From 4412c3ab63837d696b1dee2fb11da0b21d511cfe Mon Sep 17 00:00:00 2001 From: Dmitry Lavrinovich <52966626+dmlvr@users.noreply.github.com> Date: Fri, 15 May 2026 16:53:17 +0300 Subject: [PATCH 1/2] Security: Update Node version (#33524) Co-authored-by: Andrei Kharitonov --- .github/actions/run-qunit-tests/action.yml | 5 + .github/renovate.json | 3 +- .github/workflows/build_all.yml | 7 +- .github/workflows/codeql.yml | 2 +- .github/workflows/default_workflow.yml | 2 +- .github/workflows/demos_unit_tests.yml | 2 +- .github/workflows/demos_visual_tests.yml | 238 +++++++++++++++++- .github/workflows/lint.yml | 11 +- .github/workflows/packages_publishing.yml | 4 +- .github/workflows/playgrounds_tests.yml | 4 +- .github/workflows/publish-demos.yml | 6 +- .github/workflows/qunit_tests.yml | 2 +- .github/workflows/renovation.yml | 2 +- .../workflows/run-testcafe-on-gh-pages.yml | 2 +- .github/workflows/styles.yml | 2 +- .github/workflows/testcafe_tests.yml | 10 +- .github/workflows/themebuilder_tests.yml | 2 +- .github/workflows/ts_declarations.yml | 4 +- .github/workflows/update_version.yml | 2 +- .github/workflows/wrapper_tests.yml | 6 +- .github/workflows/wrapper_tests_e2e.yml | 4 +- .mise.toml | 7 + .node-version | 1 + .npmrc | 3 +- .tool-versions | 2 +- package.json | 5 +- 26 files changed, 291 insertions(+), 47 deletions(-) create mode 100644 .mise.toml create mode 100644 .node-version diff --git a/.github/actions/run-qunit-tests/action.yml b/.github/actions/run-qunit-tests/action.yml index 2a061a2ff5c5..96050c4562fc 100644 --- a/.github/actions/run-qunit-tests/action.yml +++ b/.github/actions/run-qunit-tests/action.yml @@ -52,6 +52,11 @@ runs: rm -rf artifacts/npm 7z x artifacts.zip + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' + - uses: pnpm/action-setup@v4 with: run_install: false diff --git a/.github/renovate.json b/.github/renovate.json index 581dcc8925bf..947a7e28d77a 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,6 +1,7 @@ { "extends": [ - "config:js-lib" + "config:js-lib", + "github>DevExpress/devextreme-renovate-config" ], "prConcurrentLimit": 2, "semanticCommits": "enabled", diff --git a/.github/workflows/build_all.yml b/.github/workflows/build_all.yml index 940c8342c28a..4b9531c9105c 100644 --- a/.github/workflows/build_all.yml +++ b/.github/workflows/build_all.yml @@ -25,7 +25,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -84,6 +84,11 @@ jobs: - name: Get sources uses: actions/checkout@v4 + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' + - uses: pnpm/action-setup@v4 with: run_install: false diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e5d8440a4f80..bfae150e4d55 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -19,7 +19,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/default_workflow.yml b/.github/workflows/default_workflow.yml index 170fefe6496b..497173a38002 100644 --- a/.github/workflows/default_workflow.yml +++ b/.github/workflows/default_workflow.yml @@ -28,7 +28,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/demos_unit_tests.yml b/.github/workflows/demos_unit_tests.yml index fd48549faac0..455bf1d520cf 100644 --- a/.github/workflows/demos_unit_tests.yml +++ b/.github/workflows/demos_unit_tests.yml @@ -41,7 +41,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/demos_visual_tests.yml b/.github/workflows/demos_visual_tests.yml index 78f5a06820f2..75631e5a02bf 100644 --- a/.github/workflows/demos_visual_tests.yml +++ b/.github/workflows/demos_visual_tests.yml @@ -118,7 +118,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -207,7 +207,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 @@ -284,7 +284,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -354,7 +354,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -445,7 +445,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 @@ -536,7 +536,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 @@ -636,7 +636,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -801,7 +801,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 @@ -864,6 +864,8 @@ jobs: run: | if [[ "${{ matrix.CONSTEL }}" == react* ]]; then echo "concurrency=4" >> $GITHUB_OUTPUT + elif [[ "${{ matrix.CONSTEL }}" == vue* ]]; then + echo "concurrency=1" >> $GITHUB_OUTPUT elif [[ "${{ matrix.CONSTEL }}" == angular* ]]; then echo "concurrency=2" >> $GITHUB_OUTPUT else @@ -930,7 +932,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 @@ -1078,3 +1080,221 @@ jobs: pattern: accessibility-reports-* delete-merged: true + csp-check-jquery: + name: CSP check (jQuery) + needs: [check-should-run, build-devextreme] + if: | + always() && + needs.check-should-run.outputs.should-run == 'true' && + needs.build-devextreme.result == 'success' + runs-on: devextreme-shr2 + timeout-minutes: 60 + + steps: + - name: Get sources + uses: actions/checkout@v4 + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: devextreme-artifacts-jquery + path: ./packages/devextreme + + - name: Unpack artifacts + working-directory: ./packages/devextreme + run: 7z x artifacts.zip -aoa + + - name: Setup Chrome + uses: ./.github/actions/setup-chrome + with: + chrome-version: '145.0.7632.67' + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' + + - uses: pnpm/action-setup@v4 + with: + run_install: false + + - name: Get pnpm store directory + shell: bash + run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - uses: actions/cache/restore@v4 + name: Restore pnpm cache + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-cache + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Start CSP Server + run: node apps/demos/utils/server/csp-server.js 8080 & + + - name: Run CSP Check + working-directory: apps/demos + env: + CSP_FRAMEWORKS: jQuery + CHROME_PATH: google-chrome-stable + run: node utils/server/csp-check.js + + - name: Upload CSP report + if: always() + uses: actions/upload-artifact@v4 + with: + name: csp-violations-jquery + path: apps/demos/csp-reports/ + if-no-files-found: ignore + + csp-check-frameworks: + name: CSP check (${{ matrix.FRAMEWORK }}) + needs: [check-should-run, determine-framework-tests-scope, build-devextreme] + if: | + always() && + needs.check-should-run.outputs.should-run == 'true' && + needs.determine-framework-tests-scope.result == 'success' && + needs.determine-framework-tests-scope.outputs.framework-tests-scope != 'none' && + needs.build-devextreme.result == 'success' + strategy: + fail-fast: false + matrix: + FRAMEWORK: [React, Vue, Angular] + runs-on: devextreme-shr2 + timeout-minutes: 60 + + steps: + - name: Get sources + uses: actions/checkout@v4 + + - name: Download devextreme sources + uses: actions/download-artifact@v4 + with: + name: devextreme-sources + + - name: Setup Chrome + uses: ./.github/actions/setup-chrome + with: + chrome-version: '145.0.7632.67' + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' + + - uses: pnpm/action-setup@v4 + with: + run_install: false + + - name: Get pnpm store directory + shell: bash + run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - uses: actions/cache/restore@v4 + name: Restore pnpm cache + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-cache + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Install tgz + working-directory: apps/demos + run: pnpm add ../../devextreme-installer.tgz ../../devextreme-dist-installer.tgz ../../devextreme-react-installer.tgz ../../devextreme-vue-installer.tgz ../../devextreme-angular-installer.tgz + + - name: Start CSP Server + run: node apps/demos/utils/server/csp-server.js 8080 & + + - name: Run CSP Check + working-directory: apps/demos + env: + CSP_FRAMEWORKS: ${{ matrix.FRAMEWORK }} + CHROME_PATH: google-chrome-stable + run: node utils/server/csp-check.js + + - name: Upload CSP report + if: always() + uses: actions/upload-artifact@v4 + with: + name: csp-violations-${{ matrix.FRAMEWORK }} + path: apps/demos/csp-reports/ + if-no-files-found: ignore + + csp-report-summary: + name: CSP Violations Summary + runs-on: devextreme-shr2 + needs: [check-should-run, csp-check-jquery, csp-check-frameworks] + if: always() && needs.check-should-run.outputs.should-run == 'true' + timeout-minutes: 5 + + steps: + - name: Get sources + uses: actions/checkout@v4 + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' + + - name: Download all CSP reports + uses: actions/download-artifact@v4 + with: + pattern: csp-violations-* + path: csp-reports-all + merge-multiple: true + continue-on-error: true + + - name: Summarize CSP violations + run: | + mkdir -p apps/demos/csp-reports + + echo "## CSP Violations Report" >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + + GRAND_TOTAL=0 + for report in csp-reports-all/csp-violations-*.jsonl; do + [ -f "$report" ] || continue + FRAMEWORK=$(basename "$report" | sed 's/csp-violations-//;s/\.jsonl//') + cp "$report" "apps/demos/csp-reports/" + + if [ -s "$report" ]; then + COUNT=$(wc -l < "$report" | tr -d ' ') + GRAND_TOTAL=$((GRAND_TOTAL + COUNT)) + echo "### ⚠️ ${FRAMEWORK}: ${COUNT} violation(s)" >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + echo '
' >> $GITHUB_STEP_SUMMARY + echo 'Show detailed report' >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + CSP_REPORT_FILE="$report" node apps/demos/utils/server/csp-report-summary.js >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + echo '
' >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + else + echo "### ✅ ${FRAMEWORK}: No violations" >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + fi + done + + if [ "$GRAND_TOTAL" -eq 0 ]; then + echo "✅ No CSP violations detected across all frameworks." + else + echo "⚠️ Total: $GRAND_TOTAL CSP violation(s)" + fi + + - name: Upload merged CSP reports + if: always() + uses: actions/upload-artifact@v4 + with: + name: csp-violations-report + path: apps/demos/csp-reports/ + if-no-files-found: ignore + diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 496a9e3dcd11..f0dd2e054374 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -25,7 +25,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -55,6 +55,7 @@ jobs: - name: Lint TS working-directory: ./packages/devextreme env: + NODE_OPTIONS: --max-old-space-size=4096 DEBUG: eslint:cli-engine run: pnpm exec nx lint-ts @@ -80,7 +81,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -123,7 +124,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -160,7 +161,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -208,7 +209,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/packages_publishing.yml b/.github/workflows/packages_publishing.yml index 72518095075e..d23ce3b149e1 100644 --- a/.github/workflows/packages_publishing.yml +++ b/.github/workflows/packages_publishing.yml @@ -36,7 +36,7 @@ jobs: - name: Set up nodejs uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -135,7 +135,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/playgrounds_tests.yml b/.github/workflows/playgrounds_tests.yml index 7578242c46ca..c75ac777b35f 100644 --- a/.github/workflows/playgrounds_tests.yml +++ b/.github/workflows/playgrounds_tests.yml @@ -30,7 +30,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -94,7 +94,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download artifacts uses: actions/download-artifact@v4 diff --git a/.github/workflows/publish-demos.yml b/.github/workflows/publish-demos.yml index 708a5ca5ef64..dfb5d14ab63b 100644 --- a/.github/workflows/publish-demos.yml +++ b/.github/workflows/publish-demos.yml @@ -16,7 +16,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -71,7 +71,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 @@ -171,7 +171,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 diff --git a/.github/workflows/qunit_tests.yml b/.github/workflows/qunit_tests.yml index 1c6cc437e9df..196ce9015b27 100644 --- a/.github/workflows/qunit_tests.yml +++ b/.github/workflows/qunit_tests.yml @@ -39,7 +39,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/renovation.yml b/.github/workflows/renovation.yml index 717b8e36e1b2..2d49c4937ddc 100644 --- a/.github/workflows/renovation.yml +++ b/.github/workflows/renovation.yml @@ -25,7 +25,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/run-testcafe-on-gh-pages.yml b/.github/workflows/run-testcafe-on-gh-pages.yml index cdc34f0c96a2..e9feb81424c2 100644 --- a/.github/workflows/run-testcafe-on-gh-pages.yml +++ b/.github/workflows/run-testcafe-on-gh-pages.yml @@ -26,7 +26,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Checkout gh-pages branch uses: actions/checkout@v4 diff --git a/.github/workflows/styles.yml b/.github/workflows/styles.yml index 00d357f5d184..98a3e1f4c4e5 100644 --- a/.github/workflows/styles.yml +++ b/.github/workflows/styles.yml @@ -25,7 +25,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/testcafe_tests.yml b/.github/workflows/testcafe_tests.yml index dd2351b19094..f372dac03f4d 100644 --- a/.github/workflows/testcafe_tests.yml +++ b/.github/workflows/testcafe_tests.yml @@ -43,7 +43,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -144,10 +144,10 @@ jobs: # with: # chrome-version: '145.0.7632.67' - # - name: Use Node.js - # uses: actions/setup-node@v4 - # with: - # node-version: '20' + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/themebuilder_tests.yml b/.github/workflows/themebuilder_tests.yml index b7bbe706945d..daee08cf25c1 100644 --- a/.github/workflows/themebuilder_tests.yml +++ b/.github/workflows/themebuilder_tests.yml @@ -26,7 +26,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/ts_declarations.yml b/.github/workflows/ts_declarations.yml index 58ad67c8860b..a922779fefff 100644 --- a/.github/workflows/ts_declarations.yml +++ b/.github/workflows/ts_declarations.yml @@ -22,7 +22,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -72,7 +72,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/update_version.yml b/.github/workflows/update_version.yml index 3fd2031c43a1..10c966ffd7c3 100644 --- a/.github/workflows/update_version.yml +++ b/.github/workflows/update_version.yml @@ -26,7 +26,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/wrapper_tests.yml b/.github/workflows/wrapper_tests.yml index 4b067bfb1e40..f2377abbf31e 100644 --- a/.github/workflows/wrapper_tests.yml +++ b/.github/workflows/wrapper_tests.yml @@ -23,7 +23,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -63,7 +63,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -117,7 +117,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.github/workflows/wrapper_tests_e2e.yml b/.github/workflows/wrapper_tests_e2e.yml index 15486fed98ad..6e826a16d8e9 100644 --- a/.github/workflows/wrapper_tests_e2e.yml +++ b/.github/workflows/wrapper_tests_e2e.yml @@ -29,7 +29,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -105,7 +105,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: diff --git a/.mise.toml b/.mise.toml new file mode 100644 index 000000000000..d088100a80b2 --- /dev/null +++ b/.mise.toml @@ -0,0 +1,7 @@ +[tools] +node = "24.15.0" +pnpm = "9.15.9" + +[hooks] +enter = "mise install" + diff --git a/.node-version b/.node-version new file mode 100644 index 000000000000..5bf4400f2292 --- /dev/null +++ b/.node-version @@ -0,0 +1 @@ +24.15.0 diff --git a/.npmrc b/.npmrc index ced9c5f510a0..77c180bd6b1b 100644 --- a/.npmrc +++ b/.npmrc @@ -1,4 +1,5 @@ link-workspace-packages=true prefer-workspace-packages=true save-workspace-protocol=false -package-manager-strict=false \ No newline at end of file +package-manager-strict=false +engine-strict=true diff --git a/.tool-versions b/.tool-versions index fd73f08c7531..7712cf3ddcdc 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1,2 +1,2 @@ dotnet 8 -nodejs 20.19.4 +nodejs 24.15.0 diff --git a/package.json b/package.json index c4bb615feb83..b5fd07e100c3 100644 --- a/package.json +++ b/package.json @@ -124,5 +124,8 @@ "@babel/plugin-transform-modules-systemjs@>=7.12.0 <7.29.4": "^7.29.4" } }, - "packageManager": "pnpm@9.15.4" + "packageManager": "pnpm@9.15.9", + "engines": { + "node": "24.15.0" + } } From 2e6d59ec6ab412337cc6167c7bec5660da1f6fb2 Mon Sep 17 00:00:00 2001 From: dmlvr Date: Fri, 15 May 2026 17:12:21 +0300 Subject: [PATCH 2/2] fix --- .github/workflows/demos_visual_tests.yml | 219 ----------------------- 1 file changed, 219 deletions(-) diff --git a/.github/workflows/demos_visual_tests.yml b/.github/workflows/demos_visual_tests.yml index 75631e5a02bf..aabc465f1e51 100644 --- a/.github/workflows/demos_visual_tests.yml +++ b/.github/workflows/demos_visual_tests.yml @@ -1079,222 +1079,3 @@ jobs: name: accessibility-reports-jquery pattern: accessibility-reports-* delete-merged: true - - csp-check-jquery: - name: CSP check (jQuery) - needs: [check-should-run, build-devextreme] - if: | - always() && - needs.check-should-run.outputs.should-run == 'true' && - needs.build-devextreme.result == 'success' - runs-on: devextreme-shr2 - timeout-minutes: 60 - - steps: - - name: Get sources - uses: actions/checkout@v4 - - - name: Download artifacts - uses: actions/download-artifact@v4 - with: - name: devextreme-artifacts-jquery - path: ./packages/devextreme - - - name: Unpack artifacts - working-directory: ./packages/devextreme - run: 7z x artifacts.zip -aoa - - - name: Setup Chrome - uses: ./.github/actions/setup-chrome - with: - chrome-version: '145.0.7632.67' - - - name: Use Node.js - uses: actions/setup-node@v4 - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@v4 - with: - run_install: false - - - name: Get pnpm store directory - shell: bash - run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - - - uses: actions/cache/restore@v4 - name: Restore pnpm cache - with: - path: ${{ env.STORE_PATH }} - key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-cache - - - name: Install dependencies - run: pnpm install --frozen-lockfile - - - name: Start CSP Server - run: node apps/demos/utils/server/csp-server.js 8080 & - - - name: Run CSP Check - working-directory: apps/demos - env: - CSP_FRAMEWORKS: jQuery - CHROME_PATH: google-chrome-stable - run: node utils/server/csp-check.js - - - name: Upload CSP report - if: always() - uses: actions/upload-artifact@v4 - with: - name: csp-violations-jquery - path: apps/demos/csp-reports/ - if-no-files-found: ignore - - csp-check-frameworks: - name: CSP check (${{ matrix.FRAMEWORK }}) - needs: [check-should-run, determine-framework-tests-scope, build-devextreme] - if: | - always() && - needs.check-should-run.outputs.should-run == 'true' && - needs.determine-framework-tests-scope.result == 'success' && - needs.determine-framework-tests-scope.outputs.framework-tests-scope != 'none' && - needs.build-devextreme.result == 'success' - strategy: - fail-fast: false - matrix: - FRAMEWORK: [React, Vue, Angular] - runs-on: devextreme-shr2 - timeout-minutes: 60 - - steps: - - name: Get sources - uses: actions/checkout@v4 - - - name: Download devextreme sources - uses: actions/download-artifact@v4 - with: - name: devextreme-sources - - - name: Setup Chrome - uses: ./.github/actions/setup-chrome - with: - chrome-version: '145.0.7632.67' - - - name: Use Node.js - uses: actions/setup-node@v4 - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@v4 - with: - run_install: false - - - name: Get pnpm store directory - shell: bash - run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - - - uses: actions/cache/restore@v4 - name: Restore pnpm cache - with: - path: ${{ env.STORE_PATH }} - key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-cache - - - name: Install dependencies - run: pnpm install --frozen-lockfile - - - name: Install tgz - working-directory: apps/demos - run: pnpm add ../../devextreme-installer.tgz ../../devextreme-dist-installer.tgz ../../devextreme-react-installer.tgz ../../devextreme-vue-installer.tgz ../../devextreme-angular-installer.tgz - - - name: Start CSP Server - run: node apps/demos/utils/server/csp-server.js 8080 & - - - name: Run CSP Check - working-directory: apps/demos - env: - CSP_FRAMEWORKS: ${{ matrix.FRAMEWORK }} - CHROME_PATH: google-chrome-stable - run: node utils/server/csp-check.js - - - name: Upload CSP report - if: always() - uses: actions/upload-artifact@v4 - with: - name: csp-violations-${{ matrix.FRAMEWORK }} - path: apps/demos/csp-reports/ - if-no-files-found: ignore - - csp-report-summary: - name: CSP Violations Summary - runs-on: devextreme-shr2 - needs: [check-should-run, csp-check-jquery, csp-check-frameworks] - if: always() && needs.check-should-run.outputs.should-run == 'true' - timeout-minutes: 5 - - steps: - - name: Get sources - uses: actions/checkout@v4 - - - name: Use Node.js - uses: actions/setup-node@v4 - with: - node-version-file: '.node-version' - - - name: Download all CSP reports - uses: actions/download-artifact@v4 - with: - pattern: csp-violations-* - path: csp-reports-all - merge-multiple: true - continue-on-error: true - - - name: Summarize CSP violations - run: | - mkdir -p apps/demos/csp-reports - - echo "## CSP Violations Report" >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - - GRAND_TOTAL=0 - for report in csp-reports-all/csp-violations-*.jsonl; do - [ -f "$report" ] || continue - FRAMEWORK=$(basename "$report" | sed 's/csp-violations-//;s/\.jsonl//') - cp "$report" "apps/demos/csp-reports/" - - if [ -s "$report" ]; then - COUNT=$(wc -l < "$report" | tr -d ' ') - GRAND_TOTAL=$((GRAND_TOTAL + COUNT)) - echo "### ⚠️ ${FRAMEWORK}: ${COUNT} violation(s)" >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - echo '
' >> $GITHUB_STEP_SUMMARY - echo 'Show detailed report' >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY - CSP_REPORT_FILE="$report" node apps/demos/utils/server/csp-report-summary.js >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - echo '
' >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - else - echo "### ✅ ${FRAMEWORK}: No violations" >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - fi - done - - if [ "$GRAND_TOTAL" -eq 0 ]; then - echo "✅ No CSP violations detected across all frameworks." - else - echo "⚠️ Total: $GRAND_TOTAL CSP violation(s)" - fi - - - name: Upload merged CSP reports - if: always() - uses: actions/upload-artifact@v4 - with: - name: csp-violations-report - path: apps/demos/csp-reports/ - if-no-files-found: ignore -