Christopher Kolstad
f20ea86c61
feat: added network traffic bundle ( #9691 )
2025-04-03 14:37:07 +02:00
Thomas Heartman
07d11c7a87
Refactor: cleaner project status modal link handling ( #9694 )
...
Removes random booleans, uses more explicit functions.
2025-04-03 12:29:03 +00:00
Jaanus Sellin
9a4eb059e6
feat: strategy selector screen updates ( #9692 )
2025-04-03 14:51:00 +03:00
Thomas Heartman
a02fe7a245
fix: project status modal links don't work ( #9693 )
...
Fixes a bug where project status modal links wouldn't work.
The reason they didn't work is because we modified the query params on
modal close, and because we manually close the modal when you click a
link (because otherwise it'd stay open when you navigated to other
project pages), we inadverdently reset the URL.
I'm not entirely sure why setting the search params would modify the URL
itself, but I'm guessing that's related to the implementation.
One way to solve this is to indicate whether we're closing the modal
because a link was clicked or not, and only modify the query params if
that is not the case.
2025-04-03 13:13:18 +02:00
Thomas Heartman
3447b03e1c
Fix(1-3564)/hide project owner if system ( #9686 )
...
Hides owner avatars in cases where the owner type is "system". Touches
dashboard and project card owners.
Back when all projects required owners, we introduced the new project
cards that have the owner listed in the footer. Because, theoretically,
you weren’t allowed to create projects without owners, the only project
that should ever be without an owner was the default project. So we
thought it made sense to say that it was owned by the system.
But now that owners are optional, that doesn't necessarily make sense
anymore. As such, we'll just hide their avatars to begin with.
<img width="726" alt="image"
src="https://github.com/user-attachments/assets/950cd909-c891-48f1-9ef7-fd74922a5990 "
/>
<img width="1497" alt="image"
src="https://github.com/user-attachments/assets/f4d213f5-febb-46f8-89f0-899e77652e07 "
/>
Because the components expected the avatars to be there, we now need to
set an explicit min-height on them, so that they don't collapse.
Luckily, we can use the default avatar height (and also force that so
that they change in tandem) and use that in both places.
2025-04-03 10:43:58 +02:00
David Leek
4344c94a90
chore: remove z-index from sticky admin menu as its probably not needed ( #9690 )
2025-04-03 10:24:26 +02:00
David Leek
b9a7c0cda6
feat: command bar admin menu improvements ( #9689 )
2025-04-03 10:23:45 +02:00
Thomas Heartman
72e71b714d
fix: link to "view more insights" from dashboard goes to status modal ( #9684 )
...
Updates the link from the project dashboard page to take you to the
project status modal instead of the old insights page.
We didn't have a way to auto-open the modal before, so I added a query
param to control it.
2025-04-02 13:57:37 +00:00
Thomas Heartman
130b3869cc
Fix: lifetime API command doesn't update. ( #9685 )
...
Seems the previous value was hardcoded. Now we check the values you set
instead.
2025-04-02 15:35:29 +02:00
Tymoteusz Czech
e436ef29f1
fix: add Project and Playground icons for command bar ( #9677 )
...
Updating `IconRenderer` component in the `NavigationSidebar`. It will fix icons not showing up for command bar search results.
2025-04-02 15:31:55 +02:00
Jaanus Sellin
89724209cd
feat: new styling for strategy selector ( #9683 )
2025-04-02 14:55:36 +03:00
Thomas Heartman
645b005f29
Fix(1-3553): fix focus styles and tab navigation for segments + constraints ( #9655 )
...
Fixes a few small focus styling and tab navigation issues for the new
segments + constraints.
Before:
The segment acc header was tabbable even though you can't do anything
with it (by mouse or by keyboard)
The focus color would stay even when you're focusing stuff inside the
accordion
Constraint items have focus styles that exceed the accordion borders,
causing a weird squaring effect:
After:
The segment acc header isn't reachable by tab anymore.
The segment acc header doesn't change its background color on elements
inside getting focus:
The constraint item has rounded corners for focus styles too:
2025-04-02 13:37:16 +02:00
Jaanus Sellin
b44ac069ae
feat: new feature strategy menu ( #9678 )
2025-04-02 09:00:34 +00:00
David Leek
18346d1107
feat: admin menu: unleash logo in header - links to dashboard ( #9676 )
2025-04-02 08:34:43 +02:00
Thomas Heartman
f6e786a6c0
Remove caseInsensitiveInOperators flag ( #9670 )
...
The flag has never made it out of dev, and has not been turned on
consistently since 2023. There was a project for it, but we have since
abandoned it.
2025-04-01 14:57:32 +02:00
Tymoteusz Czech
6e947a8ba6
fix: linter rule for hooks ( #9660 )
2025-04-01 14:33:17 +02:00
David Leek
a9490e6fe4
chore: admin menu main layout tweaks ( #9671 )
2025-04-01 14:16:26 +02:00
Fredrik Strand Oseberg
7545f5af60
refactor: change colors ( #9672 )
...
This PR fixes incorrect colors chosen from the theme. It now matches the
figma files.
2025-04-01 13:24:40 +02:00
Fredrik Strand Oseberg
c75779e677
refactor: colorpicker ( #9668 )
...
This PR refactors the color picker so we stick to one set of colors
instead of changing available colors when theme changes. Colors picked
also work in dark theme and is aligned with UX.
2025-04-01 12:32:13 +02:00
David Leek
c21ed3ed5e
chore: add flags to control network route links from menu ( #9667 )
2025-04-01 11:18:32 +02:00
renovate[bot]
097c83edfb
chore(deps): update dependency vite to v5.4.16 [security] ( #9666 )
...
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vite.dev )
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite ))
| [`5.4.15` ->
`5.4.16`](https://renovatebot.com/diffs/npm/vite/5.4.15/5.4.16 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
### GitHub Vulnerability Alerts
####
[CVE-2025-31125](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8 )
### Summary
The contents of arbitrary files can be returned to the browser.
### Impact
Only apps explicitly exposing the Vite dev server to the network (using
`--host` or [`server.host` config
option](https://vitejs.dev/config/server-options.html#server-host )) are
affected.
### Details
- base64 encoded content of non-allowed files is exposed using
`?inline&import` (originally reported as `?import&?inline=1.wasm?init`)
- content of non-allowed files is exposed using `?raw?import`
`/@​fs/` isn't needed to reproduce the issue for files inside the
project root.
### PoC
Original report (check details above for simplified cases):
The ?import&?inline=1.wasm?init ending allows attackers to read
arbitrary files and returns the file content if it exists. Base64
decoding needs to be performed twice
```
$ npm create vite@latest
$ cd vite-project/
$ npm install
$ npm run dev
```
Example full URL
`http://localhost:5173/@​fs/C:/windows/win.ini?import&?inline=1.wasm?init `
---
### Release Notes
<details>
<summary>vitejs/vite (vite)</summary>
###
[`v5.4.16`](https://redirect.github.com/vitejs/vite/compare/v5.4.15...v5.4.16 )
[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v5.4.15...v5.4.16 )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/Unleash/unleash ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-04-01 09:01:45 +00:00
David Leek
f7dbfe1162
chore: admin menu enterprise badge ( #9656 )
2025-04-01 09:13:40 +02:00
renovate[bot]
98a0fba1cb
chore(deps): update dependency vite to v5.4.15 [security] ( #9663 )
...
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vite.dev )
([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite ))
| [`5.4.14` ->
`5.4.15`](https://renovatebot.com/diffs/npm/vite/5.4.14/5.4.15 ) |
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
[](https://docs.renovatebot.com/merge-confidence/ )
|
### GitHub Vulnerability Alerts
####
[CVE-2025-30208](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w )
### Summary
The contents of arbitrary files can be returned to the browser.
### Impact
Only apps explicitly exposing the Vite dev server to the network (using
`--host` or [`server.host` config
option](https://vitejs.dev/config/server-options.html#server-host )) are
affected.
### Details
`@fs` denies access to files outside of Vite serving allow list. Adding
`?raw??` or `?import&raw??` to the URL bypasses this limitation and
returns the file content if it exists. This bypass exists because
trailing separators such as `?` are removed in several places, but are
not accounted for in query string regexes.
### PoC
```bash
$ npm create vite@latest
$ cd vite-project/
$ npm install
$ npm run dev
$ echo "top secret content" > /tmp/secret.txt
# expected behaviour
$ curl "http://localhost:5173/@​fs/tmp/secret.txt "
<body>
<h1>403 Restricted</h1>
<p>The request url "/tmp/secret.txt" is outside of Vite serving allow list.
# security bypassed
$ curl "http://localhost:5173/@​fs/tmp/secret.txt?import&raw ??"
export default "top secret content\n"
//# sourceMappingURL=data:application/json;base64,eyJ2...
```
---
### Release Notes
<details>
<summary>vitejs/vite (vite)</summary>
###
[`v5.4.15`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.15 )
[Compare
Source](https://redirect.github.com/vitejs/vite/compare/v5.4.14...v5.4.15 )
Please refer to
[CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.15/packages/vite/CHANGELOG.md )
for details.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/Unleash/unleash ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-31 16:20:38 +00:00
Thomas Heartman
89f63285a0
Fix: Move hooks to before we bail if the flag is off. ( #9659 )
...
This fixes the a react crash when we render more/fewer hooks than on the
previous render if the flag state changes.
2025-03-31 13:59:09 +00:00
Gastón Fournier
eae7535bfc
feat: remove access overview flag making it GA ready ( #9654 )
...
This is exposing information we already have about permissions in a UI
that should help users have an overview of the permissions of a user
with regards to projects and environments
2025-03-31 14:33:38 +02:00
Tymoteusz Czech
ce230ba96b
Fix: separate segment and constraint accordions ( #9652 )
...
Segment accordion should not share state with constraint accordions inside
2025-03-31 12:11:34 +00:00
Mateusz Kwasniewski
1f1b00c38f
chore: fixing typo pre-defined ( #9651 )
2025-03-31 13:58:22 +02:00
Fredrik Strand Oseberg
aa6c422165
Feat/tag type frontend display ( #9630 )
...
Add frontend for displaying tag colors
2025-03-31 11:55:49 +02:00
David Leek
5a55181561
feat: show only link to /admin in mobile menu ( #9647 )
2025-03-31 08:37:15 +02:00
Jaanus Sellin
b55732d719
fix: tooltips not working after base element is also clicked ( #9629 )
2025-03-31 08:59:08 +03:00
Thomas Heartman
398246c3ec
Chore/remove badges from tab order ( #9643 )
...
Makes badges not tabbable by default instead of tabbable by default.
Turns out, badges aren't tabbable by default and they never were until I
made them as much (for some reason that I don't quite understand now).
Anyway, I've gone through the list of uses for the Badge element and
made any element that should be reachable by tab either have an explicit
tab index (if it's within a tooltip, for instance), or be wrapped in a
Link (instead of having an on-click handler). The two places I've
wrapped it in a link, I've also gone and changed the item group to be a
list (for HTML semantics). I've also updated some spacing for the
profile tab.
Application list (one is before, one is after. don't remember which is
which; it's now a list):
Profile page (now a list + improved spacing)
Before:
After:
2025-03-28 15:05:32 +00:00
Thomas Heartman
fc0383620b
fix: focus styles for env headers ( #9635 )
...
Adds focus styles to the env accordion header only when the focus is on
the header itself (not on the env toggle inside the header). The focus
style is consistent with what we do for other accordions (dashboard,
milestones).
Middle one is focused:
Focus is on the toggle inside the top one (yeh, we should have better
focus styles for toggles; but that's not for now):
Open and focused:
Getting the consistent background for the header when it's open is a
little tricky because the accordion container and summary are split into
different files. ~~This first iteration used a class name for the
specific header (because envs can have multiple accordion headers inside
them, e.g. release plans) and setting a CSS variable in the summary, so
that the background matches.~~ I found out that I only need to set it in
the parent anyway 😄
Without it, you get this (notice that there is a little white outside
the lower corners):
2025-03-28 15:59:25 +01:00
Christopher Kolstad
14c8b97441
task: added a hook for cleanly deciding new or old admin menu ( #9645 )
2025-03-28 14:45:09 +01:00
David Leek
5da9f75014
chore: fix weird alignment issue with main content and admin menu ( #9636 )
2025-03-28 13:22:13 +01:00
Tymoteusz Czech
db1ec7ffa6
fix: feedback button ( #9644 )
...
Fix alignment of "add strategy" & "add template" buttons
---------
Co-authored-by: Simon Hornby <sighphyre@users.noreply.github.com>
2025-03-28 11:48:24 +00:00
Simon Hornby
8793d9e632
chore: swap release template instruction svgs for pngs ( #9642 )
2025-03-28 10:47:36 +02:00
David Leek
78dfbde007
fix: Back to Unleash onClick+useNavigate instead of href ( #9641 )
2025-03-28 09:34:48 +01:00
David Leek
39755c7f19
fix: useLocation instead of browser location for resolving pathname ( #9640 )
2025-03-28 08:54:21 +01:00
Simon Hornby
7f98709730
fix: fixes an issue where the new feedback button on the config strategy pane ( #9638 )
2025-03-27 16:43:14 +01:00
Mateusz Kwasniewski
f97924eb36
feat: enforce change request settings in create project dialog ( #9637 )
2025-03-27 16:15:09 +01:00
Simon Hornby
e53e2ca0c7
chore: ux feedback on release templates ( #9634 )
...
Makes two small changes to the release template UI based on walkthrough
feedback with UX
1) The how-to descriptions for creating release plans won't get hidden
when the user has created release plans. We think too much is better
than too little. At a later point we'll push users to documentation more
aggressively
2) The warning for when the user taps the "Use template" button now has
a line break to give it some breathing room and will render anchored to
the bottom left of the originating button rather than covering it
2025-03-27 16:31:47 +02:00
Simon Hornby
b5e52a6160
chore: feedback link on feature strategy ( #9633 )
...
Adds a new link on the feature strategy that points to the feedback link
(pops out new window, only renders if release plans are enabled)
---------
Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2025-03-27 15:19:14 +02:00
Mateusz Kwasniewski
53a4f61260
feat: enabled change requests reacting to available environments ( #9631 )
2025-03-27 13:46:29 +01:00
Tymoteusz Czech
cf053470e5
feat: improve constraints item on small screens ( #9609 )
...
Fixing constraint operator item, items alignment and padding for better presentation on mobile devices.
2025-03-27 13:33:25 +01:00
David Leek
f7c04cc2cb
feat: admin menu for mobile ( #9626 )
2025-03-27 13:28:44 +01:00
Mateusz Kwasniewski
6b793677b9
feat: preselect change request settings in create project ( #9625 )
2025-03-27 12:17:21 +01:00
Mateusz Kwasniewski
cc0348beba
feat: show environments with change requests ( #9628 )
2025-03-27 12:16:04 +01:00
Simon Hornby
47c6f43865
chore: add some getting started info and images when you have no release plans ( #9627 )
2025-03-27 12:58:56 +02:00
Thomas Heartman
138e93c41a
chore: drag-n-drop tooltip for strategies ( #9623 )
...
Implements the drag-n-drop tooltip the first time the user sees a
strategy drag handle on the feature env overview. It uses React Joyride,
which is the same system we use for the demo.
The design is a little different from the sketches because I couldn't
find a quick way to move the content (and the arrow) to be shifted
correctly.
If the demo is also active the first time a user visits a strategy page,
it'll render both the demo steps and this, but this tooltip doesn't
prevent the user from finishing the tour. It might be possible to avoid
that through checking state in localstorage, but I'd like to get this
approved first.
The tooltip uses the auth splash system to decide whether to show the
tooltip, meaning it's stored per user in the DB. To avoid it
re-rendering before you refetch from the back end, we also use a
temporary variable to check whether the user has closed it.
Rendered:
If the tour is also active:
2025-03-27 11:16:37 +01:00
Simon Hornby
6aae9be19c
chore: add a message stating no templates when there aren't any ( #9624 )
2025-03-27 11:34:45 +02:00
