Open
Conversation
- Removed duplicate @typescript-eslint/utils dependency in frontend/package.json - Updated TypeScript version from 5.9.3 to 6.0.1-rc in frontend/package.json and package.json - Adjusted ResizeObserver mock to use globalThis in tests - Modified tsconfig.json and tsconfig.node.json to include empty types array - Cleaned up package-lock.json to reflect TypeScript version change and updated dev dependencies
- Updated @eslint/js and eslint to version 10.0.0 in package.json. - Adjusted overrides for eslint-plugin-react-hooks, eslint-plugin-jsx-a11y, and eslint-plugin-promise to ensure compatibility with ESLint v10. - Modified lefthook.yml to reflect the upgrade and noted the need for plugin support for ESLint v10.
- Bump versions of @vitejs/plugin-react, @vitest/coverage-istanbul, @vitest/coverage-v8, and @vitest/ui to their beta releases. - Upgrade Vite and Vitest to their respective beta versions. - Adjust Vite configuration to disable code splitting for improved React initialization stability.
…n-major-updates fix(deps): update non-major-updates (feature/beta-release)
…es to latest versions
…n-major-updates chore(deps): update non-major-updates (feature/beta-release)
…ci to version 7.23.0
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Contributor
✅ Supply Chain Verification Results✅ PASSED 📦 SBOM Summary
🔍 Vulnerability Scan
📎 Artifacts
Generated by Supply Chain Verification workflow • View Details |
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
- Updated the notification provider types to include 'slack'. - Modified API tests to handle 'slack' as a valid provider type. - Enhanced frontend forms to display Slack-specific fields (webhook URL and channel name). - Implemented CRUD operations for Slack providers, ensuring proper payload structure. - Added E2E tests for Slack notification provider, covering form rendering, validation, and security checks. - Updated translations to include Slack-related text. - Ensured that sensitive information (like tokens) is not exposed in API responses.
…er dependency for @rolldown/plugin-babel
…r Nebula ECDSA signature malleability
…n-major-updates chore(deps): update non-major-updates (feature/beta-release)
…verification workflow
…e-non-major-updates
…n-major-updates chore(deps): update non-major-updates (feature/beta-release)
…lease-drafter-release-drafter-7.x chore(deps): update release-drafter/release-drafter action to v7 (feature/beta-release)
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a first-class Slack notification provider across the frontend, backend, tests, and documentation, alongside supporting CI/security and container/runtime adjustments (notably curl→wget) and a TypeScript/Vite toolchain upgrade.
Changes:
- Implement Slack provider support end-to-end (UI, API contracts, feature flag gating, JSON template dispatch).
- Expand/adjust unit + E2E test suites and documentation to cover Slack provider behavior and token secrecy requirements.
- Update container/scripts/CI tooling (curl→wget, httpbin image swap, semgrep hook behavior, supply-chain workflow hardening) and upgrade TS/Vite/ESLint dependencies.
Reviewed changes
Copilot reviewed 63 out of 66 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/settings/telegram-notification-provider.spec.ts | Adjusts GET-token exposure test to avoid response race by capturing mocked route body. |
| tests/settings/notifications.spec.ts | Updates providers list E2E expectations and adds Slack to provider type options. |
| tests/settings/notifications-payload.spec.ts | Extends payload matrix to include Slack and captures preview/test request payloads. |
| scripts/waf_integration.sh | Switches httpbin image and curl→wget readiness probe; extends readiness wait. |
| scripts/rate_limit_integration.sh | Switches httpbin image and curl→wget readiness probe; extends readiness wait. |
| scripts/pre-commit-hooks/semgrep-scan.sh | Expands Semgrep default configs to include JS/React/secrets rulesets. |
| scripts/diagnose-test-env.sh | Replaces curl with wget for CrowdSec health diagnostics inside container. |
| scripts/crowdsec_startup_test.sh | Replaces curl with wget for CrowdSec LAPI health check inside container. |
| scripts/coraza_integration.sh | Switches backend httpbin image and replaces curl with wget for readiness probe. |
| scripts/cerberus_integration.sh | Switches backend httpbin image and replaces curl with wget for readiness probe; extends readiness wait. |
| package.json | Moves TypeScript/Vite to devDependencies and bumps toolchain versions. |
| lefthook.yml | Updates ESLint hook notes and adds Semgrep scanning to pre-commit with broader globs. |
| go.work.sum | Updates workspace sums (golang.org/x/term). |
| frontend/vite.config.ts | Updates Vite build config for Rolldown options and disables code splitting. |
| frontend/tsconfig.node.json | Adds types: [] to reduce implicit global type inclusion. |
| frontend/tsconfig.json | Adds types: [] and removes DOM.Iterable from lib list. |
| frontend/src/test/setup.ts | Uses globalThis.ResizeObserver for compatibility in test environment. |
| frontend/src/pages/tests/Notifications.test.tsx | Adds Slack type support tests and updates supported provider list expectations. |
| frontend/src/pages/Notifications.tsx | Adds Slack provider UI, payload normalization, and JSON template support wiring. |
| frontend/src/locales/en/translation.json | Adds Slack-specific UI strings (webhook URL + optional channel name labels). |
| frontend/src/components/tests/SecurityNotificationSettingsModal.test.tsx | Updates provider type option expectations to include Slack. |
| frontend/src/components/tests/AccessListForm.test.tsx | Uses globalThis.ResizeObserver for test environment compatibility. |
| frontend/src/api/notifications.ts | Adds Slack to supported provider types and preserves token semantics for Slack. |
| frontend/src/api/notifications.test.ts | Updates “unsupported type” test case away from Slack (now supported). |
| frontend/src/api/tests/notifications.test.ts | Updates “unsupported type” test case away from Slack (now supported). |
| frontend/package.json | Upgrades frontend toolchain deps and adds overrides for ESLint v10 / TS 6 RC compatibility. |
| docs/reports/qa_report_ts6_upgrade_2026-03-11.md | Adds QA report for TS 6.0.1-rc upgrade verification. |
| docs/reports/qa_report.md | Updates QA report content to focus on integration script remediation. |
| docs/plans/archive/cve_remediation_spec.md | Adds archived plan describing CVE remediation strategy (curl/binutils removal, grype expiry). |
| docs/issues/vite-8-beta-manual-testing.md | Adds manual testing checklist for Vite 8 (Rolldown) migration. |
| docs/issues/slack-manual-testing.md | Adds manual testing plan for Slack provider (delivery + security expectations). |
| docs/getting-started.md | Documents required secrets for stable sessions/encryption and updates install examples. |
| docs/features/notifications.md | Documents Slack provider and JSON template support (plus service capability table). |
| backend/internal/services/notification_service_json_test.go | Updates Slack JSON dispatch unit test to use token-as-webhook semantics. |
| backend/internal/services/notification_service_discord_only_test.go | Adjusts discord-only restrictions now that Slack is supported. |
| backend/internal/services/notification_service.go | Adds Slack support (dispatch enable flag, webhook validation, token-based dispatch URL, payload normalization). |
| backend/internal/notifications/feature_flags.go | Adds Slack feature flag key. |
| backend/internal/api/handlers/notification_provider_handler.go | Adds Slack support to CRUD/test logic and Slack-specific test failure classification. |
| backend/internal/api/handlers/notification_provider_discord_only_test.go | Updates expectations to allow Slack creation under current rules. |
| backend/internal/api/handlers/notification_provider_blocker3_test.go | Updates expectations to allow Slack creation under current rules. |
| backend/internal/api/handlers/notification_coverage_test.go | Adds coverage tests for Slack classification and token write-only enforcement. |
| backend/go.sum | Bumps Go deps (x/crypto, x/net, goccy/go-json). |
| backend/go.mod | Bumps Go deps (x/crypto, x/net, goccy/go-json). |
| Dockerfile | Removes curl/binutils from runtime, replaces runtime wget usage for GeoIP + HEALTHCHECK, bumps caddy-security. |
| CHANGELOG.md | Adds Slack provider entry and references docs. |
| ARCHITECTURE.md | Updates documented frontend/tooling versions and config filename reference. |
| .grype.yaml | Removes zlib suppression and extends nebula suppression expiry with updated commentary. |
| .github/workflows/waf-integration.yml | Passes CI build arg into Docker build for CI-aware image behavior. |
| .github/workflows/supply-chain-pr.yml | Makes PR comment posting more permission-tolerant and non-fatal on failures. |
| .github/workflows/security-pr.yml | Updates pinned action SHAs for artifact download and SARIF upload. |
| .github/workflows/rate-limit-integration.yml | Passes CI build arg into Docker build for CI-aware image behavior. |
| .github/workflows/crowdsec-integration.yml | Passes CI build arg into Docker build for CI-aware image behavior. |
| .github/workflows/cerberus-integration.yml | Passes CI build arg into Docker build for CI-aware image behavior. |
| .github/workflows/auto-changelog.yml | Updates pinned release-drafter action SHA (v7). |
| .docker/docker-entrypoint.sh | Replaces curl with wget for Caddy admin API readiness probe. |
| .docker/compose/docker-compose.yml | Replaces curl with wget in container healthcheck. |
| .docker/compose/docker-compose.playwright-local.yml | Replaces curl with wget in container healthcheck. |
| .docker/compose/docker-compose.playwright-ci.yml | Replaces curl with wget in container healthcheck. |
| .docker/compose/docker-compose.local.yml | Replaces curl with wget in container healthcheck. |
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
+412
to
+416
| let resolveRouteBody: (data: Array<Record<string, unknown>>) => void; | ||
| const routeBodyPromise = new Promise<Array<Record<string, unknown>>>((resolve) => { | ||
| resolveRouteBody = resolve; | ||
| }); | ||
|
|
Comment on lines
+193
to
+196
| origValidate := validateSlackProviderURLFunc | ||
| defer func() { validateSlackProviderURLFunc = origValidate }() | ||
| validateSlackProviderURLFunc = func(rawURL string) error { return nil } | ||
|
|
Comment on lines
+139
to
+143
| if strings.Contains(errText, "invalid_payload") || | ||
| strings.Contains(errText, "missing_text_or_fallback") { | ||
| return "PROVIDER_TEST_VALIDATION_FAILED", "validation", | ||
| "Slack rejected the payload. Ensure your template includes a 'text' or 'blocks' field" | ||
| } |
| return nil | ||
| } | ||
|
|
||
| var validateSlackProviderURLFunc = validateSlackWebhookURL |
| |---------|----------------|------------|-----------------| | ||
| | **Discord** | ✅ Yes | ✅ Webhooks | ✅ Embeds | | ||
| | **Gotify** | ✅ Yes | ✅ HTTP API | ✅ Priority + Extras | | ||
| | **Discord** | ✅ Yes | ✅ Webhooks | ✅ Embeds || **Slack** | ✅ Yes | ✅ Webhooks | ✅ Native Formatting || **Gotify** | ✅ Yes | ✅ HTTP API | ✅ Priority + Extras | |
| ARG CI | ||
| ARG GEOLITE2_COUNTRY_SHA256=b79afc28a0a52f89c15e8d92b05c173f314dd4f687719f96cf921012d900fcce | ||
| RUN mkdir -p /app/data/geoip && \ | ||
| if [ -n "$CI" ]; then \ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.