From 2d244ae820c57aa89939396650b8a3dde5177eeb Mon Sep 17 00:00:00 2001 From: Dmitry Lavrinovich <52966626+dmlvr@users.noreply.github.com> Date: Fri, 15 May 2026 16:53:17 +0300 Subject: [PATCH 1/3] Security: Update Node version (#33524) Co-authored-by: Andrei Kharitonov --- .github/actions/run-qunit-tests/action.yml | 7 +- .github/renovate.json | 3 +- .github/workflows/build_all.yml | 7 +- .github/workflows/codeql.yml | 2 +- .github/workflows/default_workflow.yml | 2 +- .github/workflows/demos_unit_tests.yml | 2 +- .github/workflows/demos_visual_tests.yml | 316 +++++++++++++++++- .github/workflows/lint.yml | 11 +- .github/workflows/packages_publishing.yml | 4 +- .github/workflows/playgrounds_tests.yml | 4 +- .github/workflows/publish-demos.yml | 6 +- .github/workflows/qunit_tests.yml | 2 +- .github/workflows/renovation.yml | 2 +- .../workflows/run-testcafe-on-gh-pages.yml | 2 +- .github/workflows/styles.yml | 2 +- .github/workflows/testcafe_tests.yml | 10 +- .github/workflows/themebuilder_tests.yml | 2 +- .github/workflows/ts_declarations.yml | 4 +- .github/workflows/update_version.yml | 2 +- .github/workflows/wrapper_tests.yml | 6 +- .github/workflows/wrapper_tests_e2e.yml | 4 +- .mise.toml | 7 + .node-version | 1 + .npmrc | 3 +- .tool-versions | 2 + package.json | 5 +- 26 files changed, 372 insertions(+), 46 deletions(-) create mode 100644 .mise.toml create mode 100644 .node-version create mode 100644 .tool-versions diff --git a/.github/actions/run-qunit-tests/action.yml b/.github/actions/run-qunit-tests/action.yml index 6b3b3a3d8b53..d3ef9a707c45 100644 --- a/.github/actions/run-qunit-tests/action.yml +++ b/.github/actions/run-qunit-tests/action.yml @@ -52,7 +52,12 @@ runs: rm -rf artifacts/npm 7z x artifacts.zip - - uses: pnpm/action-setup@v3 + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' + + - uses: pnpm/action-setup@v4 with: version: 9 run_install: false diff --git a/.github/renovate.json b/.github/renovate.json index 6b84afd4fef0..c273fb50f49d 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,6 +1,7 @@ { "extends": [ - "config:js-lib" + "config:js-lib", + "github>DevExpress/devextreme-renovate-config" ], "prConcurrentLimit": 2, "semanticCommits": "enabled", diff --git a/.github/workflows/build_all.yml b/.github/workflows/build_all.yml index b53bc32f313a..20da0fe2ded8 100644 --- a/.github/workflows/build_all.yml +++ b/.github/workflows/build_all.yml @@ -18,7 +18,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Set up .NET uses: actions/setup-dotnet@v4 @@ -67,6 +67,11 @@ jobs: - name: Get sources uses: actions/checkout@v4 + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' + - uses: pnpm/action-setup@v4 with: run_install: false diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9de8a476d5b4..1e57243dd4a2 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -19,7 +19,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/default_workflow.yml b/.github/workflows/default_workflow.yml index 1ddb7bfcbe36..4c952a3168ae 100644 --- a/.github/workflows/default_workflow.yml +++ b/.github/workflows/default_workflow.yml @@ -28,7 +28,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/demos_unit_tests.yml b/.github/workflows/demos_unit_tests.yml index 57390c31ace9..4b8e4469b501 100644 --- a/.github/workflows/demos_unit_tests.yml +++ b/.github/workflows/demos_unit_tests.yml @@ -41,7 +41,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/demos_visual_tests.yml b/.github/workflows/demos_visual_tests.yml index 703fa7c051f4..344505afa786 100644 --- a/.github/workflows/demos_visual_tests.yml +++ b/.github/workflows/demos_visual_tests.yml @@ -119,7 +119,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -209,7 +209,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 @@ -280,7 +280,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -350,7 +350,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v4 with: @@ -408,7 +408,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 @@ -472,6 +472,85 @@ jobs: exit 1 fi +<<<<<<< HEAD:.github/workflows/demos_visual_tests.yml +======= + check-generated-demos-all: + name: Check generated demos (${{ matrix.CONSTEL }}) + runs-on: devextreme-shr2 + timeout-minutes: 15 + needs: [check-should-run, build-devextreme, determine-framework-tests-scope] + if: | + always() && + needs.check-should-run.outputs.should-run == 'true' && + needs.determine-framework-tests-scope.result == 'success' && + needs.determine-framework-tests-scope.outputs.framework-tests-scope == 'all' && + needs.build-devextreme.result == 'success' + strategy: + fail-fast: false + matrix: + CONSTEL: ['1/5', '2/5', '3/5', '4/5', '5/5'] + + steps: + - name: Get sources + uses: actions/checkout@v4 + + - uses: pnpm/action-setup@v4 + with: + run_install: false + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' + + - name: Download devextreme sources + uses: actions/download-artifact@v4 + with: + name: devextreme-sources + + - name: Get pnpm store directory + shell: bash + run: | + echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - uses: actions/cache/restore@v4 + name: Restore pnpm cache + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-cache + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Install tgz + working-directory: apps/demos + run: pnpm add ../../devextreme-installer.tgz ../../devextreme-dist-installer.tgz ../../devextreme-react-installer.tgz ../../devextreme-vue-installer.tgz ../../devextreme-angular-installer.tgz + + - name: Prepare JS + working-directory: apps/demos + run: pnpm run prepare-js + + - name: Check generated JS demos + working-directory: apps/demos + env: + CONSTEL: ${{ matrix.CONSTEL }} + run: | + echo "Running convert-to-js for split $CONSTEL" + pnpm run convert-to-js + + git add ./Demos -N + + if git diff --exit-code . ':!package.json' ; then + echo "Generated JS demos are up-to-date for split $CONSTEL" + else + echo "Generated JS demos are outdated for split $CONSTEL. Execute 'pnpm run convert-to-js split' and commit changes." + echo "If you see another diff, ensure that extra listed files have LF endings." + exit 1 + fi + +>>>>>>> fac2dafe58 (Security: Update Node version (#33524)):.github/workflows/visual-tests-demos.yml testcafe-jquery: needs: [check-should-run, build-devextreme] if: | @@ -523,7 +602,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -689,7 +768,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 @@ -752,6 +831,8 @@ jobs: run: | if [[ "${{ matrix.CONSTEL }}" == react* ]]; then echo "concurrency=4" >> $GITHUB_OUTPUT + elif [[ "${{ matrix.CONSTEL }}" == vue* ]]; then + echo "concurrency=1" >> $GITHUB_OUTPUT elif [[ "${{ matrix.CONSTEL }}" == angular* ]]; then echo "concurrency=2" >> $GITHUB_OUTPUT else @@ -818,7 +899,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 @@ -965,3 +1046,222 @@ jobs: name: accessibility-reports-jquery pattern: accessibility-reports-* delete-merged: true + + csp-check-jquery: + name: CSP check (jQuery) + needs: [check-should-run, build-devextreme] + if: | + always() && + needs.check-should-run.outputs.should-run == 'true' && + needs.build-devextreme.result == 'success' + runs-on: devextreme-shr2 + timeout-minutes: 60 + + steps: + - name: Get sources + uses: actions/checkout@v4 + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: devextreme-artifacts-jquery + path: ./packages/devextreme + + - name: Unpack artifacts + working-directory: ./packages/devextreme + run: 7z x artifacts.zip -aoa + + - name: Setup Chrome + uses: ./.github/actions/setup-chrome + with: + chrome-version: '145.0.7632.67' + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' + + - uses: pnpm/action-setup@v4 + with: + run_install: false + + - name: Get pnpm store directory + shell: bash + run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - uses: actions/cache/restore@v4 + name: Restore pnpm cache + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-cache + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Start CSP Server + run: node apps/demos/utils/server/csp-server.js 8080 & + + - name: Run CSP Check + working-directory: apps/demos + env: + CSP_FRAMEWORKS: jQuery + CHROME_PATH: google-chrome-stable + run: node utils/server/csp-check.js + + - name: Upload CSP report + if: always() + uses: actions/upload-artifact@v4 + with: + name: csp-violations-jquery + path: apps/demos/csp-reports/ + if-no-files-found: ignore + + csp-check-frameworks: + name: CSP check (${{ matrix.FRAMEWORK }}) + needs: [check-should-run, determine-framework-tests-scope, build-devextreme] + if: | + always() && + needs.check-should-run.outputs.should-run == 'true' && + needs.determine-framework-tests-scope.result == 'success' && + needs.determine-framework-tests-scope.outputs.framework-tests-scope != 'none' && + needs.build-devextreme.result == 'success' + strategy: + fail-fast: false + matrix: + FRAMEWORK: [React, Vue, Angular] + runs-on: devextreme-shr2 + timeout-minutes: 60 + + steps: + - name: Get sources + uses: actions/checkout@v4 + + - name: Download devextreme sources + uses: actions/download-artifact@v4 + with: + name: devextreme-sources + + - name: Setup Chrome + uses: ./.github/actions/setup-chrome + with: + chrome-version: '145.0.7632.67' + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' + + - uses: pnpm/action-setup@v4 + with: + run_install: false + + - name: Get pnpm store directory + shell: bash + run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - uses: actions/cache/restore@v4 + name: Restore pnpm cache + with: + path: ${{ env.STORE_PATH }} + key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-cache + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Install tgz + working-directory: apps/demos + run: pnpm add ../../devextreme-installer.tgz ../../devextreme-dist-installer.tgz ../../devextreme-react-installer.tgz ../../devextreme-vue-installer.tgz ../../devextreme-angular-installer.tgz + + - name: Start CSP Server + run: node apps/demos/utils/server/csp-server.js 8080 & + + - name: Run CSP Check + working-directory: apps/demos + env: + CSP_FRAMEWORKS: ${{ matrix.FRAMEWORK }} + CHROME_PATH: google-chrome-stable + run: node utils/server/csp-check.js + + - name: Upload CSP report + if: always() + uses: actions/upload-artifact@v4 + with: + name: csp-violations-${{ matrix.FRAMEWORK }} + path: apps/demos/csp-reports/ + if-no-files-found: ignore + + csp-report-summary: + name: CSP Violations Summary + runs-on: devextreme-shr2 + needs: [check-should-run, csp-check-jquery, csp-check-frameworks] + if: always() && needs.check-should-run.outputs.should-run == 'true' + timeout-minutes: 5 + + steps: + - name: Get sources + uses: actions/checkout@v4 + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' + + - name: Download all CSP reports + uses: actions/download-artifact@v4 + with: + pattern: csp-violations-* + path: csp-reports-all + merge-multiple: true + continue-on-error: true + + - name: Summarize CSP violations + run: | + mkdir -p apps/demos/csp-reports + + echo "## CSP Violations Report" >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + + GRAND_TOTAL=0 + for report in csp-reports-all/csp-violations-*.jsonl; do + [ -f "$report" ] || continue + FRAMEWORK=$(basename "$report" | sed 's/csp-violations-//;s/\.jsonl//') + cp "$report" "apps/demos/csp-reports/" + + if [ -s "$report" ]; then + COUNT=$(wc -l < "$report" | tr -d ' ') + GRAND_TOTAL=$((GRAND_TOTAL + COUNT)) + echo "### ⚠️ ${FRAMEWORK}: ${COUNT} violation(s)" >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + echo '
' >> $GITHUB_STEP_SUMMARY + echo 'Show detailed report' >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + CSP_REPORT_FILE="$report" node apps/demos/utils/server/csp-report-summary.js >> $GITHUB_STEP_SUMMARY + echo '```' >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + echo '
' >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + else + echo "### ✅ ${FRAMEWORK}: No violations" >> $GITHUB_STEP_SUMMARY + echo '' >> $GITHUB_STEP_SUMMARY + fi + done + + if [ "$GRAND_TOTAL" -eq 0 ]; then + echo "✅ No CSP violations detected across all frameworks." + else + echo "⚠️ Total: $GRAND_TOTAL CSP violation(s)" + fi + + - name: Upload merged CSP reports + if: always() + uses: actions/upload-artifact@v4 + with: + name: csp-violations-report + path: apps/demos/csp-reports/ + if-no-files-found: ignore + diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index eeb8824dbfe4..3ddb11567c1f 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -26,7 +26,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -58,6 +58,7 @@ jobs: - name: Lint TS working-directory: ./packages/devextreme env: + NODE_OPTIONS: --max-old-space-size=4096 DEBUG: eslint:cli-engine run: pnpm exec nx lint-ts @@ -83,7 +84,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -128,7 +129,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -167,7 +168,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -217,7 +218,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/packages_publishing.yml b/.github/workflows/packages_publishing.yml index d9e68cd43bd6..ccccf7beb50c 100644 --- a/.github/workflows/packages_publishing.yml +++ b/.github/workflows/packages_publishing.yml @@ -36,7 +36,7 @@ jobs: - name: Set up nodejs uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -127,7 +127,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/playgrounds_tests.yml b/.github/workflows/playgrounds_tests.yml index 6ea79912f8ad..554f3d455a20 100644 --- a/.github/workflows/playgrounds_tests.yml +++ b/.github/workflows/playgrounds_tests.yml @@ -31,7 +31,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -97,7 +97,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download artifacts uses: actions/download-artifact@v4 diff --git a/.github/workflows/publish-demos.yml b/.github/workflows/publish-demos.yml index 8e1df20f9299..1eb3490b5d9d 100644 --- a/.github/workflows/publish-demos.yml +++ b/.github/workflows/publish-demos.yml @@ -16,7 +16,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -73,7 +73,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 @@ -175,7 +175,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Download devextreme sources uses: actions/download-artifact@v4 diff --git a/.github/workflows/qunit_tests.yml b/.github/workflows/qunit_tests.yml index 0db9f9304bbb..944eb4b42702 100644 --- a/.github/workflows/qunit_tests.yml +++ b/.github/workflows/qunit_tests.yml @@ -40,7 +40,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/renovation.yml b/.github/workflows/renovation.yml index b08b7fb97bbc..017f70115265 100644 --- a/.github/workflows/renovation.yml +++ b/.github/workflows/renovation.yml @@ -26,7 +26,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/run-testcafe-on-gh-pages.yml b/.github/workflows/run-testcafe-on-gh-pages.yml index 5a228b3c929d..3222cfdf9e24 100644 --- a/.github/workflows/run-testcafe-on-gh-pages.yml +++ b/.github/workflows/run-testcafe-on-gh-pages.yml @@ -26,7 +26,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - name: Checkout gh-pages branch uses: actions/checkout@v4 diff --git a/.github/workflows/styles.yml b/.github/workflows/styles.yml index 92db8a97c629..732e70b8c4c7 100644 --- a/.github/workflows/styles.yml +++ b/.github/workflows/styles.yml @@ -26,7 +26,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/testcafe_tests.yml b/.github/workflows/testcafe_tests.yml index 61a603355b07..3dde4f2eb462 100644 --- a/.github/workflows/testcafe_tests.yml +++ b/.github/workflows/testcafe_tests.yml @@ -44,7 +44,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -152,10 +152,10 @@ jobs: # with: # chrome-version: '145.0.7632.67' - # - name: Use Node.js - # uses: actions/setup-node@v4 - # with: - # node-version: '20' + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/themebuilder_tests.yml b/.github/workflows/themebuilder_tests.yml index 9b2059e7490c..b3c14fa9ba20 100644 --- a/.github/workflows/themebuilder_tests.yml +++ b/.github/workflows/themebuilder_tests.yml @@ -27,7 +27,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/ts_declarations.yml b/.github/workflows/ts_declarations.yml index 04db45f56664..356cf0a1fe3b 100644 --- a/.github/workflows/ts_declarations.yml +++ b/.github/workflows/ts_declarations.yml @@ -22,7 +22,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -74,7 +74,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/update_version.yml b/.github/workflows/update_version.yml index 56105943cc30..2a64eb930cc6 100644 --- a/.github/workflows/update_version.yml +++ b/.github/workflows/update_version.yml @@ -26,7 +26,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/wrapper_tests.yml b/.github/workflows/wrapper_tests.yml index 8ba264e3f047..b29407296a46 100644 --- a/.github/workflows/wrapper_tests.yml +++ b/.github/workflows/wrapper_tests.yml @@ -24,7 +24,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -66,7 +66,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -122,7 +122,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.github/workflows/wrapper_tests_e2e.yml b/.github/workflows/wrapper_tests_e2e.yml index bfa75e96d38a..ecf1c0549e59 100644 --- a/.github/workflows/wrapper_tests_e2e.yml +++ b/.github/workflows/wrapper_tests_e2e.yml @@ -30,7 +30,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: @@ -108,7 +108,7 @@ jobs: - name: Use Node.js uses: actions/setup-node@v4 with: - node-version: '20' + node-version-file: '.node-version' - uses: pnpm/action-setup@v3 with: diff --git a/.mise.toml b/.mise.toml new file mode 100644 index 000000000000..d088100a80b2 --- /dev/null +++ b/.mise.toml @@ -0,0 +1,7 @@ +[tools] +node = "24.15.0" +pnpm = "9.15.9" + +[hooks] +enter = "mise install" + diff --git a/.node-version b/.node-version new file mode 100644 index 000000000000..5bf4400f2292 --- /dev/null +++ b/.node-version @@ -0,0 +1 @@ +24.15.0 diff --git a/.npmrc b/.npmrc index ced9c5f510a0..77c180bd6b1b 100644 --- a/.npmrc +++ b/.npmrc @@ -1,4 +1,5 @@ link-workspace-packages=true prefer-workspace-packages=true save-workspace-protocol=false -package-manager-strict=false \ No newline at end of file +package-manager-strict=false +engine-strict=true diff --git a/.tool-versions b/.tool-versions new file mode 100644 index 000000000000..7712cf3ddcdc --- /dev/null +++ b/.tool-versions @@ -0,0 +1,2 @@ +dotnet 8 +nodejs 24.15.0 diff --git a/package.json b/package.json index 651be16504bb..d1b610560e7b 100644 --- a/package.json +++ b/package.json @@ -139,5 +139,8 @@ "caniuse-lite": "1.0.30001788" } }, - "packageManager": "pnpm@9.15.4" + "packageManager": "pnpm@9.15.9", + "engines": { + "node": "24.15.0" + } } From 9673189c95f17feaa9e75b0a1c0c1f97a0ad4243 Mon Sep 17 00:00:00 2001 From: dmlvr Date: Fri, 15 May 2026 17:09:33 +0300 Subject: [PATCH 2/3] fix --- .github/workflows/demos_visual_tests.yml | 79 ------------------------ 1 file changed, 79 deletions(-) diff --git a/.github/workflows/demos_visual_tests.yml b/.github/workflows/demos_visual_tests.yml index 344505afa786..debe5030369f 100644 --- a/.github/workflows/demos_visual_tests.yml +++ b/.github/workflows/demos_visual_tests.yml @@ -472,85 +472,6 @@ jobs: exit 1 fi -<<<<<<< HEAD:.github/workflows/demos_visual_tests.yml -======= - check-generated-demos-all: - name: Check generated demos (${{ matrix.CONSTEL }}) - runs-on: devextreme-shr2 - timeout-minutes: 15 - needs: [check-should-run, build-devextreme, determine-framework-tests-scope] - if: | - always() && - needs.check-should-run.outputs.should-run == 'true' && - needs.determine-framework-tests-scope.result == 'success' && - needs.determine-framework-tests-scope.outputs.framework-tests-scope == 'all' && - needs.build-devextreme.result == 'success' - strategy: - fail-fast: false - matrix: - CONSTEL: ['1/5', '2/5', '3/5', '4/5', '5/5'] - - steps: - - name: Get sources - uses: actions/checkout@v4 - - - uses: pnpm/action-setup@v4 - with: - run_install: false - - - name: Use Node.js - uses: actions/setup-node@v4 - with: - node-version-file: '.node-version' - - - name: Download devextreme sources - uses: actions/download-artifact@v4 - with: - name: devextreme-sources - - - name: Get pnpm store directory - shell: bash - run: | - echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - - - uses: actions/cache/restore@v4 - name: Restore pnpm cache - with: - path: ${{ env.STORE_PATH }} - key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-cache - - - name: Install dependencies - run: pnpm install --frozen-lockfile - - - name: Install tgz - working-directory: apps/demos - run: pnpm add ../../devextreme-installer.tgz ../../devextreme-dist-installer.tgz ../../devextreme-react-installer.tgz ../../devextreme-vue-installer.tgz ../../devextreme-angular-installer.tgz - - - name: Prepare JS - working-directory: apps/demos - run: pnpm run prepare-js - - - name: Check generated JS demos - working-directory: apps/demos - env: - CONSTEL: ${{ matrix.CONSTEL }} - run: | - echo "Running convert-to-js for split $CONSTEL" - pnpm run convert-to-js - - git add ./Demos -N - - if git diff --exit-code . ':!package.json' ; then - echo "Generated JS demos are up-to-date for split $CONSTEL" - else - echo "Generated JS demos are outdated for split $CONSTEL. Execute 'pnpm run convert-to-js split' and commit changes." - echo "If you see another diff, ensure that extra listed files have LF endings." - exit 1 - fi - ->>>>>>> fac2dafe58 (Security: Update Node version (#33524)):.github/workflows/visual-tests-demos.yml testcafe-jquery: needs: [check-should-run, build-devextreme] if: | From f8ea96aa5766119841a0f42a14a004a099b15877 Mon Sep 17 00:00:00 2001 From: dmlvr Date: Fri, 15 May 2026 17:11:00 +0300 Subject: [PATCH 3/3] fix --- .github/workflows/demos_visual_tests.yml | 219 ----------------------- 1 file changed, 219 deletions(-) diff --git a/.github/workflows/demos_visual_tests.yml b/.github/workflows/demos_visual_tests.yml index debe5030369f..5a50c3e644cf 100644 --- a/.github/workflows/demos_visual_tests.yml +++ b/.github/workflows/demos_visual_tests.yml @@ -967,222 +967,3 @@ jobs: name: accessibility-reports-jquery pattern: accessibility-reports-* delete-merged: true - - csp-check-jquery: - name: CSP check (jQuery) - needs: [check-should-run, build-devextreme] - if: | - always() && - needs.check-should-run.outputs.should-run == 'true' && - needs.build-devextreme.result == 'success' - runs-on: devextreme-shr2 - timeout-minutes: 60 - - steps: - - name: Get sources - uses: actions/checkout@v4 - - - name: Download artifacts - uses: actions/download-artifact@v4 - with: - name: devextreme-artifacts-jquery - path: ./packages/devextreme - - - name: Unpack artifacts - working-directory: ./packages/devextreme - run: 7z x artifacts.zip -aoa - - - name: Setup Chrome - uses: ./.github/actions/setup-chrome - with: - chrome-version: '145.0.7632.67' - - - name: Use Node.js - uses: actions/setup-node@v4 - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@v4 - with: - run_install: false - - - name: Get pnpm store directory - shell: bash - run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - - - uses: actions/cache/restore@v4 - name: Restore pnpm cache - with: - path: ${{ env.STORE_PATH }} - key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-cache - - - name: Install dependencies - run: pnpm install --frozen-lockfile - - - name: Start CSP Server - run: node apps/demos/utils/server/csp-server.js 8080 & - - - name: Run CSP Check - working-directory: apps/demos - env: - CSP_FRAMEWORKS: jQuery - CHROME_PATH: google-chrome-stable - run: node utils/server/csp-check.js - - - name: Upload CSP report - if: always() - uses: actions/upload-artifact@v4 - with: - name: csp-violations-jquery - path: apps/demos/csp-reports/ - if-no-files-found: ignore - - csp-check-frameworks: - name: CSP check (${{ matrix.FRAMEWORK }}) - needs: [check-should-run, determine-framework-tests-scope, build-devextreme] - if: | - always() && - needs.check-should-run.outputs.should-run == 'true' && - needs.determine-framework-tests-scope.result == 'success' && - needs.determine-framework-tests-scope.outputs.framework-tests-scope != 'none' && - needs.build-devextreme.result == 'success' - strategy: - fail-fast: false - matrix: - FRAMEWORK: [React, Vue, Angular] - runs-on: devextreme-shr2 - timeout-minutes: 60 - - steps: - - name: Get sources - uses: actions/checkout@v4 - - - name: Download devextreme sources - uses: actions/download-artifact@v4 - with: - name: devextreme-sources - - - name: Setup Chrome - uses: ./.github/actions/setup-chrome - with: - chrome-version: '145.0.7632.67' - - - name: Use Node.js - uses: actions/setup-node@v4 - with: - node-version-file: '.node-version' - - - uses: pnpm/action-setup@v4 - with: - run_install: false - - - name: Get pnpm store directory - shell: bash - run: echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV - - - uses: actions/cache/restore@v4 - name: Restore pnpm cache - with: - path: ${{ env.STORE_PATH }} - key: ${{ runner.os }}-pnpm-cache-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-cache - - - name: Install dependencies - run: pnpm install --frozen-lockfile - - - name: Install tgz - working-directory: apps/demos - run: pnpm add ../../devextreme-installer.tgz ../../devextreme-dist-installer.tgz ../../devextreme-react-installer.tgz ../../devextreme-vue-installer.tgz ../../devextreme-angular-installer.tgz - - - name: Start CSP Server - run: node apps/demos/utils/server/csp-server.js 8080 & - - - name: Run CSP Check - working-directory: apps/demos - env: - CSP_FRAMEWORKS: ${{ matrix.FRAMEWORK }} - CHROME_PATH: google-chrome-stable - run: node utils/server/csp-check.js - - - name: Upload CSP report - if: always() - uses: actions/upload-artifact@v4 - with: - name: csp-violations-${{ matrix.FRAMEWORK }} - path: apps/demos/csp-reports/ - if-no-files-found: ignore - - csp-report-summary: - name: CSP Violations Summary - runs-on: devextreme-shr2 - needs: [check-should-run, csp-check-jquery, csp-check-frameworks] - if: always() && needs.check-should-run.outputs.should-run == 'true' - timeout-minutes: 5 - - steps: - - name: Get sources - uses: actions/checkout@v4 - - - name: Use Node.js - uses: actions/setup-node@v4 - with: - node-version-file: '.node-version' - - - name: Download all CSP reports - uses: actions/download-artifact@v4 - with: - pattern: csp-violations-* - path: csp-reports-all - merge-multiple: true - continue-on-error: true - - - name: Summarize CSP violations - run: | - mkdir -p apps/demos/csp-reports - - echo "## CSP Violations Report" >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - - GRAND_TOTAL=0 - for report in csp-reports-all/csp-violations-*.jsonl; do - [ -f "$report" ] || continue - FRAMEWORK=$(basename "$report" | sed 's/csp-violations-//;s/\.jsonl//') - cp "$report" "apps/demos/csp-reports/" - - if [ -s "$report" ]; then - COUNT=$(wc -l < "$report" | tr -d ' ') - GRAND_TOTAL=$((GRAND_TOTAL + COUNT)) - echo "### ⚠️ ${FRAMEWORK}: ${COUNT} violation(s)" >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - echo '
' >> $GITHUB_STEP_SUMMARY - echo 'Show detailed report' >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY - CSP_REPORT_FILE="$report" node apps/demos/utils/server/csp-report-summary.js >> $GITHUB_STEP_SUMMARY - echo '```' >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - echo '
' >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - else - echo "### ✅ ${FRAMEWORK}: No violations" >> $GITHUB_STEP_SUMMARY - echo '' >> $GITHUB_STEP_SUMMARY - fi - done - - if [ "$GRAND_TOTAL" -eq 0 ]; then - echo "✅ No CSP violations detected across all frameworks." - else - echo "⚠️ Total: $GRAND_TOTAL CSP violation(s)" - fi - - - name: Upload merged CSP reports - if: always() - uses: actions/upload-artifact@v4 - with: - name: csp-violations-report - path: apps/demos/csp-reports/ - if-no-files-found: ignore -