus Sellin
b55732d719
fix: tooltips not working after base element is also clicked ( #9629 )
2025-03-31 08:59:08 +03:00
Thomas Heartman
398246c3ec
Chore/remove badges from tab order ( #9643 )
...
Makes badges not tabbable by default instead of tabbable by default.
Turns out, badges aren't tabbable by default and they never were until I
made them as much (for some reason that I don't quite understand now).
Anyway, I've gone through the list of uses for the Badge element and
made any element that should be reachable by tab either have an explicit
tab index (if it's within a tooltip, for instance), or be wrapped in a
Link (instead of having an on-click handler). The two places I've
wrapped it in a link, I've also gone and changed the item group to be a
list (for HTML semantics). I've also updated some spacing for the
profile tab.
Application list (one is before, one is after. don't remember which is
which; it's now a list):
Profile page (now a list + improved spacing)
Before:
After:
2025-03-28 15:05:32 +00:00
Thomas Heartman
fc0383620b
fix: focus styles for env headers ( #9635 )
...
Adds focus styles to the env accordion header only when the focus is on
the header itself (not on the env toggle inside the header). The focus
style is consistent with what we do for other accordions (dashboard,
milestones).
Middle one is focused:
Focus is on the toggle inside the top one (yeh, we should have better
focus styles for toggles; but that's not for now):
Open and focused:
Getting the consistent background for the header when it's open is a
little tricky because the accordion container and summary are split into
different files. ~~This first iteration used a class name for the
specific header (because envs can have multiple accordion headers inside
them, e.g. release plans) and setting a CSS variable in the summary, so
that the background matches.~~ I found out that I only need to set it in
the parent anyway 😄
Without it, you get this (notice that there is a little white outside
the lower corners):
2025-03-28 15:59:25 +01:00
Christopher Kolstad
14c8b97441
task: added a hook for cleanly deciding new or old admin menu ( #9645 )
2025-03-28 14:45:09 +01:00
David Leek
5da9f75014
chore: fix weird alignment issue with main content and admin menu ( #9636 )
2025-03-28 13:22:13 +01:00
Tymoteusz Czech
db1ec7ffa6
fix: feedback button ( #9644 )
...
Fix alignment of "add strategy" & "add template" buttons
---------
Co-authored-by: Simon Hornby <sighphyre@users.noreply.github.com>
2025-03-28 11:48:24 +00:00
Melinda Fekete
2d3d6aa38a
Docs for release management ( #9555 )
2025-03-28 10:42:39 +01:00
Simon Hornby
8793d9e632
chore: swap release template instruction svgs for pngs ( #9642 )
2025-03-28 10:47:36 +02:00
David Leek
78dfbde007
fix: Back to Unleash onClick+useNavigate instead of href ( #9641 )
2025-03-28 09:34:48 +01:00
