[WIP] Update express dependency from 5.1.0 to 5.2.1 #16587
Closed
+367,640
−2,371
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- We should not remove a border or any schema-connected style from the theme. Rather, we should update the variable in the schema, which in this case is already done.
…-2025 Update ROADMAP 02 Oct 2025
--------- Co-authored-by: Radoslav Karaivanov <rkaraivanov@infragistics.com>
* Update Node.js version matrix in workflow * ci(node 22): adding flag only for 22.x
feat(security): removing redundant config
…dates Bumps the npm_and_yarn group with 3 updates in the / directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite), [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) and [tar-fs](https://github.com/mafintosh/tar-fs). Updates `vite` from 6.3.5 to 6.3.6 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.3.6/packages/vite) Updates `astro` from 5.9.4 to 5.14.4 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/astro@5.14.4/packages/astro) Updates `devalue` from 5.1.1 to 5.3.2 - [Release notes](https://github.com/sveltejs/devalue/releases) - [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md) - [Commits](sveltejs/devalue@v5.1.1...v5.3.2) Updates `tar-fs` from 3.0.9 to 3.1.1 - [Commits](mafintosh/tar-fs@v3.0.9...v3.1.1) --- updated-dependencies: - dependency-name: vite dependency-version: 6.3.6 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: astro dependency-version: 5.14.4 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: devalue dependency-version: 5.3.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tar-fs dependency-version: 3.1.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
…in permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…nd_yarn-cd51770618 chore(deps): bump the npm_and_yarn group across 1 directory with 4 updates
…in permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
…n permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Potential fix for code scanning alert no. 15: Workflow does not contain permissions
Potential fix for code scanning alert no. 11: Workflow does not contain permissions
Potential fix for code scanning alert no. 9: Workflow does not contain permissions
chore(*): updating packages
Mass merging 20.1.x to master
fix(i18n): update calendar resource strings for multiple languages - master
fix(stepper): step separator styles
docs(grid): updating the README for the grid
fix(list): styling discrepancies
Updated migration command in CHANGELOG.md to remove the migrate-imports option.
Member
|
@copilot, can you do this against the https://github.com/IgniteUI/igniteui-angular/tree/20.1.x branch? |
Co-authored-by: Lipata <2621802+Lipata@users.noreply.github.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| } | ||
| }; | ||
|
|
||
| const listener = (event) => run(event.data); |
Check warning
Code scanning / CodeQL
Missing origin verification in `postMessage` handler Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 days ago
The best way to fix this problem is to ensure that the 'message' event handler (listener) only processes messages where event.origin matches the origin of the current page (i.e., window.location.protocol + '//' + window.location.host). This can be done by adding an if check at the start of the listener function so that messages from other origins are ignored.
Specifically:
- Only process the message if
event.origin === window.location.protocol + '//' + window.location.host. - Place this check at the beginning of the
listenerfunction (project fileprojects/igniteui-angular/src/lib/core/setImmediate.ts, around line 43). - No new imports or external dependencies are needed; all necessary data is available via the DOM API.
- No changes to the queueing logic or postMessage calls; just restrict the message handling.
Suggested changeset
1
projects/igniteui-angular/src/lib/core/setImmediate.ts
| @@ -40,7 +40,13 @@ | ||
| } | ||
| }; | ||
|
|
||
| const listener = (event) => run(event.data); | ||
| const listener = (event) => { | ||
| const currentOrigin = window.location.protocol + '//' + window.location.host; | ||
| if (event.origin !== currentOrigin) { | ||
| return; | ||
| } | ||
| run(event.data); | ||
| }; | ||
|
|
||
| // Use function instead of arrow function to workaround an issue in codesandbox | ||
| export function setImmediate(cb: () => void, ...args) { |
Copilot is powered by AI and may make mistakes. Always verify output.
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
| name: 'true', | ||
| isUnary: true, | ||
| iconName: 'filter_true', | ||
| logic: (target: boolean) => !!(target && target !== null && target !== undefined) |
| name: 'true', | ||
| isUnary: true, | ||
| iconName: 'filter_true', | ||
| logic: (target: boolean) => !!(target && target !== null && target !== undefined) |
|
|
||
| function groupBy<T>(data: T[], key: keyof T | ((item: T) => any)) { | ||
| const result: Record<string, T[]> = {}; | ||
| const _get = typeof key === 'function' ? key : (item: T) => item[key]; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR bumps the
expressdependency from version 5.1.0 to 5.2.1 for the 20.1.x branch.Changes made:
package.json: Updated express from^5.1.0to^5.2.1package-lock.json: Updated to reflect the new express version and its dependenciesSecurity notes:
Build notes:
igniteui-webcomponentsversion compatibilityOriginal prompt
💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.